Marcus Updateinfo to OVAL Converter5.52026-04-14T06:53:30apparmor-parser-2.13.4-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the apparmor-parser-2.13.4-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDcpe:/o:suse:suse-microos:5.0augeas-1.10.1-1.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the augeas-1.10.1-1.11 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2012-0786 at SUSECVE-2012-0786 at NVDCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:suse-microos:5.0bash-4.4-9.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the bash-4.4-9.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:suse-microos:5.0btrfsmaintenance-0.4.2-1.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the btrfsmaintenance-0.4.2-1.11 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:suse-microos:5.0chrony-3.2-9.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the chrony-3.2-9.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDcpe:/o:suse:suse-microos:5.0cni-plugins-0.8.6-3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDcpe:/o:suse:suse-microos:5.0containerd-1.3.9-5.29.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the containerd-1.3.9-5.29.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDcpe:/o:suse:suse-microos:5.0coreutils-8.29-2.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the coreutils-8.29-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-0221 at SUSECVE-2013-0221 at NVDCVE-2013-0222 at SUSECVE-2013-0222 at NVDCVE-2013-0223 at SUSECVE-2013-0223 at NVDCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:suse-microos:5.0cpio-2.12-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the cpio-2.12-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDcpe:/o:suse:suse-microos:5.0cracklib-2.9.7-11.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the cracklib-2.9.7-11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:suse-microos:5.0curl-7.66.0-4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the curl-7.66.0-4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDcpe:/o:suse:suse-microos:5.0dbus-1-1.12.2-8.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the dbus-1-1.12.2-8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDcpe:/o:suse:suse-microos:5.0dbus-1-glib-0.108-1.29 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the dbus-1-glib-0.108-1.29 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2010-1172 at SUSECVE-2010-1172 at NVDCVE-2013-0292 at SUSECVE-2013-0292 at NVDcpe:/o:suse:suse-microos:5.0docker-19.03.15_ce-6.46.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the docker-19.03.15_ce-6.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDcpe:/o:suse:suse-microos:5.0docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDcpe:/o:suse:suse-microos:5.0docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDcpe:/o:suse:suse-microos:5.0dracut-049.1+suse.186.g320cc3d1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the dracut-049.1+suse.186.g320cc3d1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:suse-microos:5.0e2fsprogs-1.43.8-4.23.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the e2fsprogs-1.43.8-4.23.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDcpe:/o:suse:suse-microos:5.0elfutils-0.168-4.5.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2017-7607 at SUSECVE-2017-7607 at NVDCVE-2017-7608 at SUSECVE-2017-7608 at NVDCVE-2017-7609 at SUSECVE-2017-7609 at NVDCVE-2017-7610 at SUSECVE-2017-7610 at NVDCVE-2017-7611 at SUSECVE-2017-7611 at NVDCVE-2017-7612 at SUSECVE-2017-7612 at NVDCVE-2017-7613 at SUSECVE-2017-7613 at NVDCVE-2018-16062 at SUSECVE-2018-16062 at NVDCVE-2018-16402 at SUSECVE-2018-16402 at NVDCVE-2018-16403 at SUSECVE-2018-16403 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:suse-microos:5.0file-5.32-7.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the file-5.32-7.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:suse-microos:5.0firewalld-0.5.5-4.24.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the firewalld-0.5.5-4.24.9 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:suse-microos:5.0fuse-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:suse-microos:5.0gettext-runtime-0.19.8.1-4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the gettext-runtime-0.19.8.1-4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-18751 at SUSECVE-2018-18751 at NVDcpe:/o:suse:suse-microos:5.0glib2-tools-2.62.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the glib2-tools-2.62.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDcpe:/o:suse:suse-microos:5.0glibc-2.26-13.51.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the glibc-2.26-13.51.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDcpe:/o:suse:suse-microos:5.0gpg2-2.2.5-4.14.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the gpg2-2.2.5-4.14.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDcpe:/o:suse:suse-microos:5.0grep-3.1-4.3.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:suse-microos:5.0grub2-2.04-9.30.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the grub2-2.04-9.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDcpe:/o:suse:suse-microos:5.0gstreamer-1.16.2-1.53 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the gstreamer-1.16.2-1.53 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5838 at SUSECVE-2017-5838 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDCVE-2017-5846 at SUSECVE-2017-5846 at NVDCVE-2017-5847 at SUSECVE-2017-5847 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDcpe:/o:suse:suse-microos:5.0gstreamer-plugins-base-1.16.2-2.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the gstreamer-plugins-base-1.16.2-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-9928 at SUSECVE-2019-9928 at NVDcpe:/o:suse:suse-microos:5.0hardlink-1.0+git.e66999f-1.25 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the hardlink-1.0+git.e66999f-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2011-3630 at SUSECVE-2011-3630 at NVDCVE-2011-3631 at SUSECVE-2011-3631 at NVDCVE-2011-3632 at SUSECVE-2011-3632 at NVDcpe:/o:suse:suse-microos:5.0kdump-0.9.0-11.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the kdump-0.9.0-11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:suse-microos:5.0kernel-default-5.3.18-24.49.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the kernel-default-5.3.18-24.49.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDcpe:/o:suse:suse-microos:5.0kernel-firmware-20200107-3.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the kernel-firmware-20200107-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDCVE-2020-12321 at SUSECVE-2020-12321 at NVDcpe:/o:suse:suse-microos:5.0kernel-rt-5.3.18-8.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the kernel-rt-5.3.18-8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDcpe:/o:suse:suse-microos:5.0krb5-1.16.3-3.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the krb5-1.16.3-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDcpe:/o:suse:suse-microos:5.0less-530-1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the less-530-1.6 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDcpe:/o:suse:suse-microos:5.0libX11-6-1.6.5-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libX11-6-1.6.5-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDCVE-2020-14344 at SUSECVE-2020-14344 at NVDCVE-2020-14363 at SUSECVE-2020-14363 at NVDcpe:/o:suse:suse-microos:5.0libXext6-1.3.3-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:suse-microos:5.0libXrender1-0.9.10-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDcpe:/o:suse:suse-microos:5.0libXv1-1.0.11-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:suse-microos:5.0libaudit1-2.8.1-12.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libaudit1-2.8.1-12.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:suse-microos:5.0libblkid1-2.33.1-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libblkid1-2.33.1-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2018-7738 at SUSECVE-2018-7738 at NVDcpe:/o:suse:suse-microos:5.0libbluetooth3-5.48-13.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libbluetooth3-5.48-13.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9797 at SUSECVE-2016-9797 at NVDCVE-2016-9798 at SUSECVE-2016-9798 at NVDCVE-2016-9800 at SUSECVE-2016-9800 at NVDCVE-2016-9801 at SUSECVE-2016-9801 at NVDCVE-2016-9802 at SUSECVE-2016-9802 at NVDCVE-2016-9804 at SUSECVE-2016-9804 at NVDCVE-2016-9917 at SUSECVE-2016-9917 at NVDCVE-2016-9918 at SUSECVE-2016-9918 at NVDCVE-2020-0556 at SUSECVE-2020-0556 at NVDCVE-2020-27153 at SUSECVE-2020-27153 at NVDcpe:/o:suse:suse-microos:5.0libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:suse-microos:5.0libbz2-1-1.0.6-5.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libbz2-1-1.0.6-5.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:suse-microos:5.0libcairo2-1.16.0-1.55 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libcairo2-1.16.0-1.55 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:suse-microos:5.0libcontainers-common-20200727-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libcontainers-common-20200727-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDcpe:/o:suse:suse-microos:5.0libcroco-0_6-3-0.6.13-1.26 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libcroco-0_6-3-0.6.13-1.26 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-7960 at SUSECVE-2017-7960 at NVDCVE-2017-7961 at SUSECVE-2017-7961 at NVDCVE-2017-8834 at SUSECVE-2017-8834 at NVDCVE-2017-8871 at SUSECVE-2017-8871 at NVDcpe:/o:suse:suse-microos:5.0libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:suse-microos:5.0libexpat1-2.2.5-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libexpat1-2.2.5-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDcpe:/o:suse:suse-microos:5.0libfreebl3-3.53.1-3.51.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libfreebl3-3.53.1-3.51.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDcpe:/o:suse:suse-microos:5.0libfreetype6-2.10.1-4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:suse-microos:5.0libgbm1-19.3.4-45.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libgbm1-19.3.4-45.23 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:suse-microos:5.0libgcc_s1-10.2.1+git583-1.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libgcc_s1-10.2.1+git583-1.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2020-13844 at SUSECVE-2020-13844 at NVDcpe:/o:suse:suse-microos:5.0libgcrypt20-1.8.2-8.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libgcrypt20-1.8.2-8.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDcpe:/o:suse:suse-microos:5.0libgnutls30-3.6.7-14.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libgnutls30-3.6.7-14.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDcpe:/o:suse:suse-microos:5.0libgraphite2-3-1.3.11-2.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:suse-microos:5.0libhogweed4-3.4.1-4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libhogweed4-3.4.1-4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDcpe:/o:suse:suse-microos:5.0libidn11-1.34-3.2.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2017-14062 at SUSECVE-2017-14062 at NVDcpe:/o:suse:suse-microos:5.0libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:suse-microos:5.0libjpeg8-8.1.2-5.15.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libjpeg8-8.1.2-5.15.7 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDcpe:/o:suse:suse-microos:5.0libjson-c3-0.13-1.19 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libjson-c3-0.13-1.19 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDcpe:/o:suse:suse-microos:5.0libksba8-1.3.5-2.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDcpe:/o:suse:suse-microos:5.0libldap-2_4-2-2.4.46-9.45.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libldap-2_4-2-2.4.46-9.45.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDcpe:/o:suse:suse-microos:5.0liblua5_3-5-5.3.4-3.3.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the liblua5_3-5-5.3.4-3.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDcpe:/o:suse:suse-microos:5.0liblz4-1-1.8.0-3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the liblz4-1-1.8.0-3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDcpe:/o:suse:suse-microos:5.0liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:suse-microos:5.0libmspack0-0.6-3.8.19 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libmspack0-0.6-3.8.19 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:suse-microos:5.0libncurses6-6.1-5.6.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libncurses6-6.1-5.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDcpe:/o:suse:suse-microos:5.0libnghttp2-14-1.40.0-1.15 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libnghttp2-14-1.40.0-1.15 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDcpe:/o:suse:suse-microos:5.0libnm0-1.22.10-3.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libnm0-1.22.10-3.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDcpe:/o:suse:suse-microos:5.0libopenssl1_1-1.1.1d-11.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libopenssl1_1-1.1.1d-11.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDcpe:/o:suse:suse-microos:5.0libopus0-1.3.1-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libopus0-1.3.1-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:suse-microos:5.0libpango-1_0-0-1.44.7+11-1.25 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libpango-1_0-0-1.44.7+11-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-15120 at SUSECVE-2018-15120 at NVDcpe:/o:suse:suse-microos:5.0libpcre1-8.41-4.20 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libpcre1-8.41-4.20 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDcpe:/o:suse:suse-microos:5.0libpcre2-8-0-10.31-1.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libpcre2-8-0-10.31-1.14 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDcpe:/o:suse:suse-microos:5.0libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:suse-microos:5.0libpolkit0-0.116-1.51 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libpolkit0-0.116-1.51 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDcpe:/o:suse:suse-microos:5.0libprocps7-3.3.15-7.13.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libprocps7-3.3.15-7.13.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:suse-microos:5.0libproxy1-0.4.15-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libproxy1-0.4.15-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:suse-microos:5.0libpython3_6m1_0-3.6.12-3.75.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libpython3_6m1_0-3.6.12-3.75.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDcpe:/o:suse:suse-microos:5.0libruby2_5-2_5-2.5.8-4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libruby2_5-2_5-2.5.8-4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2012-6708 at SUSECVE-2012-6708 at NVDCVE-2015-9251 at SUSECVE-2015-9251 at NVDCVE-2017-17742 at SUSECVE-2017-17742 at NVDCVE-2018-1000073 at SUSECVE-2018-1000073 at NVDCVE-2018-1000074 at SUSECVE-2018-1000074 at NVDCVE-2018-1000075 at SUSECVE-2018-1000075 at NVDCVE-2018-1000076 at SUSECVE-2018-1000076 at NVDCVE-2018-1000077 at SUSECVE-2018-1000077 at NVDCVE-2018-1000078 at SUSECVE-2018-1000078 at NVDCVE-2018-1000079 at SUSECVE-2018-1000079 at NVDCVE-2018-16395 at SUSECVE-2018-16395 at NVDCVE-2018-16396 at SUSECVE-2018-16396 at NVDCVE-2018-6914 at SUSECVE-2018-6914 at NVDCVE-2018-8777 at SUSECVE-2018-8777 at NVDCVE-2018-8778 at SUSECVE-2018-8778 at NVDCVE-2018-8779 at SUSECVE-2018-8779 at NVDCVE-2018-8780 at SUSECVE-2018-8780 at NVDCVE-2019-15845 at SUSECVE-2019-15845 at NVDCVE-2019-16201 at SUSECVE-2019-16201 at NVDCVE-2019-16254 at SUSECVE-2019-16254 at NVDCVE-2019-16255 at SUSECVE-2019-16255 at NVDCVE-2019-8320 at SUSECVE-2019-8320 at NVDCVE-2019-8321 at SUSECVE-2019-8321 at NVDCVE-2019-8322 at SUSECVE-2019-8322 at NVDCVE-2019-8323 at SUSECVE-2019-8323 at NVDCVE-2019-8324 at SUSECVE-2019-8324 at NVDCVE-2019-8325 at SUSECVE-2019-8325 at NVDCVE-2020-10663 at SUSECVE-2020-10663 at NVDCVE-2020-10933 at SUSECVE-2020-10933 at NVDCVE-2020-8130 at SUSECVE-2020-8130 at NVDcpe:/o:suse:suse-microos:5.0libseccomp2-2.4.1-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libseccomp2-2.4.1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:suse-microos:5.0libsolv-tools-0.7.16-3.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libsolv-tools-0.7.16-3.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:suse-microos:5.0libspice-server1-0.14.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libspice-server1-0.14.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDCVE-2019-3813 at SUSECVE-2019-3813 at NVDCVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:suse-microos:5.0libsqlite3-0-3.28.0-3.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libsqlite3-0-3.28.0-3.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDcpe:/o:suse:suse-microos:5.0libssh2-1-1.9.0-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:suse-microos:5.0libssh4-0.8.7-10.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDcpe:/o:suse:suse-microos:5.0libsystemd0-246.10-2.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libsystemd0-246.10-2.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDcpe:/o:suse:suse-microos:5.0libtasn1-4.13-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDcpe:/o:suse:suse-microos:5.0libthai-data-0.1.27-1.16 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libthai-data-0.1.27-1.16 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2009-4012 at SUSECVE-2009-4012 at NVDcpe:/o:suse:suse-microos:5.0libunwind-1.2.1-4.2.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libunwind-1.2.1-4.2.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:suse-microos:5.0libvirglrenderer0-0.6.0-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libvirglrenderer0-0.6.0-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDCVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDcpe:/o:suse:suse-microos:5.0libvirt-libs-6.0.0-13.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libvirt-libs-6.0.0-13.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDcpe:/o:suse:suse-microos:5.0libvmtools0-11.2.5-4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libvmtools0-11.2.5-4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDcpe:/o:suse:suse-microos:5.0libvorbis0-1.3.6-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libvorbis0-1.3.6-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2008-1420 at SUSECVE-2008-1420 at NVDCVE-2009-3379 at SUSECVE-2009-3379 at NVDCVE-2012-0444 at SUSECVE-2012-0444 at NVDCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:suse-microos:5.0libxkbcommon0-0.8.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libxkbcommon0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:suse-microos:5.0libxml2-2-2.9.7-3.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libxml2-2-2.9.7-3.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-18258 at SUSECVE-2017-18258 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDcpe:/o:suse:suse-microos:5.0libxslt1-1.1.32-3.8.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libxslt1-1.1.32-3.8.24 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDcpe:/o:suse:suse-microos:5.0libyaml-0-2-0.1.7-1.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libyaml-0-2-0.1.7-1.17 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-6393 at SUSECVE-2013-6393 at NVDCVE-2014-2525 at SUSECVE-2014-2525 at NVDCVE-2014-9130 at SUSECVE-2014-9130 at NVDcpe:/o:suse:suse-microos:5.0libyaml-cpp0_6-0.6.1-4.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDcpe:/o:suse:suse-microos:5.0libz1-1.2.11-3.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libz1-1.2.11-3.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDcpe:/o:suse:suse-microos:5.0libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:suse-microos:5.0libzstd1-1.4.4-1.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libzstd1-1.4.4-1.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDcpe:/o:suse:suse-microos:5.0libzypp-17.25.6-3.28.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the libzypp-17.25.6-3.28.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:suse-microos:5.0logrotate-3.13.0-4.3.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2011-1098 at SUSECVE-2011-1098 at NVDCVE-2011-1154 at SUSECVE-2011-1154 at NVDCVE-2011-1155 at SUSECVE-2011-1155 at NVDcpe:/o:suse:suse-microos:5.0mozilla-nspr-4.25.1-3.15.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the mozilla-nspr-4.25.1-3.15.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:suse-microos:5.0nfs-client-2.1.1-10.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the nfs-client-2.1.1-10.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:suse-microos:5.0openslp-2.0.0-6.12.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the openslp-2.0.0-6.12.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:suse-microos:5.0openssh-8.1p1-5.12.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the openssh-8.1p1-5.12.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDCVE-2020-14145 at SUSECVE-2020-14145 at NVDcpe:/o:suse:suse-microos:5.0openssl-1.1.1d-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:suse-microos:5.0pam-1.3.0-6.29.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the pam-1.3.0-6.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:suse-microos:5.0perl-5.26.1-7.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the perl-5.26.1-7.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:suse-microos:5.0permissions-20181224-23.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the permissions-20181224-23.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDcpe:/o:suse:suse-microos:5.0podman-2.1.1-4.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the podman-2.1.1-4.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDcpe:/o:suse:suse-microos:5.0policycoreutils-3.1-1.25 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the policycoreutils-3.1-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:suse-microos:5.0powerpc-utils-1.3.7.1-3.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the powerpc-utils-1.3.7.1-3.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:suse-microos:5.0python3-Jinja2-2.10.1-3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the python3-Jinja2-2.10.1-3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-0012 at SUSECVE-2014-0012 at NVDCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDcpe:/o:suse:suse-microos:5.0python3-PyYAML-5.1.2-6.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the python3-PyYAML-5.1.2-6.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-1747 at SUSECVE-2020-1747 at NVDcpe:/o:suse:suse-microos:5.0python3-requests-2.20.1-6.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the python3-requests-2.20.1-6.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-microos:5.0python3-salt-3000-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the python3-salt-3000-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDcpe:/o:suse:suse-microos:5.0python3-setuptools-40.5.0-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-microos:5.0python3-urllib3-1.24-9.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the python3-urllib3-1.24-9.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDcpe:/o:suse:suse-microos:5.0qemu-4.2.1-11.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the qemu-4.2.1-11.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-11947 at SUSECVE-2020-11947 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDcpe:/o:suse:suse-microos:5.0rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:suse-microos:5.0rpm-4.14.1-20.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the rpm-4.14.1-20.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDcpe:/o:suse:suse-microos:5.0rsync-3.1.3-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the rsync-3.1.3-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDcpe:/o:suse:suse-microos:5.0shadow-4.6-3.5.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the shadow-4.6-3.5.6 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:suse-microos:5.0shim-15+git47-3.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the shim-15+git47-3.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDcpe:/o:suse:suse-microos:5.0slirp4netns-0.4.7-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the slirp4netns-0.4.7-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDcpe:/o:suse:suse-microos:5.0squashfs-4.3-1.29 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the squashfs-4.3-1.29 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2012-4024 at SUSECVE-2012-4024 at NVDCVE-2012-4025 at SUSECVE-2012-4025 at NVDcpe:/o:suse:suse-microos:5.0sudo-1.8.22-4.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the sudo-1.8.22-4.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-microos:5.0supportutils-3.1.9-5.24.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the supportutils-3.1.9-5.24.3 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:suse-microos:5.0tar-1.30-3.3.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the tar-1.30-3.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2010-0624 at SUSECVE-2010-0624 at NVDCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDcpe:/o:suse:suse-microos:5.0ucode-intel-20210216-2.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the ucode-intel-20210216-2.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:suse-microos:5.0update-alternatives-1.19.0.4-2.48 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:suse-microos:5.0vim-data-common-8.0.1568-5.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the vim-data-common-8.0.1568-5.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDcpe:/o:suse:suse-microos:5.0wicked-0.6.64-3.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the wicked-0.6.64-3.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:suse-microos:5.0wpa_supplicant-2.9-4.23.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the wpa_supplicant-2.9-4.23.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDcpe:/o:suse:suse-microos:5.0xen-libs-4.13.2_06-3.22.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the xen-libs-4.13.2_06-3.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDcpe:/o:suse:suse-microos:5.0zypper-1.14.42-3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.0
These are all security issues fixed in the zypper-1.14.42-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.0. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:suse-microos:5.0apparmor-abstractions-2.13.6-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the apparmor-abstractions-2.13.6-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDcpe:/o:suse:suse-microos:5.1augeas-1.10.1-1.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the augeas-1.10.1-1.11 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2012-0786 at SUSECVE-2012-0786 at NVDCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:suse-microos:5.1bash-4.4-19.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the bash-4.4-19.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:suse-microos:5.1btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:suse-microos:5.1bzip2-1.0.6-5.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the bzip2-1.0.6-5.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:suse-microos:5.1chrony-3.2-9.24.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the chrony-3.2-9.24.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDcpe:/o:suse:suse-microos:5.1cni-plugins-0.8.6-3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDcpe:/o:suse:suse-microos:5.1containerd-1.4.4-5.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the containerd-1.4.4-5.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDcpe:/o:suse:suse-microos:5.1coolkey-1.1.0-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:suse-microos:5.1coreutils-8.32-1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the coreutils-8.32-1.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:suse-microos:5.1cpio-2.12-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the cpio-2.12-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDCVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-microos:5.1cracklib-2.9.7-11.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the cracklib-2.9.7-11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:suse-microos:5.1cryptsetup-2.3.4-1.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the cryptsetup-2.3.4-1.34 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-14382 at SUSECVE-2020-14382 at NVDcpe:/o:suse:suse-microos:5.1curl-7.66.0-4.22.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the curl-7.66.0-4.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDCVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDcpe:/o:suse:suse-microos:5.1cyrus-sasl-2.1.27-2.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the cyrus-sasl-2.1.27-2.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-19906 at SUSECVE-2019-19906 at NVDCVE-2020-8032 at SUSECVE-2020-8032 at NVDcpe:/o:suse:suse-microos:5.1dbus-1-1.12.2-8.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the dbus-1-1.12.2-8.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDCVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:suse-microos:5.1dnsmasq-2.78-7.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the dnsmasq-2.78-7.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDCVE-2017-15107 at SUSECVE-2017-15107 at NVDCVE-2019-14834 at SUSECVE-2019-14834 at NVDCVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDcpe:/o:suse:suse-microos:5.1docker-20.10.6_ce-6.49.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the docker-20.10.6_ce-6.49.3 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDcpe:/o:suse:suse-microos:5.1docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDcpe:/o:suse:suse-microos:5.1docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDcpe:/o:suse:suse-microos:5.1dracut-049.1+suse.203.g8ee14a90-3.35.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the dracut-049.1+suse.203.g8ee14a90-3.35.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:suse-microos:5.1e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the e2fsprogs-1.43.8-4.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDcpe:/o:suse:suse-microos:5.1elfutils-0.168-4.5.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2017-7607 at SUSECVE-2017-7607 at NVDCVE-2017-7608 at SUSECVE-2017-7608 at NVDCVE-2017-7609 at SUSECVE-2017-7609 at NVDCVE-2017-7610 at SUSECVE-2017-7610 at NVDCVE-2017-7611 at SUSECVE-2017-7611 at NVDCVE-2017-7612 at SUSECVE-2017-7612 at NVDCVE-2017-7613 at SUSECVE-2017-7613 at NVDCVE-2018-16062 at SUSECVE-2018-16062 at NVDCVE-2018-16402 at SUSECVE-2018-16402 at NVDCVE-2018-16403 at SUSECVE-2018-16403 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:suse-microos:5.1file-5.32-7.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the file-5.32-7.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:suse-microos:5.1firewalld-0.9.3-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the firewalld-0.9.3-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:suse-microos:5.1fuse-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:suse-microos:5.1glib2-tools-2.62.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the glib2-tools-2.62.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDCVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:suse-microos:5.1glibc-2.31-7.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the glibc-2.31-7.30 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10228 at SUSECVE-2016-10228 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDCVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDCVE-2021-27645 at SUSECVE-2021-27645 at NVDCVE-2021-3326 at SUSECVE-2021-3326 at NVDcpe:/o:suse:suse-microos:5.1gpg2-2.2.27-1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the gpg2-2.2.27-1.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDCVE-2019-14855 at SUSECVE-2019-14855 at NVDCVE-2020-25125 at SUSECVE-2020-25125 at NVDcpe:/o:suse:suse-microos:5.1grep-3.1-4.3.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:suse-microos:5.1grub2-2.04-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the grub2-2.04-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDcpe:/o:suse:suse-microos:5.1iscsiuio-0.7.8.6-32.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the iscsiuio-0.7.8.6-32.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:suse-microos:5.1jq-1.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-8863 at SUSECVE-2015-8863 at NVDCVE-2016-4074 at SUSECVE-2016-4074 at NVDcpe:/o:suse:suse-microos:5.1kdump-0.9.0-16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the kdump-0.9.0-16.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:suse-microos:5.1kernel-default-5.3.18-59.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the kernel-default-5.3.18-59.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDcpe:/o:suse:suse-microos:5.1kernel-firmware-all-20210208-2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the kernel-firmware-all-20210208-2.4 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDcpe:/o:suse:suse-microos:5.1kernel-rt-5.3.18-8.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the kernel-rt-5.3.18-8.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:suse-microos:5.1krb5-1.16.3-3.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the krb5-1.16.3-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDcpe:/o:suse:suse-microos:5.1less-530-1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the less-530-1.6 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDcpe:/o:suse:suse-microos:5.1libaudit1-2.8.5-3.43 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libaudit1-2.8.5-3.43 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:suse-microos:5.1libblkid1-2.36.2-2.29 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libblkid1-2.36.2-2.29 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDcpe:/o:suse:suse-microos:5.1libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:suse-microos:5.1libcares2-1.17.1+20200724-3.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libcares2-1.17.1+20200724-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDCVE-2020-8277 at SUSECVE-2020-8277 at NVDCVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:suse-microos:5.1libcontainers-common-20200727-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libcontainers-common-20200727-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDcpe:/o:suse:suse-microos:5.1libekmfweb1-2.15.1-8.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libekmfweb1-2.15.1-8.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2021-25316 at SUSECVE-2021-25316 at NVDcpe:/o:suse:suse-microos:5.1libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:suse-microos:5.1libexpat1-2.2.5-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libexpat1-2.2.5-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDcpe:/o:suse:suse-microos:5.1libfreebl3-3.53.1-3.53.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libfreebl3-3.53.1-3.53.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDcpe:/o:suse:suse-microos:5.1libfreetype6-2.10.1-4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:suse-microos:5.1libgcc_s1-10.3.0+git1587-1.6.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libgcc_s1-10.3.0+git1587-1.6.4 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-13844 at SUSECVE-2020-13844 at NVDcpe:/o:suse:suse-microos:5.1libgcrypt20-1.8.2-8.39.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libgcrypt20-1.8.2-8.39.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDCVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:suse-microos:5.1libgnutls30-3.6.7-14.13.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libgnutls30-3.6.7-14.13.5 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDCVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDcpe:/o:suse:suse-microos:5.1libhivex0-1.3.14-5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libhivex0-1.3.14-5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2021-3504 at SUSECVE-2021-3504 at NVDcpe:/o:suse:suse-microos:5.1libhogweed4-3.4.1-4.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libhogweed4-3.4.1-4.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDCVE-2021-20305 at SUSECVE-2021-20305 at NVDCVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:suse-microos:5.1libidn11-1.34-3.2.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2017-14062 at SUSECVE-2017-14062 at NVDcpe:/o:suse:suse-microos:5.1libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:suse-microos:5.1libjansson4-2.9-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:suse-microos:5.1libjpeg8-8.1.2-5.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libjpeg8-8.1.2-5.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDCVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:suse-microos:5.1libjson-c3-0.13-1.19 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libjson-c3-0.13-1.19 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDcpe:/o:suse:suse-microos:5.1libksba8-1.3.5-2.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDcpe:/o:suse:suse-microos:5.1libldap-2_4-2-2.4.46-9.58.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libldap-2_4-2-2.4.46-9.58.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDcpe:/o:suse:suse-microos:5.1libldb2-2.2.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libldb2-2.2.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDcpe:/o:suse:suse-microos:5.1liblua5_3-5-5.3.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDCVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:suse-microos:5.1liblz4-1-1.9.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the liblz4-1-1.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDCVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:suse-microos:5.1liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:suse-microos:5.1libmicrohttpd12-0.9.57-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2013-7038 at SUSECVE-2013-7038 at NVDCVE-2013-7039 at SUSECVE-2013-7039 at NVDcpe:/o:suse:suse-microos:5.1libmspack0-0.6-3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libmspack0-0.6-3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:suse-microos:5.1libncurses6-6.1-5.6.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libncurses6-6.1-5.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDcpe:/o:suse:suse-microos:5.1libnghttp2-14-1.40.0-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:suse-microos:5.1libnm0-1.22.10-3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libnm0-1.22.10-3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDcpe:/o:suse:suse-microos:5.1libopenssl-1_1-devel-1.1.1d-11.30.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libopenssl-1_1-devel-1.1.1d-11.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDCVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDCVE-2021-3449 at SUSECVE-2021-3449 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-microos:5.1libpcap1-1.9.1-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpcap1-1.9.1-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15161 at SUSECVE-2019-15161 at NVDCVE-2019-15162 at SUSECVE-2019-15162 at NVDCVE-2019-15163 at SUSECVE-2019-15163 at NVDCVE-2019-15164 at SUSECVE-2019-15164 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:suse-microos:5.1libpcre1-8.41-6.4.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpcre1-8.41-6.4.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDcpe:/o:suse:suse-microos:5.1libpcre2-8-0-10.31-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpcre2-8-0-10.31-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDcpe:/o:suse:suse-microos:5.1libpcsclite1-1.8.24-1.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpcsclite1-1.8.24-1.14 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:suse-microos:5.1libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:suse-microos:5.1libpolkit0-0.116-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpolkit0-0.116-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDCVE-2021-3560 at SUSECVE-2021-3560 at NVDcpe:/o:suse:suse-microos:5.1libprocps7-3.3.15-7.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libprocps7-3.3.15-7.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:suse-microos:5.1libproxy1-0.4.15-12.41 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libproxy1-0.4.15-12.41 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:suse-microos:5.1libpython3_6m1_0-3.6.13-3.84.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libpython3_6m1_0-3.6.13-3.84.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDCVE-2021-3426 at SUSECVE-2021-3426 at NVDcpe:/o:suse:suse-microos:5.1librados2-15.2.13.79+g51835b62d61-3.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the librados2-15.2.13.79+g51835b62d61-3.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDCVE-2019-10222 at SUSECVE-2019-10222 at NVDCVE-2019-3821 at SUSECVE-2019-3821 at NVDCVE-2020-10736 at SUSECVE-2020-10736 at NVDCVE-2020-1759 at SUSECVE-2020-1759 at NVDCVE-2020-1760 at SUSECVE-2020-1760 at NVDCVE-2020-25660 at SUSECVE-2020-25660 at NVDCVE-2020-25678 at SUSECVE-2020-25678 at NVDCVE-2020-27781 at SUSECVE-2020-27781 at NVDCVE-2020-27839 at SUSECVE-2020-27839 at NVDCVE-2021-20288 at SUSECVE-2021-20288 at NVDCVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDcpe:/o:suse:suse-microos:5.1libseccomp2-2.4.1-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libseccomp2-2.4.1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:suse-microos:5.1libslirp0-4.3.1-1.51 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libslirp0-4.3.1-1.51 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDcpe:/o:suse:suse-microos:5.1libsolv-tools-0.7.19-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libsolv-tools-0.7.19-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:suse-microos:5.1libsqlite3-0-3.36.0-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libsqlite3-0-3.36.0-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:suse-microos:5.1libssh2-1-1.9.0-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:suse-microos:5.1libssh4-0.8.7-10.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDcpe:/o:suse:suse-microos:5.1libsss_certmap0-1.16.1-23.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libsss_certmap0-1.16.1-23.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-12173 at SUSECVE-2017-12173 at NVDCVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2018-16838 at SUSECVE-2018-16838 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDCVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:suse-microos:5.1libsystemd0-246.15-7.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libsystemd0-246.15-7.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDCVE-2021-33910 at SUSECVE-2021-33910 at NVDcpe:/o:suse:suse-microos:5.1libtasn1-4.13-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDcpe:/o:suse:suse-microos:5.1libtirpc-netconfig-1.2.6-1.131 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libtirpc-netconfig-1.2.6-1.131 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-4429 at SUSECVE-2016-4429 at NVDcpe:/o:suse:suse-microos:5.1libtpms0-0.8.2-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libtpms0-0.8.2-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2021-3446 at SUSECVE-2021-3446 at NVDCVE-2021-3505 at SUSECVE-2021-3505 at NVDcpe:/o:suse:suse-microos:5.1libunwind-1.5.0-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:suse-microos:5.1libvirt-daemon-7.1.0-6.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libvirt-daemon-7.1.0-6.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDCVE-2021-3631 at SUSECVE-2021-3631 at NVDCVE-2021-3667 at SUSECVE-2021-3667 at NVDcpe:/o:suse:suse-microos:5.1libvmtools0-11.3.0-10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libvmtools0-11.3.0-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDcpe:/o:suse:suse-microos:5.1libxkbcommon0-0.8.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libxkbcommon0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:suse-microos:5.1libxml2-2-2.9.7-3.37.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libxml2-2-2.9.7-3.37.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-18258 at SUSECVE-2017-18258 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDCVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDCVE-2021-3541 at SUSECVE-2021-3541 at NVDcpe:/o:suse:suse-microos:5.1libxslt1-1.1.32-3.8.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libxslt1-1.1.32-3.8.24 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDcpe:/o:suse:suse-microos:5.1libyaml-cpp0_6-0.6.1-4.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDcpe:/o:suse:suse-microos:5.1libz1-1.2.11-3.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libz1-1.2.11-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDcpe:/o:suse:suse-microos:5.1libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:suse-microos:5.1libzstd1-1.4.4-1.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libzstd1-1.4.4-1.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDCVE-2021-24031 at SUSECVE-2021-24031 at NVDCVE-2021-24032 at SUSECVE-2021-24032 at NVDcpe:/o:suse:suse-microos:5.1libzypp-17.27.0-12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the libzypp-17.27.0-12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:suse-microos:5.1login_defs-4.8.1-2.43 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the login_defs-4.8.1-2.43 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:suse-microos:5.1logrotate-3.13.0-4.3.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2011-1098 at SUSECVE-2011-1098 at NVDCVE-2011-1154 at SUSECVE-2011-1154 at NVDCVE-2011-1155 at SUSECVE-2011-1155 at NVDcpe:/o:suse:suse-microos:5.1mozilla-nspr-4.25.1-3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the mozilla-nspr-4.25.1-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:suse-microos:5.1nfs-client-2.1.1-10.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the nfs-client-2.1.1-10.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:suse-microos:5.1opensc-0.19.0-3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the opensc-0.19.0-3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16421 at SUSECVE-2018-16421 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16424 at SUSECVE-2018-16424 at NVDCVE-2018-16425 at SUSECVE-2018-16425 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDCVE-2019-15945 at SUSECVE-2019-15945 at NVDCVE-2019-15946 at SUSECVE-2019-15946 at NVDCVE-2019-19479 at SUSECVE-2019-19479 at NVDCVE-2019-19480 at SUSECVE-2019-19480 at NVDCVE-2019-20792 at SUSECVE-2019-20792 at NVDCVE-2020-26570 at SUSECVE-2020-26570 at NVDCVE-2020-26571 at SUSECVE-2020-26571 at NVDCVE-2020-26572 at SUSECVE-2020-26572 at NVDcpe:/o:suse:suse-microos:5.1openslp-2.0.0-6.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:suse-microos:5.1openssh-8.4p1-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the openssh-8.4p1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDcpe:/o:suse:suse-microos:5.1openssl-1.1.1d-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:suse-microos:5.1pam-1.3.0-6.38.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the pam-1.3.0-6.38.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:suse-microos:5.1perl-5.26.1-15.87 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the perl-5.26.1-15.87 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:suse-microos:5.1permissions-20181225-23.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the permissions-20181225-23.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDcpe:/o:suse:suse-microos:5.1podman-2.1.1-4.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the podman-2.1.1-4.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDcpe:/o:suse:suse-microos:5.1policycoreutils-3.1-2.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the policycoreutils-3.1-2.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:suse-microos:5.1powerpc-utils-1.3.8-9.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the powerpc-utils-1.3.8-9.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:suse-microos:5.1procmail-3.22-2.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:suse-microos:5.1python3-Jinja2-2.10.1-3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:suse-microos:5.1python3-PyYAML-5.4.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:suse-microos:5.1python3-cryptography-2.8-10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-cryptography-2.8-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-microos:5.1python3-py-1.8.1-5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-py-1.8.1-5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-29651 at SUSECVE-2020-29651 at NVDcpe:/o:suse:suse-microos:5.1python3-requests-2.24.0-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-microos:5.1python3-salt-3002.2-50.1.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-salt-3002.2-50.1.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDcpe:/o:suse:suse-microos:5.1python3-setuptools-40.5.0-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-microos:5.1python3-urllib3-1.25.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2018-20060 at SUSECVE-2018-20060 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:suse-microos:5.1qemu-5.2.0-103.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the qemu-5.2.0-103.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10717 at SUSECVE-2020-10717 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-17380 at SUSECVE-2020-17380 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-20263 at SUSECVE-2021-20263 at NVDCVE-2021-3409 at SUSECVE-2021-3409 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDCVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3611 at SUSECVE-2021-3611 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDcpe:/o:suse:suse-microos:5.1qemu-ovmf-x86_64-202008-10.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the qemu-ovmf-x86_64-202008-10.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDCVE-2019-0161 at SUSECVE-2019-0161 at NVDCVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14562 at SUSECVE-2019-14562 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2021-28210 at SUSECVE-2021-28210 at NVDCVE-2021-28211 at SUSECVE-2021-28211 at NVDcpe:/o:suse:suse-microos:5.1rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:suse-microos:5.1rpm-4.14.3-37.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the rpm-4.14.3-37.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:suse-microos:5.1rsync-3.1.3-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the rsync-3.1.3-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDcpe:/o:suse:suse-microos:5.1runc-1.0.0~rc93-1.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the runc-1.0.0~rc93-1.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDcpe:/o:suse:suse-microos:5.1shim-15.4-4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDcpe:/o:suse:suse-microos:5.1slirp4netns-0.4.7-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the slirp4netns-0.4.7-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDcpe:/o:suse:suse-microos:5.1squashfs-4.4-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDcpe:/o:suse:suse-microos:5.1sudo-1.9.5p2-1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the sudo-1.9.5p2-1.5 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-microos:5.1supportutils-3.1.17-7.35.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the supportutils-3.1.17-7.35.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:suse-microos:5.1swtpm-0.5.2-1.20 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the swtpm-0.5.2-1.20 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2020-28407 at SUSECVE-2020-28407 at NVDcpe:/o:suse:suse-microos:5.1sysstat-12.0.2-3.30.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the sysstat-12.0.2-3.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDCVE-2019-16167 at SUSECVE-2019-16167 at NVDCVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:suse-microos:5.1tar-1.30-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the tar-1.30-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:suse-microos:5.1trousers-0.3.14-6.6.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the trousers-0.3.14-6.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-18898 at SUSECVE-2019-18898 at NVDcpe:/o:suse:suse-microos:5.1ucode-intel-20210525-7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the ucode-intel-20210525-7.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDcpe:/o:suse:suse-microos:5.1update-alternatives-1.19.0.4-2.48 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:suse-microos:5.1vim-data-common-8.0.1568-5.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the vim-data-common-8.0.1568-5.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDcpe:/o:suse:suse-microos:5.1wicked-0.6.65-2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the wicked-0.6.65-2.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:suse-microos:5.1wpa_supplicant-2.9-4.29.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the wpa_supplicant-2.9-4.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDCVE-2021-27803 at SUSECVE-2021-27803 at NVDCVE-2021-30004 at SUSECVE-2021-30004 at NVDcpe:/o:suse:suse-microos:5.1xen-libs-4.14.2_04-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the xen-libs-4.14.2_04-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29040 at SUSECVE-2020-29040 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29567 at SUSECVE-2020-29567 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDCVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDcpe:/o:suse:suse-microos:5.1zypper-1.14.46-13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.1
These are all security issues fixed in the zypper-1.14.46-13.1 package on the GA media of SUSE Linux Enterprise Micro 5.1. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:suse-microos:5.1afterburn-5.2.0-150300.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the afterburn-5.2.0-150300.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-35905 at SUSECVE-2020-35905 at NVDCVE-2020-36465 at SUSECVE-2020-36465 at NVDCVE-2021-27378 at SUSECVE-2021-27378 at NVDCVE-2021-32714 at SUSECVE-2021-32714 at NVDCVE-2021-32715 at SUSECVE-2021-32715 at NVDCVE-2021-38191 at SUSECVE-2021-38191 at NVDCVE-2021-45710 at SUSECVE-2021-45710 at NVDcpe:/o:suse:suse-microos:5.2aide-0.16-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the aide-0.16-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:suse-microos:5.2apparmor-parser-2.13.6-150300.3.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the apparmor-parser-2.13.6-150300.3.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDcpe:/o:suse:suse-microos:5.2augeas-1.10.1-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the augeas-1.10.1-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:suse-microos:5.2avahi-0.7-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the avahi-0.7-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-1000845 at SUSECVE-2018-1000845 at NVDCVE-2021-26720 at SUSECVE-2021-26720 at NVDCVE-2021-3468 at SUSECVE-2021-3468 at NVDcpe:/o:suse:suse-microos:5.2aws-cli-1.20.7-30.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the aws-cli-1.20.7-30.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-15869 at SUSECVE-2018-15869 at NVDcpe:/o:suse:suse-microos:5.2bash-4.4-19.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the bash-4.4-19.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:suse-microos:5.2btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:suse-microos:5.2bzip2-1.0.6-5.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the bzip2-1.0.6-5.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:suse-microos:5.2chrony-3.2-9.24.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the chrony-3.2-9.24.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDcpe:/o:suse:suse-microos:5.2cifs-utils-6.9-5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cifs-utils-6.9-5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-14342 at SUSECVE-2020-14342 at NVDCVE-2021-20208 at SUSECVE-2021-20208 at NVDcpe:/o:suse:suse-microos:5.2cni-plugins-0.8.6-3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDcpe:/o:suse:suse-microos:5.2conntrack-tools-1.4.5-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the conntrack-tools-1.4.5-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-6496 at SUSECVE-2015-6496 at NVDcpe:/o:suse:suse-microos:5.2containerd-1.4.12-60.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the containerd-1.4.12-60.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDcpe:/o:suse:suse-microos:5.2coolkey-1.1.0-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:suse-microos:5.2coreutils-8.32-150300.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the coreutils-8.32-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:suse-microos:5.2cpio-2.12-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cpio-2.12-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDCVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-microos:5.2cracklib-2.9.7-11.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:suse-microos:5.2cryptsetup-2.3.7-150300.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cryptsetup-2.3.7-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-14382 at SUSECVE-2020-14382 at NVDCVE-2021-4122 at SUSECVE-2021-4122 at NVDcpe:/o:suse:suse-microos:5.2cups-config-2.2.7-3.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cups-config-2.2.7-3.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2012-5519 at SUSECVE-2012-5519 at NVDCVE-2014-3537 at SUSECVE-2014-3537 at NVDCVE-2014-5029 at SUSECVE-2014-5029 at NVDCVE-2014-5030 at SUSECVE-2014-5030 at NVDCVE-2014-5031 at SUSECVE-2014-5031 at NVDCVE-2015-1158 at SUSECVE-2015-1158 at NVDCVE-2015-1159 at SUSECVE-2015-1159 at NVDCVE-2017-18248 at SUSECVE-2017-18248 at NVDCVE-2018-4180 at SUSECVE-2018-4180 at NVDCVE-2018-4181 at SUSECVE-2018-4181 at NVDCVE-2018-4182 at SUSECVE-2018-4182 at NVDCVE-2018-4183 at SUSECVE-2018-4183 at NVDCVE-2018-4700 at SUSECVE-2018-4700 at NVDCVE-2019-8675 at SUSECVE-2019-8675 at NVDCVE-2019-8696 at SUSECVE-2019-8696 at NVDCVE-2019-8842 at SUSECVE-2019-8842 at NVDCVE-2020-10001 at SUSECVE-2020-10001 at NVDCVE-2020-3898 at SUSECVE-2020-3898 at NVDCVE-2021-25317 at SUSECVE-2021-25317 at NVDcpe:/o:suse:suse-microos:5.2curl-7.66.0-4.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the curl-7.66.0-4.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDCVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDCVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:suse-microos:5.2cyrus-sasl-2.1.27-150300.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the cyrus-sasl-2.1.27-150300.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-19906 at SUSECVE-2019-19906 at NVDCVE-2020-8032 at SUSECVE-2020-8032 at NVDcpe:/o:suse:suse-microos:5.2dbus-1-1.12.2-8.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the dbus-1-1.12.2-8.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDCVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:suse-microos:5.2dnsmasq-2.86-7.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the dnsmasq-2.86-7.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDCVE-2017-15107 at SUSECVE-2017-15107 at NVDCVE-2019-14834 at SUSECVE-2019-14834 at NVDCVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDcpe:/o:suse:suse-microos:5.2docker-20.10.12_ce-159.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the docker-20.10.12_ce-159.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDcpe:/o:suse:suse-microos:5.2docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDcpe:/o:suse:suse-microos:5.2docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDcpe:/o:suse:suse-microos:5.2dracut-049.1+suse.228.g07676562-3.54.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the dracut-049.1+suse.228.g07676562-3.54.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:suse-microos:5.2e2fsprogs-1.43.8-4.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the e2fsprogs-1.43.8-4.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDcpe:/o:suse:suse-microos:5.2elfutils-0.168-4.5.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the elfutils-0.168-4.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2017-7607 at SUSECVE-2017-7607 at NVDCVE-2017-7608 at SUSECVE-2017-7608 at NVDCVE-2017-7609 at SUSECVE-2017-7609 at NVDCVE-2017-7610 at SUSECVE-2017-7610 at NVDCVE-2017-7611 at SUSECVE-2017-7611 at NVDCVE-2017-7612 at SUSECVE-2017-7612 at NVDCVE-2017-7613 at SUSECVE-2017-7613 at NVDCVE-2018-16062 at SUSECVE-2018-16062 at NVDCVE-2018-16402 at SUSECVE-2018-16402 at NVDCVE-2018-16403 at SUSECVE-2018-16403 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:suse-microos:5.2file-5.32-7.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:suse-microos:5.2firewalld-0.9.3-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the firewalld-0.9.3-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:suse-microos:5.2fuse-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:suse-microos:5.2gdk-pixbuf-loader-rsvg-2.46.5-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.46.5-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-11464 at SUSECVE-2017-11464 at NVDCVE-2021-25900 at SUSECVE-2021-25900 at NVDcpe:/o:suse:suse-microos:5.2gdk-pixbuf-query-loaders-2.40.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the gdk-pixbuf-query-loaders-2.40.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-7552 at SUSECVE-2015-7552 at NVDCVE-2015-7673 at SUSECVE-2015-7673 at NVDCVE-2015-7674 at SUSECVE-2015-7674 at NVDCVE-2016-6352 at SUSECVE-2016-6352 at NVDCVE-2017-2862 at SUSECVE-2017-2862 at NVDCVE-2017-2870 at SUSECVE-2017-2870 at NVDCVE-2017-6312 at SUSECVE-2017-6312 at NVDCVE-2017-6313 at SUSECVE-2017-6313 at NVDCVE-2020-29385 at SUSECVE-2020-29385 at NVDcpe:/o:suse:suse-microos:5.2glib-networking-2.62.4-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the glib-networking-2.62.4-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:suse-microos:5.2glib2-tools-2.62.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the glib2-tools-2.62.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDCVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:suse-microos:5.2glibc-2.31-150300.9.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the glibc-2.31-150300.9.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10228 at SUSECVE-2016-10228 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDCVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDCVE-2021-27645 at SUSECVE-2021-27645 at NVDCVE-2021-3326 at SUSECVE-2021-3326 at NVDCVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDCVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:suse-microos:5.2gnutls-3.6.7-14.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the gnutls-3.6.7-14.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDCVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDCVE-2021-4209 at SUSECVE-2021-4209 at NVDcpe:/o:suse:suse-microos:5.2gpg2-2.2.27-1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the gpg2-2.2.27-1.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDCVE-2019-14855 at SUSECVE-2019-14855 at NVDCVE-2020-25125 at SUSECVE-2020-25125 at NVDcpe:/o:suse:suse-microos:5.2grep-3.1-4.3.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the grep-3.1-4.3.12 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:suse-microos:5.2groff-1.22.3-5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the groff-1.22.3-5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2009-5081 at SUSECVE-2009-5081 at NVDcpe:/o:suse:suse-microos:5.2grub2-2.04-150300.22.12.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the grub2-2.04-150300.22.12.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDcpe:/o:suse:suse-microos:5.2gstreamer-1.16.3-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the gstreamer-1.16.3-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5838 at SUSECVE-2017-5838 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDCVE-2017-5846 at SUSECVE-2017-5846 at NVDCVE-2017-5847 at SUSECVE-2017-5847 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDcpe:/o:suse:suse-microos:5.2gstreamer-plugins-base-1.16.3-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the gstreamer-plugins-base-1.16.3-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-9928 at SUSECVE-2019-9928 at NVDcpe:/o:suse:suse-microos:5.2iscsiuio-0.7.8.6-32.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the iscsiuio-0.7.8.6-32.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:suse-microos:5.2jq-1.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-8863 at SUSECVE-2015-8863 at NVDCVE-2016-4074 at SUSECVE-2016-4074 at NVDcpe:/o:suse:suse-microos:5.2kdump-0.9.0-18.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the kdump-0.9.0-18.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:suse-microos:5.2kernel-default-5.3.18-150300.59.49.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the kernel-default-5.3.18-150300.59.49.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-13405 at SUSECVE-2018-13405 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24504 at SUSECVE-2020-24504 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28097 at SUSECVE-2020-28097 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33033 at SUSECVE-2021-33033 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-34866 at SUSECVE-2021-34866 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3669 at SUSECVE-2021-3669 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45485 at SUSECVE-2021-45485 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2021-46283 at SUSECVE-2021-46283 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0286 at SUSECVE-2022-0286 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDcpe:/o:suse:suse-microos:5.2kernel-firmware-all-20210208-2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the kernel-firmware-all-20210208-2.4 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDcpe:/o:suse:suse-microos:5.2krb5-1.19.2-150300.8.3.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the krb5-1.19.2-150300.8.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-37750 at SUSECVE-2021-37750 at NVDcpe:/o:suse:suse-microos:5.2less-530-3.3.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the less-530-3.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDcpe:/o:suse:suse-microos:5.2libX11-6-1.6.5-3.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libX11-6-1.6.5-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDCVE-2020-14344 at SUSECVE-2020-14344 at NVDCVE-2020-14363 at SUSECVE-2020-14363 at NVDCVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:suse-microos:5.2libXcursor1-1.1.15-1.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-2003 at SUSECVE-2013-2003 at NVDCVE-2017-16612 at SUSECVE-2017-16612 at NVDcpe:/o:suse:suse-microos:5.2libXext6-1.3.3-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:suse-microos:5.2libXfixes3-5.0.3-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXfixes3-5.0.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1983 at SUSECVE-2013-1983 at NVDcpe:/o:suse:suse-microos:5.2libXi6-1.7.9-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1984 at SUSECVE-2013-1984 at NVDCVE-2013-1995 at SUSECVE-2013-1995 at NVDCVE-2013-1998 at SUSECVE-2013-1998 at NVDcpe:/o:suse:suse-microos:5.2libXinerama1-1.1.3-1.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1985 at SUSECVE-2013-1985 at NVDcpe:/o:suse:suse-microos:5.2libXrandr2-1.5.1-2.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1986 at SUSECVE-2013-1986 at NVDCVE-2016-7947 at SUSECVE-2016-7947 at NVDCVE-2016-7948 at SUSECVE-2016-7948 at NVDcpe:/o:suse:suse-microos:5.2libXrender1-0.9.10-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDcpe:/o:suse:suse-microos:5.2libXtst6-1.2.3-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-2063 at SUSECVE-2013-2063 at NVDcpe:/o:suse:suse-microos:5.2libXv1-1.0.11-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:suse-microos:5.2libaudit1-2.8.5-3.43 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libaudit1-2.8.5-3.43 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:suse-microos:5.2libblkid1-2.36.2-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libblkid1-2.36.2-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:suse-microos:5.2libbrotlicommon1-1.0.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:suse:suse-microos:5.2libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:suse-microos:5.2libcairo-gobject2-1.16.0-5.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libcairo-gobject2-1.16.0-5.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:suse-microos:5.2libcares2-1.17.1+20200724-3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libcares2-1.17.1+20200724-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDCVE-2020-8277 at SUSECVE-2020-8277 at NVDCVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:suse-microos:5.2libcontainers-common-20210626-150300.8.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libcontainers-common-20210626-150300.8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20291 at SUSECVE-2021-20291 at NVDCVE-2021-3602 at SUSECVE-2021-3602 at NVDcpe:/o:suse:suse-microos:5.2libcroco-0_6-3-0.6.13-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libcroco-0_6-3-0.6.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-7960 at SUSECVE-2017-7960 at NVDCVE-2017-7961 at SUSECVE-2017-7961 at NVDCVE-2017-8834 at SUSECVE-2017-8834 at NVDCVE-2017-8871 at SUSECVE-2017-8871 at NVDCVE-2020-12825 at SUSECVE-2020-12825 at NVDcpe:/o:suse:suse-microos:5.2libekmfweb1-2.15.1-150300.8.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libekmfweb1-2.15.1-150300.8.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2021-25316 at SUSECVE-2021-25316 at NVDcpe:/o:suse:suse-microos:5.2libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:suse-microos:5.2libexpat1-2.2.5-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libexpat1-2.2.5-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDCVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:suse-microos:5.2libfreebl3-3.68.2-3.64.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libfreebl3-3.68.2-3.64.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-microos:5.2libfreetype6-2.10.1-4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:suse-microos:5.2libfribidi0-1.0.5-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libfribidi0-1.0.5-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-18397 at SUSECVE-2019-18397 at NVDcpe:/o:suse:suse-microos:5.2libgbm1-20.2.4-57.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libgbm1-20.2.4-57.13 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:suse-microos:5.2libgcrypt20-1.8.2-8.42.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libgcrypt20-1.8.2-8.42.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDCVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:suse-microos:5.2libgmp10-6.1.2-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libgmp10-6.1.2-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:suse-microos:5.2libgraphite2-3-1.3.11-2.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:suse-microos:5.2libhivex0-1.3.14-5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libhivex0-1.3.14-5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2021-3504 at SUSECVE-2021-3504 at NVDCVE-2021-3622 at SUSECVE-2021-3622 at NVDcpe:/o:suse:suse-microos:5.2libhogweed4-3.4.1-4.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libhogweed4-3.4.1-4.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDCVE-2021-20305 at SUSECVE-2021-20305 at NVDCVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:suse-microos:5.2libidn11-1.34-3.2.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libidn11-1.34-3.2.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2017-14062 at SUSECVE-2017-14062 at NVDcpe:/o:suse:suse-microos:5.2libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:suse-microos:5.2libjansson4-2.9-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:suse-microos:5.2libjbig2-2.1-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-6369 at SUSECVE-2013-6369 at NVDcpe:/o:suse:suse-microos:5.2libjpeg8-8.1.2-32.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libjpeg8-8.1.2-32.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDCVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:suse-microos:5.2libjson-c3-0.13-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDCVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:suse-microos:5.2libksba8-1.3.5-2.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDcpe:/o:suse:suse-microos:5.2liblcms2-2-2.9-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the liblcms2-2-2.9-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-16435 at SUSECVE-2018-16435 at NVDcpe:/o:suse:suse-microos:5.2libldap-2_4-2-2.4.46-9.58.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libldap-2_4-2-2.4.46-9.58.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDcpe:/o:suse:suse-microos:5.2libldb2-2.4.1-150300.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libldb2-2.4.1-150300.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDcpe:/o:suse:suse-microos:5.2liblua5_3-5-5.3.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDCVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:suse-microos:5.2liblz4-1-1.9.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the liblz4-1-1.9.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDCVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:suse-microos:5.2liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:suse-microos:5.2libmicrohttpd12-0.9.57-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-7038 at SUSECVE-2013-7038 at NVDCVE-2013-7039 at SUSECVE-2013-7039 at NVDcpe:/o:suse:suse-microos:5.2libmspack0-0.6-3.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2018-18586 at SUSECVE-2018-18586 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:suse-microos:5.2libncurses6-6.1-5.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libncurses6-6.1-5.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDCVE-2021-39537 at SUSECVE-2021-39537 at NVDcpe:/o:suse:suse-microos:5.2libnghttp2-14-1.40.0-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:suse-microos:5.2libnm0-1.22.10-3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libnm0-1.22.10-3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDcpe:/o:suse:suse-microos:5.2libopenssl-1_1-devel-1.1.1d-11.38.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libopenssl-1_1-devel-1.1.1d-11.38.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDCVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDCVE-2021-3449 at SUSECVE-2021-3449 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-microos:5.2libopus0-1.3.1-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libopus0-1.3.1-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:suse-microos:5.2libosinfo-1.7.1-1.52 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libosinfo-1.7.1-1.52 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-13313 at SUSECVE-2019-13313 at NVDcpe:/o:suse:suse-microos:5.2libp11-kit0-0.23.2-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libp11-kit0-0.23.2-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-29361 at SUSECVE-2020-29361 at NVDcpe:/o:suse:suse-microos:5.2libpango-1_0-0-1.44.7+11-1.25 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpango-1_0-0-1.44.7+11-1.25 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-15120 at SUSECVE-2018-15120 at NVDcpe:/o:suse:suse-microos:5.2libpcap1-1.9.1-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpcap1-1.9.1-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15161 at SUSECVE-2019-15161 at NVDCVE-2019-15162 at SUSECVE-2019-15162 at NVDCVE-2019-15163 at SUSECVE-2019-15163 at NVDCVE-2019-15164 at SUSECVE-2019-15164 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:suse-microos:5.2libpcre1-8.45-20.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpcre1-8.45-20.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:suse-microos:5.2libpcre2-8-0-10.31-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpcre2-8-0-10.31-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDcpe:/o:suse:suse-microos:5.2libpcsclite1-1.8.24-1.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpcsclite1-1.8.24-1.14 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:suse-microos:5.2libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:suse-microos:5.2libpolkit0-0.116-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpolkit0-0.116-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDCVE-2021-3560 at SUSECVE-2021-3560 at NVDCVE-2021-4034 at SUSECVE-2021-4034 at NVDCVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:suse-microos:5.2libprocps7-3.3.15-7.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libprocps7-3.3.15-7.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:suse-microos:5.2libproxy1-0.4.15-12.41 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libproxy1-0.4.15-12.41 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:suse-microos:5.2libpython3_6m1_0-3.6.15-10.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libpython3_6m1_0-3.6.15-10.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDCVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDcpe:/o:suse:suse-microos:5.2librados2-15.2.15.83+gf72054fa653-3.34.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the librados2-15.2.15.83+gf72054fa653-3.34.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDCVE-2019-10222 at SUSECVE-2019-10222 at NVDCVE-2019-3821 at SUSECVE-2019-3821 at NVDCVE-2020-10736 at SUSECVE-2020-10736 at NVDCVE-2020-1759 at SUSECVE-2020-1759 at NVDCVE-2020-1760 at SUSECVE-2020-1760 at NVDCVE-2020-25660 at SUSECVE-2020-25660 at NVDCVE-2020-25678 at SUSECVE-2020-25678 at NVDCVE-2020-27781 at SUSECVE-2020-27781 at NVDCVE-2020-27839 at SUSECVE-2020-27839 at NVDCVE-2021-20288 at SUSECVE-2021-20288 at NVDCVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDcpe:/o:suse:suse-microos:5.2libseccomp2-2.5.3-150300.10.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libseccomp2-2.5.3-150300.10.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:suse-microos:5.2libslirp0-4.3.1-1.51 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libslirp0-4.3.1-1.51 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDcpe:/o:suse:suse-microos:5.2libsolv-tools-0.7.20-9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libsolv-tools-0.7.20-9.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:suse-microos:5.2libsoup-2_4-1-2.68.3-2.32 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libsoup-2_4-1-2.68.3-2.32 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-2885 at SUSECVE-2017-2885 at NVDCVE-2018-12910 at SUSECVE-2018-12910 at NVDcpe:/o:suse:suse-microos:5.2libspice-server1-0.14.3-1.48 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libspice-server1-0.14.3-1.48 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDCVE-2019-3813 at SUSECVE-2019-3813 at NVDCVE-2020-14355 at SUSECVE-2020-14355 at NVDcpe:/o:suse:suse-microos:5.2libsqlite3-0-3.36.0-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libsqlite3-0-3.36.0-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:suse-microos:5.2libssh2-1-1.9.0-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:suse-microos:5.2libssh4-0.8.7-10.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libssh4-0.8.7-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDcpe:/o:suse:suse-microos:5.2libsss_certmap0-1.16.1-150300.23.17.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libsss_certmap0-1.16.1-150300.23.17.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-12173 at SUSECVE-2017-12173 at NVDCVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2018-16838 at SUSECVE-2018-16838 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDCVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:suse-microos:5.2libsystemd0-246.16-150300.7.39.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libsystemd0-246.16-150300.7.39.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDCVE-2021-33910 at SUSECVE-2021-33910 at NVDCVE-2021-3997 at SUSECVE-2021-3997 at NVDcpe:/o:suse:suse-microos:5.2libtasn1-4.13-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDcpe:/o:suse:suse-microos:5.2libthai-data-0.1.27-1.16 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libthai-data-0.1.27-1.16 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2009-4012 at SUSECVE-2009-4012 at NVDcpe:/o:suse:suse-microos:5.2libtiff5-4.0.9-45.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libtiff5-4.0.9-45.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2012-4564 at SUSECVE-2012-4564 at NVDCVE-2013-1960 at SUSECVE-2013-1960 at NVDCVE-2013-1961 at SUSECVE-2013-1961 at NVDCVE-2013-4231 at SUSECVE-2013-4231 at NVDCVE-2013-4232 at SUSECVE-2013-4232 at NVDCVE-2013-4243 at SUSECVE-2013-4243 at NVDCVE-2013-4244 at SUSECVE-2013-4244 at NVDCVE-2014-8127 at SUSECVE-2014-8127 at NVDCVE-2014-8128 at SUSECVE-2014-8128 at NVDCVE-2014-8129 at SUSECVE-2014-8129 at NVDCVE-2014-8130 at SUSECVE-2014-8130 at NVDCVE-2014-9655 at SUSECVE-2014-9655 at NVDCVE-2015-1547 at SUSECVE-2015-1547 at NVDCVE-2015-7554 at SUSECVE-2015-7554 at NVDCVE-2015-8665 at SUSECVE-2015-8665 at NVDCVE-2015-8683 at SUSECVE-2015-8683 at NVDCVE-2015-8781 at SUSECVE-2015-8781 at NVDCVE-2015-8782 at SUSECVE-2015-8782 at NVDCVE-2015-8783 at SUSECVE-2015-8783 at NVDCVE-2016-10092 at SUSECVE-2016-10092 at NVDCVE-2016-10093 at SUSECVE-2016-10093 at NVDCVE-2016-10094 at SUSECVE-2016-10094 at NVDCVE-2016-10095 at SUSECVE-2016-10095 at NVDCVE-2016-10266 at SUSECVE-2016-10266 at NVDCVE-2016-10267 at SUSECVE-2016-10267 at NVDCVE-2016-10268 at SUSECVE-2016-10268 at NVDCVE-2016-10269 at SUSECVE-2016-10269 at NVDCVE-2016-10270 at SUSECVE-2016-10270 at NVDCVE-2016-10271 at SUSECVE-2016-10271 at NVDCVE-2016-10272 at SUSECVE-2016-10272 at NVDCVE-2016-10371 at SUSECVE-2016-10371 at NVDCVE-2016-3186 at SUSECVE-2016-3186 at NVDCVE-2016-3622 at SUSECVE-2016-3622 at NVDCVE-2016-3623 at SUSECVE-2016-3623 at NVDCVE-2016-3658 at SUSECVE-2016-3658 at NVDCVE-2016-3945 at SUSECVE-2016-3945 at NVDCVE-2016-3990 at SUSECVE-2016-3990 at NVDCVE-2016-3991 at SUSECVE-2016-3991 at NVDCVE-2016-5314 at SUSECVE-2016-5314 at NVDCVE-2016-5316 at SUSECVE-2016-5316 at NVDCVE-2016-5317 at SUSECVE-2016-5317 at NVDCVE-2016-5318 at SUSECVE-2016-5318 at NVDCVE-2016-5320 at SUSECVE-2016-5320 at NVDCVE-2016-5321 at SUSECVE-2016-5321 at NVDCVE-2016-5323 at SUSECVE-2016-5323 at NVDCVE-2016-5652 at SUSECVE-2016-5652 at NVDCVE-2016-5875 at SUSECVE-2016-5875 at NVDCVE-2016-6223 at SUSECVE-2016-6223 at NVDCVE-2016-9273 at SUSECVE-2016-9273 at NVDCVE-2016-9297 at SUSECVE-2016-9297 at NVDCVE-2016-9448 at SUSECVE-2016-9448 at NVDCVE-2016-9453 at SUSECVE-2016-9453 at NVDCVE-2016-9538 at SUSECVE-2016-9538 at NVDCVE-2017-11613 at SUSECVE-2017-11613 at NVDCVE-2017-12944 at SUSECVE-2017-12944 at NVDCVE-2017-16232 at SUSECVE-2017-16232 at NVDCVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2017-18013 at SUSECVE-2017-18013 at NVDCVE-2017-5225 at SUSECVE-2017-5225 at NVDCVE-2017-7592 at SUSECVE-2017-7592 at NVDCVE-2017-7593 at SUSECVE-2017-7593 at NVDCVE-2017-7594 at SUSECVE-2017-7594 at NVDCVE-2017-7595 at SUSECVE-2017-7595 at NVDCVE-2017-7596 at SUSECVE-2017-7596 at NVDCVE-2017-7597 at SUSECVE-2017-7597 at NVDCVE-2017-7598 at SUSECVE-2017-7598 at NVDCVE-2017-7599 at SUSECVE-2017-7599 at NVDCVE-2017-7600 at SUSECVE-2017-7600 at NVDCVE-2017-7601 at SUSECVE-2017-7601 at NVDCVE-2017-7602 at SUSECVE-2017-7602 at NVDCVE-2017-9403 at SUSECVE-2017-9403 at NVDCVE-2017-9404 at SUSECVE-2017-9404 at NVDCVE-2017-9935 at SUSECVE-2017-9935 at NVDCVE-2017-9936 at SUSECVE-2017-9936 at NVDCVE-2018-10779 at SUSECVE-2018-10779 at NVDCVE-2018-10963 at SUSECVE-2018-10963 at NVDCVE-2018-12900 at SUSECVE-2018-12900 at NVDCVE-2018-16335 at SUSECVE-2018-16335 at NVDCVE-2018-17000 at SUSECVE-2018-17000 at NVDCVE-2018-17100 at SUSECVE-2018-17100 at NVDCVE-2018-17101 at SUSECVE-2018-17101 at NVDCVE-2018-17795 at SUSECVE-2018-17795 at NVDCVE-2018-18557 at SUSECVE-2018-18557 at NVDCVE-2018-18661 at SUSECVE-2018-18661 at NVDCVE-2018-19210 at SUSECVE-2018-19210 at NVDCVE-2018-5784 at SUSECVE-2018-5784 at NVDCVE-2018-7456 at SUSECVE-2018-7456 at NVDCVE-2018-8905 at SUSECVE-2018-8905 at NVDCVE-2019-14973 at SUSECVE-2019-14973 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2019-6128 at SUSECVE-2019-6128 at NVDCVE-2019-7663 at SUSECVE-2019-7663 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDcpe:/o:suse:suse-microos:5.2libtirpc-netconfig-1.2.6-1.131 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libtirpc-netconfig-1.2.6-1.131 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-4429 at SUSECVE-2016-4429 at NVDcpe:/o:suse:suse-microos:5.2libtpms0-0.8.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libtpms0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2021-3446 at SUSECVE-2021-3446 at NVDCVE-2021-3505 at SUSECVE-2021-3505 at NVDCVE-2021-3746 at SUSECVE-2021-3746 at NVDcpe:/o:suse:suse-microos:5.2libunwind-1.5.0-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:suse-microos:5.2libvirglrenderer0-0.6.0-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libvirglrenderer0-0.6.0-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDCVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDCVE-2022-0135 at SUSECVE-2022-0135 at NVDCVE-2022-0175 at SUSECVE-2022-0175 at NVDcpe:/o:suse:suse-microos:5.2libvirt-client-7.1.0-150300.6.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libvirt-client-7.1.0-150300.6.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDCVE-2021-3631 at SUSECVE-2021-3631 at NVDCVE-2021-3667 at SUSECVE-2021-3667 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:suse-microos:5.2libvmtools0-11.3.5-13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libvmtools0-11.3.5-13.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDcpe:/o:suse:suse-microos:5.2libvorbis0-1.3.6-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libvorbis0-1.3.6-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2008-1420 at SUSECVE-2008-1420 at NVDCVE-2009-3379 at SUSECVE-2009-3379 at NVDCVE-2012-0444 at SUSECVE-2012-0444 at NVDCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:suse-microos:5.2libxkbcommon0-0.8.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libxkbcommon0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:suse-microos:5.2libxml2-2-2.9.7-3.37.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libxml2-2-2.9.7-3.37.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-18258 at SUSECVE-2017-18258 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDCVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDCVE-2021-3541 at SUSECVE-2021-3541 at NVDcpe:/o:suse:suse-microos:5.2libxslt1-1.1.32-3.8.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libxslt1-1.1.32-3.8.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDcpe:/o:suse:suse-microos:5.2libyaml-cpp0_6-0.6.1-4.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libyaml-cpp0_6-0.6.1-4.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDcpe:/o:suse:suse-microos:5.2libz1-1.2.11-3.24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libz1-1.2.11-3.24.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDcpe:/o:suse:suse-microos:5.2libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:suse-microos:5.2libzstd1-1.4.4-1.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libzstd1-1.4.4-1.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDCVE-2021-24031 at SUSECVE-2021-24031 at NVDCVE-2021-24032 at SUSECVE-2021-24032 at NVDcpe:/o:suse:suse-microos:5.2libzypp-17.29.3-27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the libzypp-17.29.3-27.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:suse-microos:5.2login_defs-4.8.1-2.43 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the login_defs-4.8.1-2.43 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:suse-microos:5.2logrotate-3.13.0-4.3.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the logrotate-3.13.0-4.3.9 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2011-1098 at SUSECVE-2011-1098 at NVDCVE-2011-1154 at SUSECVE-2011-1154 at NVDCVE-2011-1155 at SUSECVE-2011-1155 at NVDcpe:/o:suse:suse-microos:5.2mozilla-nspr-4.32-3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the mozilla-nspr-4.32-3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:suse-microos:5.2nfs-client-2.1.1-10.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the nfs-client-2.1.1-10.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:suse-microos:5.2opensc-0.19.0-3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the opensc-0.19.0-3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16421 at SUSECVE-2018-16421 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16424 at SUSECVE-2018-16424 at NVDCVE-2018-16425 at SUSECVE-2018-16425 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDCVE-2019-15945 at SUSECVE-2019-15945 at NVDCVE-2019-15946 at SUSECVE-2019-15946 at NVDCVE-2019-19479 at SUSECVE-2019-19479 at NVDCVE-2019-19480 at SUSECVE-2019-19480 at NVDCVE-2019-20792 at SUSECVE-2019-20792 at NVDCVE-2020-26570 at SUSECVE-2020-26570 at NVDCVE-2020-26571 at SUSECVE-2020-26571 at NVDCVE-2020-26572 at SUSECVE-2020-26572 at NVDcpe:/o:suse:suse-microos:5.2openslp-2.0.0-6.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:suse-microos:5.2openssh-8.4p1-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the openssh-8.4p1-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDCVE-2021-28041 at SUSECVE-2021-28041 at NVDCVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:suse-microos:5.2openssl-1.1.1d-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the openssl-1.1.1d-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:suse-microos:5.2pam-1.3.0-6.50.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the pam-1.3.0-6.50.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:suse-microos:5.2perl-5.26.1-15.87 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the perl-5.26.1-15.87 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:suse-microos:5.2permissions-20181225-23.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the permissions-20181225-23.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDcpe:/o:suse:suse-microos:5.2podman-3.4.4-150300.9.3.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the podman-3.4.4-150300.9.3.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDcpe:/o:suse:suse-microos:5.2policycoreutils-3.1-150300.4.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the policycoreutils-3.1-150300.4.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:suse-microos:5.2powerpc-utils-1.3.9-150300.9.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the powerpc-utils-1.3.9-150300.9.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:suse-microos:5.2procmail-3.22-2.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:suse-microos:5.2python-azure-agent-2.2.49.2-3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python-azure-agent-2.2.49.2-3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-0804 at SUSECVE-2019-0804 at NVDcpe:/o:suse:suse-microos:5.2python3-Babel-2.8.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-Babel-2.8.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:suse-microos:5.2python3-Jinja2-2.10.1-3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:suse-microos:5.2python3-PyYAML-5.4.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:suse-microos:5.2python3-cryptography-2.8-10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-cryptography-2.8-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-microos:5.2python3-py-1.8.1-5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-py-1.8.1-5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-29651 at SUSECVE-2020-29651 at NVDcpe:/o:suse:suse-microos:5.2python3-requests-2.24.0-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:suse-microos:5.2python3-rsa-3.4.2-3.4.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-rsa-3.4.2-3.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-13757 at SUSECVE-2020-13757 at NVDcpe:/o:suse:suse-microos:5.2python3-salt-3002.2-150300.53.7.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-salt-3002.2-150300.53.7.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-21996 at SUSECVE-2021-21996 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDcpe:/o:suse:suse-microos:5.2python3-setuptools-40.5.0-6.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-setuptools-40.5.0-6.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:suse-microos:5.2python3-urllib3-1.25.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2018-20060 at SUSECVE-2018-20060 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:suse-microos:5.2qemu-5.2.0-150300.109.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the qemu-5.2.0-150300.109.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10717 at SUSECVE-2020-10717 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-17380 at SUSECVE-2020-17380 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-20263 at SUSECVE-2021-20263 at NVDCVE-2021-3409 at SUSECVE-2021-3409 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDCVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:suse-microos:5.2qemu-ovmf-x86_64-202008-10.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the qemu-ovmf-x86_64-202008-10.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDCVE-2019-0161 at SUSECVE-2019-0161 at NVDCVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14562 at SUSECVE-2019-14562 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2021-28210 at SUSECVE-2021-28210 at NVDCVE-2021-28211 at SUSECVE-2021-28211 at NVDcpe:/o:suse:suse-microos:5.2rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:suse-microos:5.2rpm-4.14.3-150300.46.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the rpm-4.14.3-150300.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:suse-microos:5.2rsync-3.1.3-4.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the rsync-3.1.3-4.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDcpe:/o:suse:suse-microos:5.2runc-1.0.3-27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the runc-1.0.3-27.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-43784 at SUSECVE-2021-43784 at NVDcpe:/o:suse:suse-microos:5.2samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the samba-client-libs-4.15.4+git.324.8332acf1a63-150300.3.25.3 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-8143 at SUSECVE-2014-8143 at NVDCVE-2015-0240 at SUSECVE-2015-0240 at NVDCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5252 at SUSECVE-2015-5252 at NVDCVE-2015-5296 at SUSECVE-2015-5296 at NVDCVE-2015-5299 at SUSECVE-2015-5299 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2015-5370 at SUSECVE-2015-5370 at NVDCVE-2015-7560 at SUSECVE-2015-7560 at NVDCVE-2015-8467 at SUSECVE-2015-8467 at NVDCVE-2015-8543 at SUSECVE-2015-8543 at NVDCVE-2016-0771 at SUSECVE-2016-0771 at NVDCVE-2016-2110 at SUSECVE-2016-2110 at NVDCVE-2016-2111 at SUSECVE-2016-2111 at NVDCVE-2016-2112 at SUSECVE-2016-2112 at NVDCVE-2016-2113 at SUSECVE-2016-2113 at NVDCVE-2016-2115 at SUSECVE-2016-2115 at NVDCVE-2016-2118 at SUSECVE-2016-2118 at NVDCVE-2016-2119 at SUSECVE-2016-2119 at NVDCVE-2016-2123 at SUSECVE-2016-2123 at NVDCVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2016-2125 at SUSECVE-2016-2125 at NVDCVE-2016-2126 at SUSECVE-2016-2126 at NVDCVE-2017-11103 at SUSECVE-2017-11103 at NVDCVE-2017-12150 at SUSECVE-2017-12150 at NVDCVE-2017-12151 at SUSECVE-2017-12151 at NVDCVE-2017-12163 at SUSECVE-2017-12163 at NVDCVE-2017-14746 at SUSECVE-2017-14746 at NVDCVE-2017-15275 at SUSECVE-2017-15275 at NVDCVE-2017-2619 at SUSECVE-2017-2619 at NVDCVE-2017-7494 at SUSECVE-2017-7494 at NVDCVE-2018-1050 at SUSECVE-2018-1050 at NVDCVE-2018-1057 at SUSECVE-2018-1057 at NVDCVE-2018-10858 at SUSECVE-2018-10858 at NVDCVE-2018-10918 at SUSECVE-2018-10918 at NVDCVE-2018-10919 at SUSECVE-2018-10919 at NVDCVE-2018-1139 at SUSECVE-2018-1139 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2018-14629 at SUSECVE-2018-14629 at NVDCVE-2018-16841 at SUSECVE-2018-16841 at NVDCVE-2018-16851 at SUSECVE-2018-16851 at NVDCVE-2018-16852 at SUSECVE-2018-16852 at NVDCVE-2018-16853 at SUSECVE-2018-16853 at NVDCVE-2018-16857 at SUSECVE-2018-16857 at NVDCVE-2018-16860 at SUSECVE-2018-16860 at NVDCVE-2019-10197 at SUSECVE-2019-10197 at NVDCVE-2019-10218 at SUSECVE-2019-10218 at NVDCVE-2019-12435 at SUSECVE-2019-12435 at NVDCVE-2019-12436 at SUSECVE-2019-12436 at NVDCVE-2019-14833 at SUSECVE-2019-14833 at NVDCVE-2019-14847 at SUSECVE-2019-14847 at NVDCVE-2019-14861 at SUSECVE-2019-14861 at NVDCVE-2019-14870 at SUSECVE-2019-14870 at NVDCVE-2019-14902 at SUSECVE-2019-14902 at NVDCVE-2019-14907 at SUSECVE-2019-14907 at NVDCVE-2019-19344 at SUSECVE-2019-19344 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2019-3870 at SUSECVE-2019-3870 at NVDCVE-2019-3880 at SUSECVE-2019-3880 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10704 at SUSECVE-2020-10704 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-10745 at SUSECVE-2020-10745 at NVDCVE-2020-10760 at SUSECVE-2020-10760 at NVDCVE-2020-14303 at SUSECVE-2020-14303 at NVDCVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDCVE-2020-1472 at SUSECVE-2020-1472 at NVDCVE-2020-17049 at SUSECVE-2020-17049 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-25719 at SUSECVE-2020-25719 at NVDCVE-2020-25721 at SUSECVE-2020-25721 at NVDCVE-2020-25722 at SUSECVE-2020-25722 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20254 at SUSECVE-2021-20254 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-20316 at SUSECVE-2021-20316 at NVDCVE-2021-23192 at SUSECVE-2021-23192 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDCVE-2021-43566 at SUSECVE-2021-43566 at NVDCVE-2021-44141 at SUSECVE-2021-44141 at NVDCVE-2021-44142 at SUSECVE-2021-44142 at NVDCVE-2022-0336 at SUSECVE-2022-0336 at NVDcpe:/o:suse:suse-microos:5.2shim-15.4-4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDcpe:/o:suse:suse-microos:5.2slirp4netns-0.4.7-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the slirp4netns-0.4.7-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDcpe:/o:suse:suse-microos:5.2socat-1.7.3.2-4.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the socat-1.7.3.2-4.10 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-3571 at SUSECVE-2013-3571 at NVDCVE-2014-0019 at SUSECVE-2014-0019 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:suse-microos:5.2squashfs-4.4-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDcpe:/o:suse:suse-microos:5.2sudo-1.9.5p2-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the sudo-1.9.5p2-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-microos:5.2supportutils-3.1.17-7.35.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the supportutils-3.1.17-7.35.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:suse-microos:5.2swtpm-0.5.2-1.20 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the swtpm-0.5.2-1.20 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2020-28407 at SUSECVE-2020-28407 at NVDcpe:/o:suse:suse-microos:5.2sysstat-12.0.2-3.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the sysstat-12.0.2-3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDCVE-2019-16167 at SUSECVE-2019-16167 at NVDCVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:suse-microos:5.2tar-1.30-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the tar-1.30-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:suse-microos:5.2trousers-0.3.14-6.6.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the trousers-0.3.14-6.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-18898 at SUSECVE-2019-18898 at NVDcpe:/o:suse:suse-microos:5.2ucode-intel-20220207-10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the ucode-intel-20220207-10.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDCVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:suse-microos:5.2update-alternatives-1.19.0.4-2.48 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the update-alternatives-1.19.0.4-2.48 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:suse-microos:5.2vim-data-common-8.0.1568-5.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the vim-data-common-8.0.1568-5.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDcpe:/o:suse:suse-microos:5.2virt-install-3.2.0-7.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the virt-install-3.2.0-7.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-10183 at SUSECVE-2019-10183 at NVDcpe:/o:suse:suse-microos:5.2wicked-0.6.68-150300.4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the wicked-0.6.68-150300.4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:suse-microos:5.2wpa_supplicant-2.9-4.29.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the wpa_supplicant-2.9-4.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDCVE-2021-27803 at SUSECVE-2021-27803 at NVDCVE-2021-30004 at SUSECVE-2021-30004 at NVDcpe:/o:suse:suse-microos:5.2xen-libs-4.14.3_06-150300.3.18.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the xen-libs-4.14.3_06-150300.3.18.2 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29040 at SUSECVE-2020-29040 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29567 at SUSECVE-2020-29567 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDCVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDCVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2021-28702 at SUSECVE-2021-28702 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDCVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:suse-microos:5.2zypper-1.14.51-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.2
These are all security issues fixed in the zypper-1.14.51-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.2. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:suse-microos:5.2NetworkManager-1.38.2-150400.1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the NetworkManager-1.38.2-150400.1.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2020-10754 at SUSECVE-2020-10754 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2021-20297 at SUSECVE-2021-20297 at NVDcpe:/o:suse:sle-micro:5.3afterburn-5.2.0-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the afterburn-5.2.0-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-35905 at SUSECVE-2020-35905 at NVDCVE-2020-36465 at SUSECVE-2020-36465 at NVDCVE-2021-27378 at SUSECVE-2021-27378 at NVDCVE-2021-32714 at SUSECVE-2021-32714 at NVDCVE-2021-32715 at SUSECVE-2021-32715 at NVDCVE-2021-38191 at SUSECVE-2021-38191 at NVDCVE-2021-45710 at SUSECVE-2021-45710 at NVDcpe:/o:suse:sle-micro:5.3aide-0.16-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the aide-0.16-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:sle-micro:5.3apparmor-parser-3.0.4-150400.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the apparmor-parser-3.0.4-150400.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.3augeas-1.12.0-150400.3.3.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the augeas-1.12.0-150400.3.3.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:sle-micro:5.3avahi-0.8-150400.5.73 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the avahi-0.8-150400.5.73 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-6519 at SUSECVE-2017-6519 at NVDCVE-2018-1000845 at SUSECVE-2018-1000845 at NVDCVE-2021-26720 at SUSECVE-2021-26720 at NVDCVE-2021-3468 at SUSECVE-2021-3468 at NVDCVE-2021-3502 at SUSECVE-2021-3502 at NVDcpe:/o:suse:sle-micro:5.3aws-cli-1.20.7-30.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the aws-cli-1.20.7-30.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-15869 at SUSECVE-2018-15869 at NVDcpe:/o:suse:sle-micro:5.3bash-4.4-150400.25.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the bash-4.4-150400.25.22 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:sle-micro:5.3bcm43xx-firmware-20180314-150400.28.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the bcm43xx-firmware-20180314-150400.28.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-10370 at SUSECVE-2020-10370 at NVDcpe:/o:suse:sle-micro:5.3btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:sle-micro:5.3bzip2-1.0.8-150400.1.122 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the bzip2-1.0.8-150400.1.122 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sle-micro:5.3chrony-4.1-150400.19.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the chrony-4.1-150400.19.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDCVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:sle-micro:5.3cifs-utils-6.15-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cifs-utils-6.15-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-14342 at SUSECVE-2020-14342 at NVDCVE-2021-20208 at SUSECVE-2021-20208 at NVDCVE-2022-27239 at SUSECVE-2022-27239 at NVDcpe:/o:suse:sle-micro:5.3cni-plugins-0.8.6-3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cni-plugins-0.8.6-3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDcpe:/o:suse:sle-micro:5.3conntrack-tools-1.4.5-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the conntrack-tools-1.4.5-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-6496 at SUSECVE-2015-6496 at NVDcpe:/o:suse:sle-micro:5.3containerd-1.6.6-150000.73.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the containerd-1.6.6-150000.73.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-31030 at SUSECVE-2022-31030 at NVDcpe:/o:suse:sle-micro:5.3coolkey-1.1.0-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:sle-micro:5.3coreutils-8.32-150400.7.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the coreutils-8.32-150400.7.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:sle-micro:5.3cpio-2.13-150400.1.98 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cpio-2.13-150400.1.98 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2015-1197 at SUSECVE-2015-1197 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDCVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sle-micro:5.3cracklib-2.9.7-11.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:sle-micro:5.3cryptsetup-2.4.3-150400.1.110 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cryptsetup-2.4.3-150400.1.110 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-14382 at SUSECVE-2020-14382 at NVDCVE-2021-4122 at SUSECVE-2021-4122 at NVDcpe:/o:suse:sle-micro:5.3cups-config-2.2.7-150000.3.32.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cups-config-2.2.7-150000.3.32.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2012-5519 at SUSECVE-2012-5519 at NVDCVE-2014-3537 at SUSECVE-2014-3537 at NVDCVE-2014-5029 at SUSECVE-2014-5029 at NVDCVE-2014-5030 at SUSECVE-2014-5030 at NVDCVE-2014-5031 at SUSECVE-2014-5031 at NVDCVE-2015-1158 at SUSECVE-2015-1158 at NVDCVE-2015-1159 at SUSECVE-2015-1159 at NVDCVE-2017-18248 at SUSECVE-2017-18248 at NVDCVE-2018-4180 at SUSECVE-2018-4180 at NVDCVE-2018-4181 at SUSECVE-2018-4181 at NVDCVE-2018-4182 at SUSECVE-2018-4182 at NVDCVE-2018-4183 at SUSECVE-2018-4183 at NVDCVE-2018-4700 at SUSECVE-2018-4700 at NVDCVE-2019-8675 at SUSECVE-2019-8675 at NVDCVE-2019-8696 at SUSECVE-2019-8696 at NVDCVE-2019-8842 at SUSECVE-2019-8842 at NVDCVE-2020-10001 at SUSECVE-2020-10001 at NVDCVE-2020-3898 at SUSECVE-2020-3898 at NVDCVE-2021-25317 at SUSECVE-2021-25317 at NVDCVE-2022-26691 at SUSECVE-2022-26691 at NVDcpe:/o:suse:sle-micro:5.3curl-7.79.1-150400.5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the curl-7.79.1-150400.5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-15601 at SUSECVE-2019-15601 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22297 at SUSECVE-2021-22297 at NVDCVE-2021-22298 at SUSECVE-2021-22298 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDCVE-2021-22901 at SUSECVE-2021-22901 at NVDCVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDCVE-2021-22945 at SUSECVE-2021-22945 at NVDCVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDCVE-2022-22576 at SUSECVE-2022-22576 at NVDCVE-2022-27774 at SUSECVE-2022-27774 at NVDCVE-2022-27775 at SUSECVE-2022-27775 at NVDCVE-2022-27776 at SUSECVE-2022-27776 at NVDCVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32205 at SUSECVE-2022-32205 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32207 at SUSECVE-2022-32207 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:sle-micro:5.3cyrus-sasl-2.1.27-150300.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the cyrus-sasl-2.1.27-150300.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-19906 at SUSECVE-2019-19906 at NVDCVE-2020-8032 at SUSECVE-2020-8032 at NVDCVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:sle-micro:5.3dbus-1-1.12.2-150400.16.52 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the dbus-1-1.12.2-150400.16.52 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDCVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:sle-micro:5.3dnsmasq-2.86-150400.14.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the dnsmasq-2.86-150400.14.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDCVE-2017-15107 at SUSECVE-2017-15107 at NVDCVE-2019-14834 at SUSECVE-2019-14834 at NVDCVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:sle-micro:5.3docker-20.10.17_ce-150000.166.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the docker-20.10.17_ce-150000.166.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:sle-micro:5.3docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDcpe:/o:suse:sle-micro:5.3docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDcpe:/o:suse:sle-micro:5.3dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:sle-micro:5.3e2fsprogs-1.46.4-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the e2fsprogs-1.46.4-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDCVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:sle-micro:5.3elfutils-0.185-150400.5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the elfutils-0.185-150400.5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7146 at SUSECVE-2019-7146 at NVDCVE-2019-7148 at SUSECVE-2019-7148 at NVDCVE-2019-7149 at SUSECVE-2019-7149 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7664 at SUSECVE-2019-7664 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:sle-micro:5.3file-5.32-7.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:sle-micro:5.3firewalld-0.9.3-150400.8.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the firewalld-0.9.3-150400.8.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:sle-micro:5.3fuse-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:sle-micro:5.3gdk-pixbuf-loader-rsvg-2.52.6-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.52.6-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-11464 at SUSECVE-2017-11464 at NVDCVE-2019-20446 at SUSECVE-2019-20446 at NVDCVE-2021-25900 at SUSECVE-2021-25900 at NVDcpe:/o:suse:sle-micro:5.3gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-7552 at SUSECVE-2015-7552 at NVDCVE-2015-7673 at SUSECVE-2015-7673 at NVDCVE-2015-7674 at SUSECVE-2015-7674 at NVDCVE-2016-6352 at SUSECVE-2016-6352 at NVDCVE-2017-2862 at SUSECVE-2017-2862 at NVDCVE-2017-2870 at SUSECVE-2017-2870 at NVDCVE-2017-6312 at SUSECVE-2017-6312 at NVDCVE-2017-6313 at SUSECVE-2017-6313 at NVDCVE-2020-29385 at SUSECVE-2020-29385 at NVDCVE-2021-44648 at SUSECVE-2021-44648 at NVDCVE-2021-46829 at SUSECVE-2021-46829 at NVDcpe:/o:suse:sle-micro:5.3glib-networking-2.70.1-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the glib-networking-2.70.1-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:sle-micro:5.3glib2-tools-2.70.4-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the glib2-tools-2.70.4-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDCVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:sle-micro:5.3glibc-2.31-150300.37.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the glibc-2.31-150300.37.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10228 at SUSECVE-2016-10228 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDCVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDCVE-2021-27645 at SUSECVE-2021-27645 at NVDCVE-2021-3326 at SUSECVE-2021-3326 at NVDCVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDCVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:sle-micro:5.3gnutls-3.7.3-150400.4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gnutls-3.7.3-150400.4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-10790 at SUSECVE-2017-10790 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDCVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDCVE-2022-2509 at SUSECVE-2022-2509 at NVDcpe:/o:suse:sle-micro:5.3gpg2-2.2.27-150300.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gpg2-2.2.27-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDCVE-2019-14855 at SUSECVE-2019-14855 at NVDCVE-2020-25125 at SUSECVE-2020-25125 at NVDCVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:sle-micro:5.3gptfdisk-1.0.8-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gptfdisk-1.0.8-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-0256 at SUSECVE-2020-0256 at NVDCVE-2021-0308 at SUSECVE-2021-0308 at NVDcpe:/o:suse:sle-micro:5.3grep-3.1-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the grep-3.1-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:sle-micro:5.3groff-1.22.4-150400.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the groff-1.22.4-150400.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2009-5080 at SUSECVE-2009-5080 at NVDCVE-2009-5081 at SUSECVE-2009-5081 at NVDcpe:/o:suse:sle-micro:5.3grub2-2.06-150400.11.5.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the grub2-2.06-150400.11.5.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDCVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2021-3981 at SUSECVE-2021-3981 at NVDCVE-2021-46705 at SUSECVE-2021-46705 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28735 at SUSECVE-2022-28735 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:sle-micro:5.3gstreamer-1.20.1-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gstreamer-1.20.1-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5838 at SUSECVE-2017-5838 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDCVE-2017-5846 at SUSECVE-2017-5846 at NVDCVE-2017-5847 at SUSECVE-2017-5847 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.3gstreamer-plugins-base-1.20.1-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gstreamer-plugins-base-1.20.1-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-9928 at SUSECVE-2019-9928 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.3gtk2-tools-2.24.33-150400.2.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gtk2-tools-2.24.33-150400.2.11 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-7447 at SUSECVE-2013-7447 at NVDcpe:/o:suse:sle-micro:5.3guestfs-data-1.44.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the guestfs-data-1.44.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2022-2211 at SUSECVE-2022-2211 at NVDcpe:/o:suse:sle-micro:5.3gzip-1.10-150200.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the gzip-1.10-150200.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.3haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the haproxy-2.4.8+git0.d1f8d41e0-150400.3.3.13 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3281 at SUSECVE-2015-3281 at NVDCVE-2018-11469 at SUSECVE-2018-11469 at NVDCVE-2018-14645 at SUSECVE-2018-14645 at NVDCVE-2018-20102 at SUSECVE-2018-20102 at NVDCVE-2018-20103 at SUSECVE-2018-20103 at NVDCVE-2018-20615 at SUSECVE-2018-20615 at NVDCVE-2019-14241 at SUSECVE-2019-14241 at NVDCVE-2019-18277 at SUSECVE-2019-18277 at NVDCVE-2020-11100 at SUSECVE-2020-11100 at NVDCVE-2021-39240 at SUSECVE-2021-39240 at NVDCVE-2021-39241 at SUSECVE-2021-39241 at NVDCVE-2021-39242 at SUSECVE-2021-39242 at NVDCVE-2021-40346 at SUSECVE-2021-40346 at NVDCVE-2022-0711 at SUSECVE-2022-0711 at NVDcpe:/o:suse:sle-micro:5.3iscsiuio-0.7.8.6-150400.39.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the iscsiuio-0.7.8.6-150400.39.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:sle-micro:5.3jq-1.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-8863 at SUSECVE-2015-8863 at NVDCVE-2016-4074 at SUSECVE-2016-4074 at NVDcpe:/o:suse:sle-micro:5.3kdump-1.0.2+git10.g26f0b96-150400.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the kdump-1.0.2+git10.g26f0b96-150400.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:sle-micro:5.3keepalived-2.2.2-150400.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the keepalived-2.2.2-150400.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-19044 at SUSECVE-2018-19044 at NVDCVE-2018-19045 at SUSECVE-2018-19045 at NVDCVE-2018-19046 at SUSECVE-2018-19046 at NVDCVE-2021-44225 at SUSECVE-2021-44225 at NVDcpe:/o:suse:sle-micro:5.3kernel-default-5.14.21-150400.24.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the kernel-default-5.14.21-150400.24.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDcpe:/o:suse:sle-micro:5.3kernel-firmware-all-20220509-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the kernel-firmware-all-20220509-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDCVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:sle-micro:5.3krb5-1.19.2-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the krb5-1.19.2-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-37750 at SUSECVE-2021-37750 at NVDcpe:/o:suse:sle-micro:5.3kubevirt-manifests-0.49.0-150400.1.37 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the kubevirt-manifests-0.49.0-150400.1.37 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-43565 at SUSECVE-2021-43565 at NVDcpe:/o:suse:sle-micro:5.3less-590-150400.1.51 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the less-590-150400.1.51 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDcpe:/o:suse:sle-micro:5.3libX11-6-1.6.5-3.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libX11-6-1.6.5-3.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDCVE-2020-14344 at SUSECVE-2020-14344 at NVDCVE-2020-14363 at SUSECVE-2020-14363 at NVDCVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:sle-micro:5.3libXcursor1-1.1.15-1.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-2003 at SUSECVE-2013-2003 at NVDCVE-2017-16612 at SUSECVE-2017-16612 at NVDcpe:/o:suse:sle-micro:5.3libXext6-1.3.3-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:sle-micro:5.3libXfixes3-6.0.0-150400.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXfixes3-6.0.0-150400.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1983 at SUSECVE-2013-1983 at NVDcpe:/o:suse:sle-micro:5.3libXi6-1.7.9-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1984 at SUSECVE-2013-1984 at NVDCVE-2013-1995 at SUSECVE-2013-1995 at NVDCVE-2013-1998 at SUSECVE-2013-1998 at NVDcpe:/o:suse:sle-micro:5.3libXinerama1-1.1.3-1.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1985 at SUSECVE-2013-1985 at NVDcpe:/o:suse:sle-micro:5.3libXrandr2-1.5.1-2.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1986 at SUSECVE-2013-1986 at NVDCVE-2016-7947 at SUSECVE-2016-7947 at NVDCVE-2016-7948 at SUSECVE-2016-7948 at NVDcpe:/o:suse:sle-micro:5.3libXrender1-0.9.10-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDcpe:/o:suse:sle-micro:5.3libXtst6-1.2.3-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-2063 at SUSECVE-2013-2063 at NVDcpe:/o:suse:sle-micro:5.3libXv1-1.0.11-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:sle-micro:5.3libarchive13-3.5.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libarchive13-3.5.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-0211 at SUSECVE-2013-0211 at NVDCVE-2015-2304 at SUSECVE-2015-2304 at NVDCVE-2015-8917 at SUSECVE-2015-8917 at NVDCVE-2015-8928 at SUSECVE-2015-8928 at NVDCVE-2015-8933 at SUSECVE-2015-8933 at NVDCVE-2015-8934 at SUSECVE-2015-8934 at NVDCVE-2016-1541 at SUSECVE-2016-1541 at NVDCVE-2016-4300 at SUSECVE-2016-4300 at NVDCVE-2016-4301 at SUSECVE-2016-4301 at NVDCVE-2016-4809 at SUSECVE-2016-4809 at NVDCVE-2016-5418 at SUSECVE-2016-5418 at NVDCVE-2016-5844 at SUSECVE-2016-5844 at NVDCVE-2016-6250 at SUSECVE-2016-6250 at NVDCVE-2016-8687 at SUSECVE-2016-8687 at NVDCVE-2016-8688 at SUSECVE-2016-8688 at NVDCVE-2016-8689 at SUSECVE-2016-8689 at NVDCVE-2017-14166 at SUSECVE-2017-14166 at NVDCVE-2017-14501 at SUSECVE-2017-14501 at NVDCVE-2017-14502 at SUSECVE-2017-14502 at NVDCVE-2017-14503 at SUSECVE-2017-14503 at NVDCVE-2017-5601 at SUSECVE-2017-5601 at NVDCVE-2018-1000877 at SUSECVE-2018-1000877 at NVDCVE-2018-1000878 at SUSECVE-2018-1000878 at NVDCVE-2018-1000879 at SUSECVE-2018-1000879 at NVDCVE-2018-1000880 at SUSECVE-2018-1000880 at NVDCVE-2019-1000019 at SUSECVE-2019-1000019 at NVDCVE-2019-1000020 at SUSECVE-2019-1000020 at NVDCVE-2019-18408 at SUSECVE-2019-18408 at NVDCVE-2019-19221 at SUSECVE-2019-19221 at NVDCVE-2021-36976 at SUSECVE-2021-36976 at NVDCVE-2022-26280 at SUSECVE-2022-26280 at NVDcpe:/o:suse:sle-micro:5.3libaudit1-3.0.6-150400.2.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libaudit1-3.0.6-150400.2.13 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:sle-micro:5.3libblkid1-2.37.2-150400.8.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libblkid1-2.37.2-150400.8.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2021-37600 at SUSECVE-2021-37600 at NVDCVE-2021-3995 at SUSECVE-2021-3995 at NVDCVE-2021-3996 at SUSECVE-2021-3996 at NVDcpe:/o:suse:sle-micro:5.3libbrotlicommon1-1.0.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:suse:sle-micro:5.3libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:sle-micro:5.3libcairo-gobject2-1.16.0-150400.9.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libcairo-gobject2-1.16.0-150400.9.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:sle-micro:5.3libcares2-1.17.1+20200724-3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libcares2-1.17.1+20200724-3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDCVE-2020-8277 at SUSECVE-2020-8277 at NVDCVE-2021-3672 at SUSECVE-2021-3672 at NVDcpe:/o:suse:sle-micro:5.3libcontainers-common-20210626-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libcontainers-common-20210626-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20291 at SUSECVE-2021-20291 at NVDCVE-2021-3602 at SUSECVE-2021-3602 at NVDcpe:/o:suse:sle-micro:5.3libekmfweb1-2.19.0-150400.7.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libekmfweb1-2.19.0-150400.7.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-25316 at SUSECVE-2021-25316 at NVDcpe:/o:suse:sle-micro:5.3libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:sle-micro:5.3libexpat1-2.4.4-150400.3.6.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libexpat1-2.4.4-150400.3.6.9 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2013-0340 at SUSECVE-2013-0340 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDCVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDCVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:sle-micro:5.3libfreebl3-3.79.1-150400.3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libfreebl3-3.79.1-150400.3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:sle-micro:5.3libfreetype6-2.10.1-4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libfreetype6-2.10.1-4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDcpe:/o:suse:sle-micro:5.3libfribidi0-1.0.10-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libfribidi0-1.0.10-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-18397 at SUSECVE-2019-18397 at NVDCVE-2022-25308 at SUSECVE-2022-25308 at NVDCVE-2022-25309 at SUSECVE-2022-25309 at NVDCVE-2022-25310 at SUSECVE-2022-25310 at NVDcpe:/o:suse:sle-micro:5.3libgbm1-21.2.4-150400.68.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libgbm1-21.2.4-150400.68.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:sle-micro:5.3libgcrypt20-1.9.4-150400.4.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libgcrypt20-1.9.4-150400.4.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDCVE-2021-3345 at SUSECVE-2021-3345 at NVDCVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:sle-micro:5.3libgmp10-6.1.2-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libgmp10-6.1.2-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:sle-micro:5.3libgraphite2-3-1.3.11-2.12 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libgraphite2-3-1.3.11-2.12 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:sle-micro:5.3libharfbuzz-gobject0-3.4.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libharfbuzz-gobject0-3.4.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2022-33068 at SUSECVE-2022-33068 at NVDcpe:/o:suse:sle-micro:5.3libhivex0-1.3.21-150400.2.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libhivex0-1.3.21-150400.2.10 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-3504 at SUSECVE-2021-3504 at NVDCVE-2021-3622 at SUSECVE-2021-3622 at NVDcpe:/o:suse:sle-micro:5.3libhogweed6-3.7.3-150400.2.21 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libhogweed6-3.7.3-150400.2.21 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDCVE-2021-20305 at SUSECVE-2021-20305 at NVDCVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:sle-micro:5.3libicu-suse65_1-65.1-150200.4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libicu-suse65_1-65.1-150200.4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:sle-micro:5.3libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:sle-micro:5.3libjansson4-2.9-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:sle-micro:5.3libjbig2-2.1-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-6369 at SUSECVE-2013-6369 at NVDcpe:/o:suse:sle-micro:5.3libjpeg8-8.2.2-150400.15.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libjpeg8-8.2.2-150400.15.9 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2018-19644 at SUSECVE-2018-19644 at NVDCVE-2018-19664 at SUSECVE-2018-19664 at NVDCVE-2018-20330 at SUSECVE-2018-20330 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDCVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:sle-micro:5.3libjson-c3-0.13-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDCVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:sle-micro:5.3libksba8-1.3.5-2.14 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libksba8-1.3.5-2.14 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDcpe:/o:suse:sle-micro:5.3liblcms2-2-2.12-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the liblcms2-2-2.12-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-16435 at SUSECVE-2018-16435 at NVDcpe:/o:suse:sle-micro:5.3libldap-2_4-2-2.4.46-150200.14.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libldap-2_4-2-2.4.46-150200.14.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDCVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:sle-micro:5.3libldb2-2.4.3-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libldb2-2.4.3-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-3670 at SUSECVE-2021-3670 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDcpe:/o:suse:sle-micro:5.3liblua5_3-5-5.3.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDCVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:sle-micro:5.3liblz4-1-1.9.3-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the liblz4-1-1.9.3-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDCVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:sle-micro:5.3liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:sle-micro:5.3libmicrohttpd12-0.9.57-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-7038 at SUSECVE-2013-7038 at NVDCVE-2013-7039 at SUSECVE-2013-7039 at NVDcpe:/o:suse:sle-micro:5.3libmpfr6-4.0.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libmpfr6-4.0.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9474 at SUSECVE-2014-9474 at NVDcpe:/o:suse:sle-micro:5.3libmspack0-0.6-3.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2018-18586 at SUSECVE-2018-18586 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:sle-micro:5.3libncurses6-6.1-150000.5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libncurses6-6.1-150000.5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDCVE-2021-39537 at SUSECVE-2021-39537 at NVDCVE-2022-29458 at SUSECVE-2022-29458 at NVDcpe:/o:suse:sle-micro:5.3libndp0-1.6-1.26 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libndp0-1.6-1.26 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-3698 at SUSECVE-2016-3698 at NVDcpe:/o:suse:sle-micro:5.3libnghttp2-14-1.40.0-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:sle-micro:5.3libopenssl-1_1-devel-1.1.1l-150400.7.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libopenssl-1_1-devel-1.1.1l-150400.7.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2002-20001 at SUSECVE-2002-20001 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDCVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDCVE-2021-3449 at SUSECVE-2021-3449 at NVDCVE-2021-3450 at SUSECVE-2021-3450 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDCVE-2022-0778 at SUSECVE-2022-0778 at NVDCVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDCVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:sle-micro:5.3libopus0-1.3.1-150000.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libopus0-1.3.1-150000.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:sle-micro:5.3libosinfo-1.7.1-150400.8.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libosinfo-1.7.1-150400.8.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-13313 at SUSECVE-2019-13313 at NVDcpe:/o:suse:sle-micro:5.3libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libp11-kit0-0.23.22-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-29361 at SUSECVE-2020-29361 at NVDCVE-2020-29362 at SUSECVE-2020-29362 at NVDCVE-2020-29363 at SUSECVE-2020-29363 at NVDcpe:/o:suse:sle-micro:5.3libpango-1_0-0-1.50.4-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpango-1_0-0-1.50.4-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-15120 at SUSECVE-2018-15120 at NVDcpe:/o:suse:sle-micro:5.3libpcap1-1.10.1-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpcap1-1.10.1-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15161 at SUSECVE-2019-15161 at NVDCVE-2019-15162 at SUSECVE-2019-15162 at NVDCVE-2019-15163 at SUSECVE-2019-15163 at NVDCVE-2019-15164 at SUSECVE-2019-15164 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:sle-micro:5.3libpcre1-8.45-150000.20.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpcre1-8.45-150000.20.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sle-micro:5.3libpcre2-8-0-10.39-150400.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpcre2-8-0-10.39-150400.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDCVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:sle-micro:5.3libpcsclite1-1.9.4-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpcsclite1-1.9.4-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:sle-micro:5.3libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sle-micro:5.3libpolkit0-0.116-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpolkit0-0.116-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDCVE-2021-3560 at SUSECVE-2021-3560 at NVDCVE-2021-4034 at SUSECVE-2021-4034 at NVDCVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:sle-micro:5.3libprocps7-3.3.15-150000.7.25.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libprocps7-3.3.15-150000.7.25.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:sle-micro:5.3libprotobuf-lite20-3.9.2-4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libprotobuf-lite20-3.9.2-4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-22570 at SUSECVE-2021-22570 at NVDcpe:/o:suse:sle-micro:5.3libproxy1-0.4.17-150400.1.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libproxy1-0.4.17-150400.1.8 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:sle-micro:5.3libpython3_6m1_0-3.6.15-150300.10.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libpython3_6m1_0-3.6.15-150300.10.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2015-20107 at SUSECVE-2015-20107 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDCVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3572 at SUSECVE-2021-3572 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:sle-micro:5.3librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDCVE-2019-10222 at SUSECVE-2019-10222 at NVDCVE-2019-3821 at SUSECVE-2019-3821 at NVDCVE-2020-10736 at SUSECVE-2020-10736 at NVDCVE-2020-1759 at SUSECVE-2020-1759 at NVDCVE-2020-1760 at SUSECVE-2020-1760 at NVDCVE-2020-25660 at SUSECVE-2020-25660 at NVDCVE-2020-25678 at SUSECVE-2020-25678 at NVDCVE-2020-27781 at SUSECVE-2020-27781 at NVDCVE-2020-27839 at SUSECVE-2020-27839 at NVDCVE-2021-20288 at SUSECVE-2021-20288 at NVDCVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDCVE-2021-3979 at SUSECVE-2021-3979 at NVDcpe:/o:suse:sle-micro:5.3libseccomp2-2.5.3-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libseccomp2-2.5.3-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:sle-micro:5.3libslirp0-4.3.1-150300.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libslirp0-4.3.1-150300.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:sle-micro:5.3libsnmp30-5.7.3-10.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libsnmp30-5.7.3-10.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-5621 at SUSECVE-2015-5621 at NVDCVE-2018-18065 at SUSECVE-2018-18065 at NVDCVE-2020-15862 at SUSECVE-2020-15862 at NVDcpe:/o:suse:sle-micro:5.3libsolv-tools-0.7.22-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libsolv-tools-0.7.22-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sle-micro:5.3libsoup-2_4-1-2.74.2-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libsoup-2_4-1-2.74.2-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-2885 at SUSECVE-2017-2885 at NVDCVE-2018-12910 at SUSECVE-2018-12910 at NVDcpe:/o:suse:sle-micro:5.3libspice-server1-0.15.0-150400.2.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libspice-server1-0.15.0-150400.2.8 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDCVE-2019-3813 at SUSECVE-2019-3813 at NVDCVE-2020-14355 at SUSECVE-2020-14355 at NVDCVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:sle-micro:5.3libsqlite3-0-3.36.0-3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libsqlite3-0-3.36.0-3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:sle-micro:5.3libssh-config-0.9.6-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libssh-config-0.9.6-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-16135 at SUSECVE-2020-16135 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDCVE-2021-3634 at SUSECVE-2021-3634 at NVDcpe:/o:suse:sle-micro:5.3libssh2-1-1.9.0-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:sle-micro:5.3libsss_certmap0-2.5.2-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libsss_certmap0-2.5.2-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-12173 at SUSECVE-2017-12173 at NVDCVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2018-16838 at SUSECVE-2018-16838 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDCVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:sle-micro:5.3libsystemd0-249.12-150400.8.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libsystemd0-249.12-150400.8.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDCVE-2021-33910 at SUSECVE-2021-33910 at NVDCVE-2021-3997 at SUSECVE-2021-3997 at NVDcpe:/o:suse:sle-micro:5.3libtasn1-4.13-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libtasn1-4.13-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDcpe:/o:suse:sle-micro:5.3libtiff5-4.0.9-150000.45.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libtiff5-4.0.9-150000.45.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2012-4564 at SUSECVE-2012-4564 at NVDCVE-2013-1960 at SUSECVE-2013-1960 at NVDCVE-2013-1961 at SUSECVE-2013-1961 at NVDCVE-2013-4231 at SUSECVE-2013-4231 at NVDCVE-2013-4232 at SUSECVE-2013-4232 at NVDCVE-2013-4243 at SUSECVE-2013-4243 at NVDCVE-2013-4244 at SUSECVE-2013-4244 at NVDCVE-2014-8127 at SUSECVE-2014-8127 at NVDCVE-2014-8128 at SUSECVE-2014-8128 at NVDCVE-2014-8129 at SUSECVE-2014-8129 at NVDCVE-2014-8130 at SUSECVE-2014-8130 at NVDCVE-2014-9655 at SUSECVE-2014-9655 at NVDCVE-2015-1547 at SUSECVE-2015-1547 at NVDCVE-2015-7554 at SUSECVE-2015-7554 at NVDCVE-2015-8665 at SUSECVE-2015-8665 at NVDCVE-2015-8683 at SUSECVE-2015-8683 at NVDCVE-2015-8781 at SUSECVE-2015-8781 at NVDCVE-2015-8782 at SUSECVE-2015-8782 at NVDCVE-2015-8783 at SUSECVE-2015-8783 at NVDCVE-2016-10092 at SUSECVE-2016-10092 at NVDCVE-2016-10093 at SUSECVE-2016-10093 at NVDCVE-2016-10094 at SUSECVE-2016-10094 at NVDCVE-2016-10095 at SUSECVE-2016-10095 at NVDCVE-2016-10266 at SUSECVE-2016-10266 at NVDCVE-2016-10267 at SUSECVE-2016-10267 at NVDCVE-2016-10268 at SUSECVE-2016-10268 at NVDCVE-2016-10269 at SUSECVE-2016-10269 at NVDCVE-2016-10270 at SUSECVE-2016-10270 at NVDCVE-2016-10271 at SUSECVE-2016-10271 at NVDCVE-2016-10272 at SUSECVE-2016-10272 at NVDCVE-2016-10371 at SUSECVE-2016-10371 at NVDCVE-2016-3186 at SUSECVE-2016-3186 at NVDCVE-2016-3622 at SUSECVE-2016-3622 at NVDCVE-2016-3623 at SUSECVE-2016-3623 at NVDCVE-2016-3658 at SUSECVE-2016-3658 at NVDCVE-2016-3945 at SUSECVE-2016-3945 at NVDCVE-2016-3990 at SUSECVE-2016-3990 at NVDCVE-2016-3991 at SUSECVE-2016-3991 at NVDCVE-2016-5314 at SUSECVE-2016-5314 at NVDCVE-2016-5316 at SUSECVE-2016-5316 at NVDCVE-2016-5317 at SUSECVE-2016-5317 at NVDCVE-2016-5318 at SUSECVE-2016-5318 at NVDCVE-2016-5320 at SUSECVE-2016-5320 at NVDCVE-2016-5321 at SUSECVE-2016-5321 at NVDCVE-2016-5323 at SUSECVE-2016-5323 at NVDCVE-2016-5652 at SUSECVE-2016-5652 at NVDCVE-2016-5875 at SUSECVE-2016-5875 at NVDCVE-2016-6223 at SUSECVE-2016-6223 at NVDCVE-2016-9273 at SUSECVE-2016-9273 at NVDCVE-2016-9297 at SUSECVE-2016-9297 at NVDCVE-2016-9448 at SUSECVE-2016-9448 at NVDCVE-2016-9453 at SUSECVE-2016-9453 at NVDCVE-2016-9538 at SUSECVE-2016-9538 at NVDCVE-2017-11613 at SUSECVE-2017-11613 at NVDCVE-2017-12944 at SUSECVE-2017-12944 at NVDCVE-2017-16232 at SUSECVE-2017-16232 at NVDCVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2017-18013 at SUSECVE-2017-18013 at NVDCVE-2017-5225 at SUSECVE-2017-5225 at NVDCVE-2017-7592 at SUSECVE-2017-7592 at NVDCVE-2017-7593 at SUSECVE-2017-7593 at NVDCVE-2017-7594 at SUSECVE-2017-7594 at NVDCVE-2017-7595 at SUSECVE-2017-7595 at NVDCVE-2017-7596 at SUSECVE-2017-7596 at NVDCVE-2017-7597 at SUSECVE-2017-7597 at NVDCVE-2017-7598 at SUSECVE-2017-7598 at NVDCVE-2017-7599 at SUSECVE-2017-7599 at NVDCVE-2017-7600 at SUSECVE-2017-7600 at NVDCVE-2017-7601 at SUSECVE-2017-7601 at NVDCVE-2017-7602 at SUSECVE-2017-7602 at NVDCVE-2017-9403 at SUSECVE-2017-9403 at NVDCVE-2017-9404 at SUSECVE-2017-9404 at NVDCVE-2017-9935 at SUSECVE-2017-9935 at NVDCVE-2017-9936 at SUSECVE-2017-9936 at NVDCVE-2018-10779 at SUSECVE-2018-10779 at NVDCVE-2018-10963 at SUSECVE-2018-10963 at NVDCVE-2018-12900 at SUSECVE-2018-12900 at NVDCVE-2018-16335 at SUSECVE-2018-16335 at NVDCVE-2018-17000 at SUSECVE-2018-17000 at NVDCVE-2018-17100 at SUSECVE-2018-17100 at NVDCVE-2018-17101 at SUSECVE-2018-17101 at NVDCVE-2018-17795 at SUSECVE-2018-17795 at NVDCVE-2018-18557 at SUSECVE-2018-18557 at NVDCVE-2018-18661 at SUSECVE-2018-18661 at NVDCVE-2018-19210 at SUSECVE-2018-19210 at NVDCVE-2018-5784 at SUSECVE-2018-5784 at NVDCVE-2018-7456 at SUSECVE-2018-7456 at NVDCVE-2018-8905 at SUSECVE-2018-8905 at NVDCVE-2019-14973 at SUSECVE-2019-14973 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2019-6128 at SUSECVE-2019-6128 at NVDCVE-2019-7663 at SUSECVE-2019-7663 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-0562 at SUSECVE-2022-0562 at NVDCVE-2022-0865 at SUSECVE-2022-0865 at NVDCVE-2022-0891 at SUSECVE-2022-0891 at NVDCVE-2022-0908 at SUSECVE-2022-0908 at NVDCVE-2022-0909 at SUSECVE-2022-0909 at NVDCVE-2022-0924 at SUSECVE-2022-0924 at NVDCVE-2022-1056 at SUSECVE-2022-1056 at NVDCVE-2022-2056 at SUSECVE-2022-2056 at NVDCVE-2022-2057 at SUSECVE-2022-2057 at NVDCVE-2022-2058 at SUSECVE-2022-2058 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDcpe:/o:suse:sle-micro:5.3libtirpc-netconfig-1.2.6-150300.3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libtirpc-netconfig-1.2.6-150300.3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-4429 at SUSECVE-2016-4429 at NVDcpe:/o:suse:sle-micro:5.3libtpms0-0.8.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libtpms0-0.8.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-3446 at SUSECVE-2021-3446 at NVDCVE-2021-3505 at SUSECVE-2021-3505 at NVDCVE-2021-3746 at SUSECVE-2021-3746 at NVDcpe:/o:suse:sle-micro:5.3libtss2-esys0-3.1.0-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libtss2-esys0-3.1.0-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-24455 at SUSECVE-2020-24455 at NVDcpe:/o:suse:sle-micro:5.3libudisks2-0-2.9.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libudisks2-0-2.9.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-17336 at SUSECVE-2018-17336 at NVDCVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:sle-micro:5.3libunwind-1.5.0-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:sle-micro:5.3libvirglrenderer1-0.9.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libvirglrenderer1-0.9.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDCVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDCVE-2019-18392 at SUSECVE-2019-18392 at NVDCVE-2020-8002 at SUSECVE-2020-8002 at NVDCVE-2020-8003 at SUSECVE-2020-8003 at NVDCVE-2022-0135 at SUSECVE-2022-0135 at NVDCVE-2022-0175 at SUSECVE-2022-0175 at NVDcpe:/o:suse:sle-micro:5.3libvirt-client-8.0.0-150400.5.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libvirt-client-8.0.0-150400.5.8 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDCVE-2021-3631 at SUSECVE-2021-3631 at NVDCVE-2021-3667 at SUSECVE-2021-3667 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDCVE-2022-0897 at SUSECVE-2022-0897 at NVDcpe:/o:suse:sle-micro:5.3libvmtools0-12.1.0-150300.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libvmtools0-12.1.0-150300.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDCVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:sle-micro:5.3libvorbis0-1.3.6-150000.4.5.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libvorbis0-1.3.6-150000.4.5.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:sle-micro:5.3libxkbcommon0-1.3.0-150400.1.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libxkbcommon0-1.3.0-150400.1.13 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:sle-micro:5.3libxml2-2-2.9.14-150400.5.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libxml2-2-2.9.14-150400.5.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDCVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDCVE-2021-3541 at SUSECVE-2021-3541 at NVDCVE-2022-23308 at SUSECVE-2022-23308 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:sle-micro:5.3libxslt1-1.1.34-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libxslt1-1.1.34-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDcpe:/o:suse:sle-micro:5.3libyajl2-2.1.0-150000.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libyajl2-2.1.0-150000.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2022-24795 at SUSECVE-2022-24795 at NVDcpe:/o:suse:sle-micro:5.3libyaml-cpp0_6-0.6.3-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libyaml-cpp0_6-0.6.3-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDCVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:sle-micro:5.3libz1-1.2.11-150000.3.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libz1-1.2.11-150000.3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2018-25032 at SUSECVE-2018-25032 at NVDCVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:sle-micro:5.3libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:sle-micro:5.3libzstd1-1.5.0-150400.1.71 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libzstd1-1.5.0-150400.1.71 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDcpe:/o:suse:sle-micro:5.3libzypp-17.31.0-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the libzypp-17.31.0-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sle-micro:5.3login_defs-4.8.1-150400.8.57 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the login_defs-4.8.1-150400.8.57 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:sle-micro:5.3logrotate-3.18.1-150400.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the logrotate-3.18.1-150400.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-3864 at SUSECVE-2021-3864 at NVDCVE-2022-1348 at SUSECVE-2022-1348 at NVDcpe:/o:suse:sle-micro:5.3mozilla-nspr-4.34-150000.3.23.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the mozilla-nspr-4.34-150000.3.23.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:sle-micro:5.3nfs-client-2.1.1-150100.10.24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the nfs-client-2.1.1-150100.10.24.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:sle-micro:5.3opensc-0.22.0-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the opensc-0.22.0-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16421 at SUSECVE-2018-16421 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16424 at SUSECVE-2018-16424 at NVDCVE-2018-16425 at SUSECVE-2018-16425 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDCVE-2019-15945 at SUSECVE-2019-15945 at NVDCVE-2019-15946 at SUSECVE-2019-15946 at NVDCVE-2019-19479 at SUSECVE-2019-19479 at NVDCVE-2019-19480 at SUSECVE-2019-19480 at NVDCVE-2019-20792 at SUSECVE-2019-20792 at NVDCVE-2019-6502 at SUSECVE-2019-6502 at NVDCVE-2020-26570 at SUSECVE-2020-26570 at NVDCVE-2020-26571 at SUSECVE-2020-26571 at NVDCVE-2020-26572 at SUSECVE-2020-26572 at NVDCVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:sle-micro:5.3openslp-2.0.0-6.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:sle-micro:5.3openssh-8.4p1-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the openssh-8.4p1-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDCVE-2021-28041 at SUSECVE-2021-28041 at NVDCVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:sle-micro:5.3openssl-1.1.1l-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the openssl-1.1.1l-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:sle-micro:5.3pam-1.3.0-150000.6.58.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the pam-1.3.0-150000.6.58.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:sle-micro:5.3pam_u2f-1.2.0-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the pam_u2f-1.2.0-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-12209 at SUSECVE-2019-12209 at NVDCVE-2019-12210 at SUSECVE-2019-12210 at NVDCVE-2021-31924 at SUSECVE-2021-31924 at NVDcpe:/o:suse:sle-micro:5.3perl-5.26.1-150300.17.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the perl-5.26.1-150300.17.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:sle-micro:5.3perl-ExtUtils-MakeMaker-7.62-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the perl-ExtUtils-MakeMaker-7.62-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-1238 at SUSECVE-2016-1238 at NVDcpe:/o:suse:sle-micro:5.3permissions-20201225-150400.5.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the permissions-20201225-150400.5.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDcpe:/o:suse:sle-micro:5.3podman-3.4.7-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the podman-3.4.7-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-1227 at SUSECVE-2022-1227 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:sle-micro:5.3policycoreutils-3.1-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the policycoreutils-3.1-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:sle-micro:5.3powerpc-utils-1.3.10-150400.19.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the powerpc-utils-1.3.10-150400.19.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:sle-micro:5.3procmail-3.22-2.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:sle-micro:5.3python3-Babel-2.8.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-Babel-2.8.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:sle-micro:5.3python3-Jinja2-2.10.1-3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:sle-micro:5.3python3-M2Crypto-0.38.0-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-M2Crypto-0.38.0-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.3python3-PyYAML-5.4.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:sle-micro:5.3python3-cryptography-3.3.2-150400.16.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-cryptography-3.3.2-150400.16.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:sle-micro:5.3python3-lxml-4.7.1-150200.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-lxml-4.7.1-150200.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-19787 at SUSECVE-2018-19787 at NVDCVE-2020-27783 at SUSECVE-2020-27783 at NVDCVE-2021-28957 at SUSECVE-2021-28957 at NVDCVE-2021-43818 at SUSECVE-2021-43818 at NVDCVE-2022-2309 at SUSECVE-2022-2309 at NVDcpe:/o:suse:sle-micro:5.3python3-py-1.10.0-150000.5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-py-1.10.0-150000.5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-29651 at SUSECVE-2020-29651 at NVDcpe:/o:suse:sle-micro:5.3python3-requests-2.24.0-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sle-micro:5.3python3-rsa-3.4.2-3.4.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-rsa-3.4.2-3.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-13757 at SUSECVE-2020-13757 at NVDcpe:/o:suse:sle-micro:5.3python3-salt-3004-150400.8.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-salt-3004-150400.8.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-21996 at SUSECVE-2021-21996 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDCVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDCVE-2022-22967 at SUSECVE-2022-22967 at NVDcpe:/o:suse:sle-micro:5.3python3-setuptools-44.1.1-150400.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-setuptools-44.1.1-150400.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sle-micro:5.3python3-urllib3-1.25.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2018-20060 at SUSECVE-2018-20060 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:sle-micro:5.3qemu-6.2.0-150400.37.5.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the qemu-6.2.0-150400.37.5.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10717 at SUSECVE-2020-10717 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-17380 at SUSECVE-2020-17380 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-20263 at SUSECVE-2021-20263 at NVDCVE-2021-3409 at SUSECVE-2021-3409 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDCVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDCVE-2021-3929 at SUSECVE-2021-3929 at NVDCVE-2021-4158 at SUSECVE-2021-4158 at NVDCVE-2021-4206 at SUSECVE-2021-4206 at NVDCVE-2021-4207 at SUSECVE-2021-4207 at NVDCVE-2022-0358 at SUSECVE-2022-0358 at NVDCVE-2022-26353 at SUSECVE-2022-26353 at NVDCVE-2022-26354 at SUSECVE-2022-26354 at NVDcpe:/o:suse:sle-micro:5.3qemu-ovmf-x86_64-202202-150400.3.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the qemu-ovmf-x86_64-202202-150400.3.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDCVE-2019-0161 at SUSECVE-2019-0161 at NVDCVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14558 at SUSECVE-2019-14558 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14562 at SUSECVE-2019-14562 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2019-14586 at SUSECVE-2019-14586 at NVDCVE-2019-14587 at SUSECVE-2019-14587 at NVDCVE-2021-28210 at SUSECVE-2021-28210 at NVDCVE-2021-28211 at SUSECVE-2021-28211 at NVDcpe:/o:suse:sle-micro:5.3rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:sle-micro:5.3rpm-4.14.3-150300.49.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the rpm-4.14.3-150300.49.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:sle-micro:5.3rsync-3.2.3-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the rsync-3.2.3-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDCVE-2020-14387 at SUSECVE-2020-14387 at NVDCVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:sle-micro:5.3runc-1.1.3-150000.30.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the runc-1.1.3-150000.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-43784 at SUSECVE-2021-43784 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDcpe:/o:suse:sle-micro:5.3samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the samba-client-libs-4.15.8+git.500.d5910280cc7-150400.3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-8143 at SUSECVE-2014-8143 at NVDCVE-2015-0240 at SUSECVE-2015-0240 at NVDCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5252 at SUSECVE-2015-5252 at NVDCVE-2015-5296 at SUSECVE-2015-5296 at NVDCVE-2015-5299 at SUSECVE-2015-5299 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2015-5370 at SUSECVE-2015-5370 at NVDCVE-2015-7560 at SUSECVE-2015-7560 at NVDCVE-2015-8467 at SUSECVE-2015-8467 at NVDCVE-2015-8543 at SUSECVE-2015-8543 at NVDCVE-2016-0771 at SUSECVE-2016-0771 at NVDCVE-2016-2110 at SUSECVE-2016-2110 at NVDCVE-2016-2111 at SUSECVE-2016-2111 at NVDCVE-2016-2112 at SUSECVE-2016-2112 at NVDCVE-2016-2113 at SUSECVE-2016-2113 at NVDCVE-2016-2115 at SUSECVE-2016-2115 at NVDCVE-2016-2118 at SUSECVE-2016-2118 at NVDCVE-2016-2119 at SUSECVE-2016-2119 at NVDCVE-2016-2123 at SUSECVE-2016-2123 at NVDCVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2016-2125 at SUSECVE-2016-2125 at NVDCVE-2016-2126 at SUSECVE-2016-2126 at NVDCVE-2017-11103 at SUSECVE-2017-11103 at NVDCVE-2017-12150 at SUSECVE-2017-12150 at NVDCVE-2017-12151 at SUSECVE-2017-12151 at NVDCVE-2017-12163 at SUSECVE-2017-12163 at NVDCVE-2017-14746 at SUSECVE-2017-14746 at NVDCVE-2017-15275 at SUSECVE-2017-15275 at NVDCVE-2017-2619 at SUSECVE-2017-2619 at NVDCVE-2017-7494 at SUSECVE-2017-7494 at NVDCVE-2018-1050 at SUSECVE-2018-1050 at NVDCVE-2018-1057 at SUSECVE-2018-1057 at NVDCVE-2018-10858 at SUSECVE-2018-10858 at NVDCVE-2018-10918 at SUSECVE-2018-10918 at NVDCVE-2018-10919 at SUSECVE-2018-10919 at NVDCVE-2018-1139 at SUSECVE-2018-1139 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2018-14629 at SUSECVE-2018-14629 at NVDCVE-2018-16841 at SUSECVE-2018-16841 at NVDCVE-2018-16851 at SUSECVE-2018-16851 at NVDCVE-2018-16852 at SUSECVE-2018-16852 at NVDCVE-2018-16853 at SUSECVE-2018-16853 at NVDCVE-2018-16857 at SUSECVE-2018-16857 at NVDCVE-2018-16860 at SUSECVE-2018-16860 at NVDCVE-2019-10197 at SUSECVE-2019-10197 at NVDCVE-2019-10218 at SUSECVE-2019-10218 at NVDCVE-2019-12435 at SUSECVE-2019-12435 at NVDCVE-2019-12436 at SUSECVE-2019-12436 at NVDCVE-2019-14833 at SUSECVE-2019-14833 at NVDCVE-2019-14847 at SUSECVE-2019-14847 at NVDCVE-2019-14861 at SUSECVE-2019-14861 at NVDCVE-2019-14870 at SUSECVE-2019-14870 at NVDCVE-2019-14902 at SUSECVE-2019-14902 at NVDCVE-2019-14907 at SUSECVE-2019-14907 at NVDCVE-2019-19344 at SUSECVE-2019-19344 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2019-3870 at SUSECVE-2019-3870 at NVDCVE-2019-3880 at SUSECVE-2019-3880 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10704 at SUSECVE-2020-10704 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-10745 at SUSECVE-2020-10745 at NVDCVE-2020-10760 at SUSECVE-2020-10760 at NVDCVE-2020-14303 at SUSECVE-2020-14303 at NVDCVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDCVE-2020-1472 at SUSECVE-2020-1472 at NVDCVE-2020-17049 at SUSECVE-2020-17049 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-25719 at SUSECVE-2020-25719 at NVDCVE-2020-25721 at SUSECVE-2020-25721 at NVDCVE-2020-25722 at SUSECVE-2020-25722 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20254 at SUSECVE-2021-20254 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-23192 at SUSECVE-2021-23192 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDCVE-2021-44141 at SUSECVE-2021-44141 at NVDCVE-2021-44142 at SUSECVE-2021-44142 at NVDCVE-2022-0336 at SUSECVE-2022-0336 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDcpe:/o:suse:sle-micro:5.3shim-15.4-4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDcpe:/o:suse:sle-micro:5.3slirp4netns-0.4.7-3.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the slirp4netns-0.4.7-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:sle-micro:5.3socat-1.7.3.2-4.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the socat-1.7.3.2-4.10 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-3571 at SUSECVE-2013-3571 at NVDCVE-2014-0019 at SUSECVE-2014-0019 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sle-micro:5.3squashfs-4.4-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDcpe:/o:suse:sle-micro:5.3sudo-1.9.9-150400.2.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the sudo-1.9.9-150400.2.5 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:sle-micro:5.3supportutils-3.1.20-150300.7.35.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the supportutils-3.1.20-150300.7.35.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:sle-micro:5.3swtpm-0.5.3-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the swtpm-0.5.3-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2020-28407 at SUSECVE-2020-28407 at NVDCVE-2022-23645 at SUSECVE-2022-23645 at NVDcpe:/o:suse:sle-micro:5.3sysstat-12.0.2-3.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the sysstat-12.0.2-3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDCVE-2019-16167 at SUSECVE-2019-16167 at NVDCVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:sle-micro:5.3tar-1.34-150000.3.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the tar-1.34-150000.3.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:sle-micro:5.3tpm2.0-tools-5.2-150400.4.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the tpm2.0-tools-5.2-150400.4.6 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-7524 at SUSECVE-2017-7524 at NVDCVE-2021-3565 at SUSECVE-2021-3565 at NVDcpe:/o:suse:sle-micro:5.3trousers-0.3.15-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the trousers-0.3.15-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-18898 at SUSECVE-2019-18898 at NVDCVE-2020-24330 at SUSECVE-2020-24330 at NVDCVE-2020-24331 at SUSECVE-2020-24331 at NVDCVE-2020-24332 at SUSECVE-2020-24332 at NVDcpe:/o:suse:sle-micro:5.3u-boot-rpiarm64-2021.10-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the u-boot-rpiarm64-2021.10-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2018-18439 at SUSECVE-2018-18439 at NVDCVE-2018-18440 at SUSECVE-2018-18440 at NVDCVE-2020-10648 at SUSECVE-2020-10648 at NVDCVE-2020-8432 at SUSECVE-2020-8432 at NVDCVE-2022-30552 at SUSECVE-2022-30552 at NVDCVE-2022-30767 at SUSECVE-2022-30767 at NVDCVE-2022-30790 at SUSECVE-2022-30790 at NVDCVE-2022-33103 at SUSECVE-2022-33103 at NVDCVE-2022-33967 at SUSECVE-2022-33967 at NVDCVE-2022-34835 at SUSECVE-2022-34835 at NVDcpe:/o:suse:sle-micro:5.3ucode-intel-20220809-150200.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the ucode-intel-20220809-150200.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDCVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDCVE-2022-21151 at SUSECVE-2022-21151 at NVDCVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:sle-micro:5.3update-alternatives-1.19.0.4-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the update-alternatives-1.19.0.4-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:sle-micro:5.3vim-data-common-9.0.0313-150000.5.25.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the vim-data-common-9.0.0313-150000.5.25.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDcpe:/o:suse:sle-micro:5.3virt-install-4.0.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the virt-install-4.0.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-10183 at SUSECVE-2019-10183 at NVDcpe:/o:suse:sle-micro:5.3wicked-0.6.69-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the wicked-0.6.69-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:sle-micro:5.3wpa_supplicant-2.9-150000.4.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the wpa_supplicant-2.9-150000.4.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDCVE-2021-27803 at SUSECVE-2021-27803 at NVDCVE-2021-30004 at SUSECVE-2021-30004 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:sle-micro:5.3xen-libs-4.16.1_06-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the xen-libs-4.16.1_06-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29040 at SUSECVE-2020-29040 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29567 at SUSECVE-2020-29567 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDCVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDCVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:sle-micro:5.3zypper-1.14.55-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.3
These are all security issues fixed in the zypper-1.14.55-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.3. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:sle-micro:5.3NetworkManager-1.38.2-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the NetworkManager-1.38.2-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2020-10754 at SUSECVE-2020-10754 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2021-20297 at SUSECVE-2021-20297 at NVDcpe:/o:suse:sle-micro:5.4afterburn-5.2.0-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the afterburn-5.2.0-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-35905 at SUSECVE-2020-35905 at NVDCVE-2020-36465 at SUSECVE-2020-36465 at NVDCVE-2021-27378 at SUSECVE-2021-27378 at NVDCVE-2021-32714 at SUSECVE-2021-32714 at NVDCVE-2021-32715 at SUSECVE-2021-32715 at NVDCVE-2021-38191 at SUSECVE-2021-38191 at NVDCVE-2021-45710 at SUSECVE-2021-45710 at NVDcpe:/o:suse:sle-micro:5.4aide-0.16-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the aide-0.16-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:sle-micro:5.4apparmor-parser-3.0.4-150400.5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the apparmor-parser-3.0.4-150400.5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.4augeas-1.12.0-150400.3.3.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the augeas-1.12.0-150400.3.3.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:sle-micro:5.4avahi-0.8-150400.5.73 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the avahi-0.8-150400.5.73 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-6519 at SUSECVE-2017-6519 at NVDCVE-2018-1000845 at SUSECVE-2018-1000845 at NVDCVE-2021-26720 at SUSECVE-2021-26720 at NVDCVE-2021-3468 at SUSECVE-2021-3468 at NVDCVE-2021-3502 at SUSECVE-2021-3502 at NVDcpe:/o:suse:sle-micro:5.4aws-cli-1.24.4-150200.30.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the aws-cli-1.24.4-150200.30.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15869 at SUSECVE-2018-15869 at NVDcpe:/o:suse:sle-micro:5.4bash-4.4-150400.25.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the bash-4.4-150400.25.22 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:sle-micro:5.4bcm43xx-firmware-20180314-150400.28.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the bcm43xx-firmware-20180314-150400.28.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-10370 at SUSECVE-2020-10370 at NVDcpe:/o:suse:sle-micro:5.4btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:sle-micro:5.4bzip2-1.0.8-150400.1.122 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the bzip2-1.0.8-150400.1.122 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sle-micro:5.4chrony-4.1-150400.19.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the chrony-4.1-150400.19.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDCVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:sle-micro:5.4cifs-utils-6.15-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cifs-utils-6.15-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-14342 at SUSECVE-2020-14342 at NVDCVE-2021-20208 at SUSECVE-2021-20208 at NVDCVE-2022-27239 at SUSECVE-2022-27239 at NVDCVE-2022-29869 at SUSECVE-2022-29869 at NVDcpe:/o:suse:sle-micro:5.4cni-0.7.1-150100.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cni-0.7.1-150100.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.4cni-plugins-0.8.6-150100.3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cni-plugins-0.8.6-150100.3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.4conmon-2.1.5-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the conmon-2.1.5-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-1708 at SUSECVE-2022-1708 at NVDcpe:/o:suse:sle-micro:5.4conntrack-tools-1.4.5-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the conntrack-tools-1.4.5-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-6496 at SUSECVE-2015-6496 at NVDcpe:/o:suse:sle-micro:5.4containerd-1.6.12-150000.79.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the containerd-1.6.12-150000.79.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-23471 at SUSECVE-2022-23471 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-31030 at SUSECVE-2022-31030 at NVDcpe:/o:suse:sle-micro:5.4containerized-data-importer-manifests-1.51.0-150400.4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the containerized-data-importer-manifests-1.51.0-150400.4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.4coolkey-1.1.0-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:sle-micro:5.4coreutils-8.32-150400.7.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the coreutils-8.32-150400.7.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:sle-micro:5.4cpio-2.13-150400.1.98 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cpio-2.13-150400.1.98 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2015-1197 at SUSECVE-2015-1197 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDCVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sle-micro:5.4cracklib-2.9.7-11.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:sle-micro:5.4cryptsetup-2.4.3-150400.1.110 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cryptsetup-2.4.3-150400.1.110 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-14382 at SUSECVE-2020-14382 at NVDCVE-2021-4122 at SUSECVE-2021-4122 at NVDcpe:/o:suse:sle-micro:5.4cups-config-2.2.7-150000.3.35.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cups-config-2.2.7-150000.3.35.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2012-5519 at SUSECVE-2012-5519 at NVDCVE-2014-3537 at SUSECVE-2014-3537 at NVDCVE-2014-5029 at SUSECVE-2014-5029 at NVDCVE-2014-5030 at SUSECVE-2014-5030 at NVDCVE-2014-5031 at SUSECVE-2014-5031 at NVDCVE-2015-1158 at SUSECVE-2015-1158 at NVDCVE-2015-1159 at SUSECVE-2015-1159 at NVDCVE-2017-18248 at SUSECVE-2017-18248 at NVDCVE-2018-4180 at SUSECVE-2018-4180 at NVDCVE-2018-4181 at SUSECVE-2018-4181 at NVDCVE-2018-4182 at SUSECVE-2018-4182 at NVDCVE-2018-4183 at SUSECVE-2018-4183 at NVDCVE-2018-4700 at SUSECVE-2018-4700 at NVDCVE-2019-8675 at SUSECVE-2019-8675 at NVDCVE-2019-8696 at SUSECVE-2019-8696 at NVDCVE-2019-8842 at SUSECVE-2019-8842 at NVDCVE-2020-10001 at SUSECVE-2020-10001 at NVDCVE-2020-3898 at SUSECVE-2020-3898 at NVDCVE-2021-25317 at SUSECVE-2021-25317 at NVDCVE-2022-26691 at SUSECVE-2022-26691 at NVDcpe:/o:suse:sle-micro:5.4curl-7.79.1-150400.5.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the curl-7.79.1-150400.5.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-15601 at SUSECVE-2019-15601 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22297 at SUSECVE-2021-22297 at NVDCVE-2021-22298 at SUSECVE-2021-22298 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDCVE-2021-22901 at SUSECVE-2021-22901 at NVDCVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDCVE-2021-22945 at SUSECVE-2021-22945 at NVDCVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDCVE-2022-22576 at SUSECVE-2022-22576 at NVDCVE-2022-27774 at SUSECVE-2022-27774 at NVDCVE-2022-27775 at SUSECVE-2022-27775 at NVDCVE-2022-27776 at SUSECVE-2022-27776 at NVDCVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-32205 at SUSECVE-2022-32205 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32207 at SUSECVE-2022-32207 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDCVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDCVE-2022-42916 at SUSECVE-2022-42916 at NVDCVE-2022-43551 at SUSECVE-2022-43551 at NVDCVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23914 at SUSECVE-2023-23914 at NVDCVE-2023-23915 at SUSECVE-2023-23915 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDcpe:/o:suse:sle-micro:5.4cyrus-sasl-2.1.27-150300.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the cyrus-sasl-2.1.27-150300.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-19906 at SUSECVE-2019-19906 at NVDCVE-2020-8032 at SUSECVE-2020-8032 at NVDCVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:sle-micro:5.4db48-utils-4.8.30-150000.7.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the db48-utils-4.8.30-150000.7.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-2708 at SUSECVE-2019-2708 at NVDcpe:/o:suse:sle-micro:5.4dbus-1-1.12.2-150400.18.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the dbus-1-1.12.2-150400.18.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDCVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDCVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:sle-micro:5.4dnsmasq-2.86-150400.14.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the dnsmasq-2.86-150400.14.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDCVE-2017-15107 at SUSECVE-2017-15107 at NVDCVE-2019-14834 at SUSECVE-2019-14834 at NVDCVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:sle-micro:5.4docker-20.10.17_ce-150000.169.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the docker-20.10.17_ce-150000.169.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:sle-micro:5.4docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDcpe:/o:suse:sle-micro:5.4docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDcpe:/o:suse:sle-micro:5.4dracut-055+suse.331.g05b9ccb7-150400.3.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the dracut-055+suse.331.g05b9ccb7-150400.3.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:sle-micro:5.4e2fsprogs-1.46.4-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the e2fsprogs-1.46.4-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDCVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:sle-micro:5.4elfutils-0.185-150400.5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the elfutils-0.185-150400.5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7146 at SUSECVE-2019-7146 at NVDCVE-2019-7148 at SUSECVE-2019-7148 at NVDCVE-2019-7149 at SUSECVE-2019-7149 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7664 at SUSECVE-2019-7664 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:sle-micro:5.4file-5.32-7.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:sle-micro:5.4firewalld-0.9.3-150400.8.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the firewalld-0.9.3-150400.8.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:sle-micro:5.4fuse-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the fuse-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:sle-micro:5.4gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.52.9-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-11464 at SUSECVE-2017-11464 at NVDCVE-2019-20446 at SUSECVE-2019-20446 at NVDCVE-2021-25900 at SUSECVE-2021-25900 at NVDcpe:/o:suse:sle-micro:5.4gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-7552 at SUSECVE-2015-7552 at NVDCVE-2015-7673 at SUSECVE-2015-7673 at NVDCVE-2015-7674 at SUSECVE-2015-7674 at NVDCVE-2016-6352 at SUSECVE-2016-6352 at NVDCVE-2017-2862 at SUSECVE-2017-2862 at NVDCVE-2017-2870 at SUSECVE-2017-2870 at NVDCVE-2017-6312 at SUSECVE-2017-6312 at NVDCVE-2017-6313 at SUSECVE-2017-6313 at NVDCVE-2020-29385 at SUSECVE-2020-29385 at NVDCVE-2021-44648 at SUSECVE-2021-44648 at NVDCVE-2021-46829 at SUSECVE-2021-46829 at NVDcpe:/o:suse:sle-micro:5.4glib-networking-2.70.1-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the glib-networking-2.70.1-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:sle-micro:5.4glib2-tools-2.70.5-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the glib2-tools-2.70.5-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDCVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:sle-micro:5.4glibc-2.31-150300.41.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the glibc-2.31-150300.41.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10228 at SUSECVE-2016-10228 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDCVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDCVE-2021-27645 at SUSECVE-2021-27645 at NVDCVE-2021-3326 at SUSECVE-2021-3326 at NVDCVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDCVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:sle-micro:5.4gnutls-3.7.3-150400.4.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gnutls-3.7.3-150400.4.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-10790 at SUSECVE-2017-10790 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDCVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDCVE-2022-2509 at SUSECVE-2022-2509 at NVDCVE-2023-0361 at SUSECVE-2023-0361 at NVDcpe:/o:suse:sle-micro:5.4gpg2-2.2.27-150300.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gpg2-2.2.27-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDCVE-2019-14855 at SUSECVE-2019-14855 at NVDCVE-2020-25125 at SUSECVE-2020-25125 at NVDCVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:sle-micro:5.4gptfdisk-1.0.8-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gptfdisk-1.0.8-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-0256 at SUSECVE-2020-0256 at NVDCVE-2021-0308 at SUSECVE-2021-0308 at NVDcpe:/o:suse:sle-micro:5.4grep-3.1-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the grep-3.1-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:sle-micro:5.4groff-1.22.4-150400.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the groff-1.22.4-150400.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-5080 at SUSECVE-2009-5080 at NVDCVE-2009-5081 at SUSECVE-2009-5081 at NVDcpe:/o:suse:sle-micro:5.4grub2-2.06-150400.11.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the grub2-2.06-150400.11.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDCVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2021-3981 at SUSECVE-2021-3981 at NVDCVE-2021-46705 at SUSECVE-2021-46705 at NVDCVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28735 at SUSECVE-2022-28735 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:sle-micro:5.4gstreamer-1.20.1-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gstreamer-1.20.1-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5838 at SUSECVE-2017-5838 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDCVE-2017-5846 at SUSECVE-2017-5846 at NVDCVE-2017-5847 at SUSECVE-2017-5847 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.4gstreamer-plugins-base-1.20.1-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gstreamer-plugins-base-1.20.1-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-9928 at SUSECVE-2019-9928 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.4gtk2-tools-2.24.33-150400.2.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gtk2-tools-2.24.33-150400.2.11 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-7447 at SUSECVE-2013-7447 at NVDcpe:/o:suse:sle-micro:5.4guestfs-data-1.44.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the guestfs-data-1.44.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-2211 at SUSECVE-2022-2211 at NVDcpe:/o:suse:sle-micro:5.4gzip-1.10-150200.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the gzip-1.10-150200.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.4haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the haproxy-2.4.8+git0.d1f8d41e0-150400.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3281 at SUSECVE-2015-3281 at NVDCVE-2018-11469 at SUSECVE-2018-11469 at NVDCVE-2018-14645 at SUSECVE-2018-14645 at NVDCVE-2018-20102 at SUSECVE-2018-20102 at NVDCVE-2018-20103 at SUSECVE-2018-20103 at NVDCVE-2018-20615 at SUSECVE-2018-20615 at NVDCVE-2019-14241 at SUSECVE-2019-14241 at NVDCVE-2019-18277 at SUSECVE-2019-18277 at NVDCVE-2020-11100 at SUSECVE-2020-11100 at NVDCVE-2021-39240 at SUSECVE-2021-39240 at NVDCVE-2021-39241 at SUSECVE-2021-39241 at NVDCVE-2021-39242 at SUSECVE-2021-39242 at NVDCVE-2021-40346 at SUSECVE-2021-40346 at NVDCVE-2022-0711 at SUSECVE-2022-0711 at NVDCVE-2023-0056 at SUSECVE-2023-0056 at NVDcpe:/o:suse:sle-micro:5.4iscsiuio-0.7.8.6-150400.39.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the iscsiuio-0.7.8.6-150400.39.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:sle-micro:5.4jq-1.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8863 at SUSECVE-2015-8863 at NVDCVE-2016-4074 at SUSECVE-2016-4074 at NVDcpe:/o:suse:sle-micro:5.4kdump-1.0.2+git20.g64239cc-150400.3.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kdump-1.0.2+git20.g64239cc-150400.3.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:sle-micro:5.4keepalived-2.2.2-150400.3.7.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the keepalived-2.2.2-150400.3.7.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19044 at SUSECVE-2018-19044 at NVDCVE-2018-19045 at SUSECVE-2018-19045 at NVDCVE-2018-19046 at SUSECVE-2018-19046 at NVDCVE-2021-44225 at SUSECVE-2021-44225 at NVDcpe:/o:suse:sle-micro:5.4kernel-default-5.14.21-150400.24.46.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kernel-default-5.14.21-150400.24.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33135 at SUSECVE-2021-33135 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-2873 at SUSECVE-2022-2873 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-2959 at SUSECVE-2022-2959 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-3078 at SUSECVE-2022-3078 at NVDCVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45869 at SUSECVE-2022-45869 at NVDCVE-2022-45888 at SUSECVE-2022-45888 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:sle-micro:5.4kernel-firmware-all-20220509-150400.4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kernel-firmware-all-20220509-150400.4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDCVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:sle-micro:5.4kernel-rt-5.14.21-150400.15.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kernel-rt-5.14.21-150400.15.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33135 at SUSECVE-2021-33135 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-2873 at SUSECVE-2022-2873 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-2959 at SUSECVE-2022-2959 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-3078 at SUSECVE-2022-3078 at NVDCVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45869 at SUSECVE-2022-45869 at NVDCVE-2022-45888 at SUSECVE-2022-45888 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:sle-micro:5.4kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kpartx-0.9.0+62+suse.3e048d4-150400.4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-41973 at SUSECVE-2022-41973 at NVDCVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:sle-micro:5.4krb5-1.19.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the krb5-1.19.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-37750 at SUSECVE-2021-37750 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sle-micro:5.4kubevirt-manifests-0.54.0-150400.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the kubevirt-manifests-0.54.0-150400.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-1798 at SUSECVE-2022-1798 at NVDCVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDcpe:/o:suse:sle-micro:5.4less-590-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the less-590-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDCVE-2022-46663 at SUSECVE-2022-46663 at NVDcpe:/o:suse:sle-micro:5.4libX11-6-1.6.5-150000.3.24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libX11-6-1.6.5-150000.3.24.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDCVE-2020-14344 at SUSECVE-2020-14344 at NVDCVE-2020-14363 at SUSECVE-2020-14363 at NVDCVE-2021-31535 at SUSECVE-2021-31535 at NVDCVE-2022-3554 at SUSECVE-2022-3554 at NVDCVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:sle-micro:5.4libXcursor1-1.1.15-1.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-2003 at SUSECVE-2013-2003 at NVDCVE-2017-16612 at SUSECVE-2017-16612 at NVDcpe:/o:suse:sle-micro:5.4libXext6-1.3.3-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:sle-micro:5.4libXfixes3-6.0.0-150400.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXfixes3-6.0.0-150400.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1983 at SUSECVE-2013-1983 at NVDcpe:/o:suse:sle-micro:5.4libXi6-1.7.9-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1984 at SUSECVE-2013-1984 at NVDCVE-2013-1995 at SUSECVE-2013-1995 at NVDCVE-2013-1998 at SUSECVE-2013-1998 at NVDcpe:/o:suse:sle-micro:5.4libXinerama1-1.1.3-1.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1985 at SUSECVE-2013-1985 at NVDcpe:/o:suse:sle-micro:5.4libXrandr2-1.5.1-2.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1986 at SUSECVE-2013-1986 at NVDCVE-2016-7947 at SUSECVE-2016-7947 at NVDCVE-2016-7948 at SUSECVE-2016-7948 at NVDcpe:/o:suse:sle-micro:5.4libXrender1-0.9.10-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDcpe:/o:suse:sle-micro:5.4libXtst6-1.2.3-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-2063 at SUSECVE-2013-2063 at NVDcpe:/o:suse:sle-micro:5.4libXv1-1.0.11-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:sle-micro:5.4libarchive13-3.5.1-150400.3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libarchive13-3.5.1-150400.3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-0211 at SUSECVE-2013-0211 at NVDCVE-2015-2304 at SUSECVE-2015-2304 at NVDCVE-2015-8917 at SUSECVE-2015-8917 at NVDCVE-2015-8928 at SUSECVE-2015-8928 at NVDCVE-2015-8933 at SUSECVE-2015-8933 at NVDCVE-2015-8934 at SUSECVE-2015-8934 at NVDCVE-2016-1541 at SUSECVE-2016-1541 at NVDCVE-2016-4300 at SUSECVE-2016-4300 at NVDCVE-2016-4301 at SUSECVE-2016-4301 at NVDCVE-2016-4809 at SUSECVE-2016-4809 at NVDCVE-2016-5418 at SUSECVE-2016-5418 at NVDCVE-2016-5844 at SUSECVE-2016-5844 at NVDCVE-2016-6250 at SUSECVE-2016-6250 at NVDCVE-2016-8687 at SUSECVE-2016-8687 at NVDCVE-2016-8688 at SUSECVE-2016-8688 at NVDCVE-2016-8689 at SUSECVE-2016-8689 at NVDCVE-2017-14166 at SUSECVE-2017-14166 at NVDCVE-2017-14501 at SUSECVE-2017-14501 at NVDCVE-2017-14502 at SUSECVE-2017-14502 at NVDCVE-2017-14503 at SUSECVE-2017-14503 at NVDCVE-2017-5601 at SUSECVE-2017-5601 at NVDCVE-2018-1000877 at SUSECVE-2018-1000877 at NVDCVE-2018-1000878 at SUSECVE-2018-1000878 at NVDCVE-2018-1000879 at SUSECVE-2018-1000879 at NVDCVE-2018-1000880 at SUSECVE-2018-1000880 at NVDCVE-2019-1000019 at SUSECVE-2019-1000019 at NVDCVE-2019-1000020 at SUSECVE-2019-1000020 at NVDCVE-2019-18408 at SUSECVE-2019-18408 at NVDCVE-2019-19221 at SUSECVE-2019-19221 at NVDCVE-2021-23177 at SUSECVE-2021-23177 at NVDCVE-2021-31566 at SUSECVE-2021-31566 at NVDCVE-2021-36976 at SUSECVE-2021-36976 at NVDCVE-2022-26280 at SUSECVE-2022-26280 at NVDCVE-2022-36227 at SUSECVE-2022-36227 at NVDcpe:/o:suse:sle-micro:5.4libaudit1-3.0.6-150400.2.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libaudit1-3.0.6-150400.2.13 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:sle-micro:5.4libblkid1-2.37.2-150400.8.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libblkid1-2.37.2-150400.8.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2021-37600 at SUSECVE-2021-37600 at NVDCVE-2021-3995 at SUSECVE-2021-3995 at NVDCVE-2021-3996 at SUSECVE-2021-3996 at NVDcpe:/o:suse:sle-micro:5.4libbluetooth3-5.62-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libbluetooth3-5.62-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9797 at SUSECVE-2016-9797 at NVDCVE-2016-9798 at SUSECVE-2016-9798 at NVDCVE-2016-9800 at SUSECVE-2016-9800 at NVDCVE-2016-9801 at SUSECVE-2016-9801 at NVDCVE-2016-9802 at SUSECVE-2016-9802 at NVDCVE-2016-9804 at SUSECVE-2016-9804 at NVDCVE-2016-9917 at SUSECVE-2016-9917 at NVDCVE-2016-9918 at SUSECVE-2016-9918 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-3588 at SUSECVE-2021-3588 at NVDCVE-2022-0204 at SUSECVE-2022-0204 at NVDCVE-2022-3563 at SUSECVE-2022-3563 at NVDcpe:/o:suse:sle-micro:5.4libbrotlicommon1-1.0.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:suse:sle-micro:5.4libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:sle-micro:5.4libcairo-gobject2-1.16.0-150400.9.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcairo-gobject2-1.16.0-150400.9.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:sle-micro:5.4libcares2-1.19.0-150000.3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcares2-1.19.0-150000.3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDCVE-2020-8277 at SUSECVE-2020-8277 at NVDCVE-2021-3672 at SUSECVE-2021-3672 at NVDCVE-2022-4904 at SUSECVE-2022-4904 at NVDcpe:/o:suse:sle-micro:5.4libcolord2-1.4.5-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcolord2-1.4.5-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.4libcontainers-common-20210626-150400.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libcontainers-common-20210626-150400.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20291 at SUSECVE-2021-20291 at NVDCVE-2021-3602 at SUSECVE-2021-3602 at NVDcpe:/o:suse:sle-micro:5.4libekmfweb1-2.19.0-150400.7.15.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libekmfweb1-2.19.0-150400.7.15.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-25316 at SUSECVE-2021-25316 at NVDcpe:/o:suse:sle-micro:5.4libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:sle-micro:5.4libexpat1-2.4.4-150400.3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libexpat1-2.4.4-150400.3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2013-0340 at SUSECVE-2013-0340 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDCVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDCVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDCVE-2022-40674 at SUSECVE-2022-40674 at NVDCVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:sle-micro:5.4libfreebl3-3.79.4-150400.3.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libfreebl3-3.79.4-150400.3.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDCVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:sle-micro:5.4libfreetype6-2.10.4-150000.4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libfreetype6-2.10.4-150000.4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2022-27404 at SUSECVE-2022-27404 at NVDCVE-2022-27405 at SUSECVE-2022-27405 at NVDCVE-2022-27406 at SUSECVE-2022-27406 at NVDcpe:/o:suse:sle-micro:5.4libfribidi0-1.0.10-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libfribidi0-1.0.10-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-18397 at SUSECVE-2019-18397 at NVDCVE-2022-25308 at SUSECVE-2022-25308 at NVDCVE-2022-25309 at SUSECVE-2022-25309 at NVDCVE-2022-25310 at SUSECVE-2022-25310 at NVDcpe:/o:suse:sle-micro:5.4libgbm1-21.2.4-150400.68.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgbm1-21.2.4-150400.68.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:sle-micro:5.4libgcrypt20-1.9.4-150400.6.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgcrypt20-1.9.4-150400.6.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDCVE-2021-3345 at SUSECVE-2021-3345 at NVDCVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:sle-micro:5.4libgmp10-6.1.2-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgmp10-6.1.2-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:sle-micro:5.4libgraphite2-3-1.3.11-150000.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libgraphite2-3-1.3.11-150000.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:sle-micro:5.4libharfbuzz-gobject0-3.4.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libharfbuzz-gobject0-3.4.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-33068 at SUSECVE-2022-33068 at NVDcpe:/o:suse:sle-micro:5.4libhivex0-1.3.21-150400.2.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libhivex0-1.3.21-150400.2.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-3504 at SUSECVE-2021-3504 at NVDCVE-2021-3622 at SUSECVE-2021-3622 at NVDcpe:/o:suse:sle-micro:5.4libhogweed6-3.7.3-150400.2.21 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libhogweed6-3.7.3-150400.2.21 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDCVE-2021-20305 at SUSECVE-2021-20305 at NVDCVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:sle-micro:5.4libicu-suse65_1-65.1-150200.4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libicu-suse65_1-65.1-150200.4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:sle-micro:5.4libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:sle-micro:5.4libjansson4-2.9-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjansson4-2.9-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:sle-micro:5.4libjbig2-2.1-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-6369 at SUSECVE-2013-6369 at NVDcpe:/o:suse:sle-micro:5.4libjpeg8-8.2.2-150400.15.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjpeg8-8.2.2-150400.15.9 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2018-19644 at SUSECVE-2018-19644 at NVDCVE-2018-19664 at SUSECVE-2018-19664 at NVDCVE-2018-20330 at SUSECVE-2018-20330 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDCVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:sle-micro:5.4libjson-c3-0.13-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDCVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:sle-micro:5.4libksba8-1.3.5-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libksba8-1.3.5-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDCVE-2022-3515 at SUSECVE-2022-3515 at NVDCVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:sle-micro:5.4liblcms2-2-2.12-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblcms2-2-2.12-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16435 at SUSECVE-2018-16435 at NVDcpe:/o:suse:sle-micro:5.4libldap-2_4-2-2.4.46-150200.14.11.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libldap-2_4-2-2.4.46-150200.14.11.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDCVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:sle-micro:5.4libldb2-2.4.3-150400.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libldb2-2.4.3-150400.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-3670 at SUSECVE-2021-3670 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDcpe:/o:suse:sle-micro:5.4liblua5_3-5-5.3.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDCVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:sle-micro:5.4liblz4-1-1.9.3-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblz4-1-1.9.3-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDCVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:sle-micro:5.4liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:sle-micro:5.4libmicrohttpd12-0.9.57-1.33 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libmicrohttpd12-0.9.57-1.33 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-7038 at SUSECVE-2013-7038 at NVDCVE-2013-7039 at SUSECVE-2013-7039 at NVDcpe:/o:suse:sle-micro:5.4libmpfr6-4.0.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libmpfr6-4.0.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9474 at SUSECVE-2014-9474 at NVDcpe:/o:suse:sle-micro:5.4libmspack0-0.6-3.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2018-18586 at SUSECVE-2018-18586 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:sle-micro:5.4libncurses6-6.1-150000.5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libncurses6-6.1-150000.5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDCVE-2021-39537 at SUSECVE-2021-39537 at NVDCVE-2022-29458 at SUSECVE-2022-29458 at NVDcpe:/o:suse:sle-micro:5.4libndp0-1.6-1.26 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libndp0-1.6-1.26 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-3698 at SUSECVE-2016-3698 at NVDcpe:/o:suse:sle-micro:5.4libnewt0_52-0.52.20-5.35 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libnewt0_52-0.52.20-5.35 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-2905 at SUSECVE-2009-2905 at NVDcpe:/o:suse:sle-micro:5.4libnghttp2-14-1.40.0-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:sle-micro:5.4libonig4-6.7.0-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libonig4-6.7.0-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-13224 at SUSECVE-2019-13224 at NVDCVE-2019-16163 at SUSECVE-2019-16163 at NVDCVE-2019-19203 at SUSECVE-2019-19203 at NVDCVE-2019-19204 at SUSECVE-2019-19204 at NVDCVE-2019-19246 at SUSECVE-2019-19246 at NVDCVE-2020-26159 at SUSECVE-2020-26159 at NVDcpe:/o:suse:sle-micro:5.4libopenssl-1_1-devel-1.1.1l-150400.7.25.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libopenssl-1_1-devel-1.1.1l-150400.7.25.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2002-20001 at SUSECVE-2002-20001 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDCVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDCVE-2021-3449 at SUSECVE-2021-3449 at NVDCVE-2021-3450 at SUSECVE-2021-3450 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDCVE-2022-0778 at SUSECVE-2022-0778 at NVDCVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDCVE-2022-2097 at SUSECVE-2022-2097 at NVDCVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sle-micro:5.4libopus0-1.3.1-150000.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libopus0-1.3.1-150000.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:sle-micro:5.4libosinfo-1.7.1-150400.8.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libosinfo-1.7.1-150400.8.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-13313 at SUSECVE-2019-13313 at NVDcpe:/o:suse:sle-micro:5.4libp11-kit0-0.23.22-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libp11-kit0-0.23.22-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-29361 at SUSECVE-2020-29361 at NVDCVE-2020-29362 at SUSECVE-2020-29362 at NVDCVE-2020-29363 at SUSECVE-2020-29363 at NVDcpe:/o:suse:sle-micro:5.4libpango-1_0-0-1.50.4-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpango-1_0-0-1.50.4-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15120 at SUSECVE-2018-15120 at NVDcpe:/o:suse:sle-micro:5.4libpcap1-1.10.1-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcap1-1.10.1-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15161 at SUSECVE-2019-15161 at NVDCVE-2019-15162 at SUSECVE-2019-15162 at NVDCVE-2019-15163 at SUSECVE-2019-15163 at NVDCVE-2019-15164 at SUSECVE-2019-15164 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:sle-micro:5.4libpcre1-8.45-150000.20.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcre1-8.45-150000.20.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sle-micro:5.4libpcre2-8-0-10.39-150400.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcre2-8-0-10.39-150400.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDCVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:sle-micro:5.4libpcsclite1-1.9.4-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpcsclite1-1.9.4-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:sle-micro:5.4libpixman-1-0-0.40.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpixman-1-0-0.40.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:sle-micro:5.4libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sle-micro:5.4libpolkit0-0.116-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpolkit0-0.116-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDCVE-2021-3560 at SUSECVE-2021-3560 at NVDCVE-2021-4034 at SUSECVE-2021-4034 at NVDCVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:sle-micro:5.4libprocps7-3.3.15-150000.7.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libprocps7-3.3.15-150000.7.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDcpe:/o:suse:sle-micro:5.4libprotobuf-lite20-3.9.2-150200.4.19.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libprotobuf-lite20-3.9.2-150200.4.19.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-22569 at SUSECVE-2021-22569 at NVDCVE-2021-22570 at SUSECVE-2021-22570 at NVDCVE-2022-1941 at SUSECVE-2022-1941 at NVDCVE-2022-3171 at SUSECVE-2022-3171 at NVDcpe:/o:suse:sle-micro:5.4libproxy1-0.4.17-150400.1.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libproxy1-0.4.17-150400.1.8 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:sle-micro:5.4libpython3_6m1_0-3.6.15-150300.10.40.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libpython3_6m1_0-3.6.15-150300.10.40.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2015-20107 at SUSECVE-2015-20107 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-28861 at SUSECVE-2021-28861 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDCVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3572 at SUSECVE-2021-3572 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-37454 at SUSECVE-2022-37454 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sle-micro:5.4librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the librados2-16.2.9.536+g41a9f9a5573-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDCVE-2019-10222 at SUSECVE-2019-10222 at NVDCVE-2019-3821 at SUSECVE-2019-3821 at NVDCVE-2020-10736 at SUSECVE-2020-10736 at NVDCVE-2020-1759 at SUSECVE-2020-1759 at NVDCVE-2020-1760 at SUSECVE-2020-1760 at NVDCVE-2020-25660 at SUSECVE-2020-25660 at NVDCVE-2020-25678 at SUSECVE-2020-25678 at NVDCVE-2020-27781 at SUSECVE-2020-27781 at NVDCVE-2020-27839 at SUSECVE-2020-27839 at NVDCVE-2021-20288 at SUSECVE-2021-20288 at NVDCVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDCVE-2021-3979 at SUSECVE-2021-3979 at NVDcpe:/o:suse:sle-micro:5.4libseccomp2-2.5.3-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libseccomp2-2.5.3-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:sle-micro:5.4libsepol2-3.4-150400.1.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsepol2-3.4-150400.1.11 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-36085 at SUSECVE-2021-36085 at NVDCVE-2021-36086 at SUSECVE-2021-36086 at NVDCVE-2021-36087 at SUSECVE-2021-36087 at NVDcpe:/o:suse:sle-micro:5.4libslirp0-4.3.1-150300.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libslirp0-4.3.1-150300.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:sle-micro:5.4libsnmp40-5.9.3-150300.15.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsnmp40-5.9.3-150300.15.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-5621 at SUSECVE-2015-5621 at NVDCVE-2018-18065 at SUSECVE-2018-18065 at NVDCVE-2020-15862 at SUSECVE-2020-15862 at NVDCVE-2022-24805 at SUSECVE-2022-24805 at NVDCVE-2022-24806 at SUSECVE-2022-24806 at NVDCVE-2022-24807 at SUSECVE-2022-24807 at NVDCVE-2022-24808 at SUSECVE-2022-24808 at NVDCVE-2022-24809 at SUSECVE-2022-24809 at NVDCVE-2022-24810 at SUSECVE-2022-24810 at NVDCVE-2022-44792 at SUSECVE-2022-44792 at NVDCVE-2022-44793 at SUSECVE-2022-44793 at NVDcpe:/o:suse:sle-micro:5.4libsolv-tools-0.7.22-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsolv-tools-0.7.22-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sle-micro:5.4libsoup-2_4-1-2.74.2-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsoup-2_4-1-2.74.2-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-2885 at SUSECVE-2017-2885 at NVDCVE-2018-12910 at SUSECVE-2018-12910 at NVDcpe:/o:suse:sle-micro:5.4libspice-server1-0.15.0-150400.2.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libspice-server1-0.15.0-150400.2.8 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDCVE-2019-3813 at SUSECVE-2019-3813 at NVDCVE-2020-14355 at SUSECVE-2020-14355 at NVDCVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:sle-micro:5.4libsqlite3-0-3.39.3-150000.3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsqlite3-0-3.39.3-150000.3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDCVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDCVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:sle-micro:5.4libssh-config-0.9.6-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libssh-config-0.9.6-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-16135 at SUSECVE-2020-16135 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDCVE-2021-3634 at SUSECVE-2021-3634 at NVDcpe:/o:suse:sle-micro:5.4libssh2-1-1.9.0-4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libssh2-1-1.9.0-4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDcpe:/o:suse:sle-micro:5.4libsss_certmap0-2.5.2-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsss_certmap0-2.5.2-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-12173 at SUSECVE-2017-12173 at NVDCVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2018-16838 at SUSECVE-2018-16838 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDCVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:sle-micro:5.4libsystemd0-249.15-150400.8.22.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libsystemd0-249.15-150400.8.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDCVE-2021-33910 at SUSECVE-2021-33910 at NVDCVE-2021-3997 at SUSECVE-2021-3997 at NVDCVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:sle-micro:5.4libtasn1-4.13-150000.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtasn1-4.13-150000.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDCVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:sle-micro:5.4libtiff5-4.0.9-150000.45.25.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtiff5-4.0.9-150000.45.25.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2012-4564 at SUSECVE-2012-4564 at NVDCVE-2013-1960 at SUSECVE-2013-1960 at NVDCVE-2013-1961 at SUSECVE-2013-1961 at NVDCVE-2013-4231 at SUSECVE-2013-4231 at NVDCVE-2013-4232 at SUSECVE-2013-4232 at NVDCVE-2013-4243 at SUSECVE-2013-4243 at NVDCVE-2013-4244 at SUSECVE-2013-4244 at NVDCVE-2014-8127 at SUSECVE-2014-8127 at NVDCVE-2014-8128 at SUSECVE-2014-8128 at NVDCVE-2014-8129 at SUSECVE-2014-8129 at NVDCVE-2014-8130 at SUSECVE-2014-8130 at NVDCVE-2014-9655 at SUSECVE-2014-9655 at NVDCVE-2015-1547 at SUSECVE-2015-1547 at NVDCVE-2015-7554 at SUSECVE-2015-7554 at NVDCVE-2015-8665 at SUSECVE-2015-8665 at NVDCVE-2015-8683 at SUSECVE-2015-8683 at NVDCVE-2015-8781 at SUSECVE-2015-8781 at NVDCVE-2015-8782 at SUSECVE-2015-8782 at NVDCVE-2015-8783 at SUSECVE-2015-8783 at NVDCVE-2016-10092 at SUSECVE-2016-10092 at NVDCVE-2016-10093 at SUSECVE-2016-10093 at NVDCVE-2016-10094 at SUSECVE-2016-10094 at NVDCVE-2016-10095 at SUSECVE-2016-10095 at NVDCVE-2016-10266 at SUSECVE-2016-10266 at NVDCVE-2016-10267 at SUSECVE-2016-10267 at NVDCVE-2016-10268 at SUSECVE-2016-10268 at NVDCVE-2016-10269 at SUSECVE-2016-10269 at NVDCVE-2016-10270 at SUSECVE-2016-10270 at NVDCVE-2016-10271 at SUSECVE-2016-10271 at NVDCVE-2016-10272 at SUSECVE-2016-10272 at NVDCVE-2016-10371 at SUSECVE-2016-10371 at NVDCVE-2016-3186 at SUSECVE-2016-3186 at NVDCVE-2016-3622 at SUSECVE-2016-3622 at NVDCVE-2016-3623 at SUSECVE-2016-3623 at NVDCVE-2016-3658 at SUSECVE-2016-3658 at NVDCVE-2016-3945 at SUSECVE-2016-3945 at NVDCVE-2016-3990 at SUSECVE-2016-3990 at NVDCVE-2016-3991 at SUSECVE-2016-3991 at NVDCVE-2016-5314 at SUSECVE-2016-5314 at NVDCVE-2016-5316 at SUSECVE-2016-5316 at NVDCVE-2016-5317 at SUSECVE-2016-5317 at NVDCVE-2016-5318 at SUSECVE-2016-5318 at NVDCVE-2016-5320 at SUSECVE-2016-5320 at NVDCVE-2016-5321 at SUSECVE-2016-5321 at NVDCVE-2016-5323 at SUSECVE-2016-5323 at NVDCVE-2016-5652 at SUSECVE-2016-5652 at NVDCVE-2016-5875 at SUSECVE-2016-5875 at NVDCVE-2016-6223 at SUSECVE-2016-6223 at NVDCVE-2016-9273 at SUSECVE-2016-9273 at NVDCVE-2016-9297 at SUSECVE-2016-9297 at NVDCVE-2016-9448 at SUSECVE-2016-9448 at NVDCVE-2016-9453 at SUSECVE-2016-9453 at NVDCVE-2016-9538 at SUSECVE-2016-9538 at NVDCVE-2017-11613 at SUSECVE-2017-11613 at NVDCVE-2017-12944 at SUSECVE-2017-12944 at NVDCVE-2017-16232 at SUSECVE-2017-16232 at NVDCVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2017-18013 at SUSECVE-2017-18013 at NVDCVE-2017-5225 at SUSECVE-2017-5225 at NVDCVE-2017-7592 at SUSECVE-2017-7592 at NVDCVE-2017-7593 at SUSECVE-2017-7593 at NVDCVE-2017-7594 at SUSECVE-2017-7594 at NVDCVE-2017-7595 at SUSECVE-2017-7595 at NVDCVE-2017-7596 at SUSECVE-2017-7596 at NVDCVE-2017-7597 at SUSECVE-2017-7597 at NVDCVE-2017-7598 at SUSECVE-2017-7598 at NVDCVE-2017-7599 at SUSECVE-2017-7599 at NVDCVE-2017-7600 at SUSECVE-2017-7600 at NVDCVE-2017-7601 at SUSECVE-2017-7601 at NVDCVE-2017-7602 at SUSECVE-2017-7602 at NVDCVE-2017-9403 at SUSECVE-2017-9403 at NVDCVE-2017-9404 at SUSECVE-2017-9404 at NVDCVE-2017-9935 at SUSECVE-2017-9935 at NVDCVE-2017-9936 at SUSECVE-2017-9936 at NVDCVE-2018-10779 at SUSECVE-2018-10779 at NVDCVE-2018-10963 at SUSECVE-2018-10963 at NVDCVE-2018-12900 at SUSECVE-2018-12900 at NVDCVE-2018-16335 at SUSECVE-2018-16335 at NVDCVE-2018-17000 at SUSECVE-2018-17000 at NVDCVE-2018-17100 at SUSECVE-2018-17100 at NVDCVE-2018-17101 at SUSECVE-2018-17101 at NVDCVE-2018-17795 at SUSECVE-2018-17795 at NVDCVE-2018-18557 at SUSECVE-2018-18557 at NVDCVE-2018-18661 at SUSECVE-2018-18661 at NVDCVE-2018-19210 at SUSECVE-2018-19210 at NVDCVE-2018-5784 at SUSECVE-2018-5784 at NVDCVE-2018-7456 at SUSECVE-2018-7456 at NVDCVE-2018-8905 at SUSECVE-2018-8905 at NVDCVE-2019-14973 at SUSECVE-2019-14973 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2019-6128 at SUSECVE-2019-6128 at NVDCVE-2019-7663 at SUSECVE-2019-7663 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-0562 at SUSECVE-2022-0562 at NVDCVE-2022-0865 at SUSECVE-2022-0865 at NVDCVE-2022-0891 at SUSECVE-2022-0891 at NVDCVE-2022-0908 at SUSECVE-2022-0908 at NVDCVE-2022-0909 at SUSECVE-2022-0909 at NVDCVE-2022-0924 at SUSECVE-2022-0924 at NVDCVE-2022-1056 at SUSECVE-2022-1056 at NVDCVE-2022-2056 at SUSECVE-2022-2056 at NVDCVE-2022-2057 at SUSECVE-2022-2057 at NVDCVE-2022-2058 at SUSECVE-2022-2058 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDCVE-2022-3570 at SUSECVE-2022-3570 at NVDCVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3598 at SUSECVE-2022-3598 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDCVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:sle-micro:5.4libtirpc-netconfig-1.2.6-150300.3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtirpc-netconfig-1.2.6-150300.3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:sle-micro:5.4libtpms0-0.8.2-150300.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtpms0-0.8.2-150300.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-3446 at SUSECVE-2021-3446 at NVDCVE-2021-3505 at SUSECVE-2021-3505 at NVDCVE-2021-3623 at SUSECVE-2021-3623 at NVDCVE-2021-3746 at SUSECVE-2021-3746 at NVDcpe:/o:suse:sle-micro:5.4libtss2-esys0-3.1.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libtss2-esys0-3.1.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-24455 at SUSECVE-2020-24455 at NVDCVE-2023-22745 at SUSECVE-2023-22745 at NVDcpe:/o:suse:sle-micro:5.4libudisks2-0-2.9.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libudisks2-0-2.9.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-17336 at SUSECVE-2018-17336 at NVDCVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:sle-micro:5.4libunwind-1.5.0-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:sle-micro:5.4libvirglrenderer1-0.9.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvirglrenderer1-0.9.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDCVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDCVE-2019-18392 at SUSECVE-2019-18392 at NVDCVE-2020-8002 at SUSECVE-2020-8002 at NVDCVE-2020-8003 at SUSECVE-2020-8003 at NVDCVE-2022-0135 at SUSECVE-2022-0135 at NVDCVE-2022-0175 at SUSECVE-2022-0175 at NVDcpe:/o:suse:sle-micro:5.4libvirt-client-8.0.0-150400.7.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvirt-client-8.0.0-150400.7.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDCVE-2021-3631 at SUSECVE-2021-3631 at NVDCVE-2021-3667 at SUSECVE-2021-3667 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDCVE-2022-0897 at SUSECVE-2022-0897 at NVDcpe:/o:suse:sle-micro:5.4libvmtools0-12.1.0-150300.21.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvmtools0-12.1.0-150300.21.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDCVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:sle-micro:5.4libvorbis0-1.3.6-150000.4.5.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libvorbis0-1.3.6-150000.4.5.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:sle-micro:5.4libxkbcommon0-1.3.0-150400.1.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libxkbcommon0-1.3.0-150400.1.13 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:sle-micro:5.4libxml2-2-2.9.14-150400.5.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libxml2-2-2.9.14-150400.5.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDCVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDCVE-2021-3541 at SUSECVE-2021-3541 at NVDCVE-2022-23308 at SUSECVE-2022-23308 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:sle-micro:5.4libxslt1-1.1.34-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libxslt1-1.1.34-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDCVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:sle-micro:5.4libyajl2-2.1.0-150000.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libyajl2-2.1.0-150000.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-24795 at SUSECVE-2022-24795 at NVDcpe:/o:suse:sle-micro:5.4libyaml-cpp0_6-0.6.3-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libyaml-cpp0_6-0.6.3-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDCVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:sle-micro:5.4libz1-1.2.11-150000.3.39.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libz1-1.2.11-150000.3.39.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2018-25032 at SUSECVE-2018-25032 at NVDCVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:sle-micro:5.4libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:sle-micro:5.4libzstd1-1.5.0-150400.1.71 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libzstd1-1.5.0-150400.1.71 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDcpe:/o:suse:sle-micro:5.4libzypp-17.31.2-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the libzypp-17.31.2-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sle-micro:5.4login_defs-4.8.1-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the login_defs-4.8.1-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:sle-micro:5.4logrotate-3.18.1-150400.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the logrotate-3.18.1-150400.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-3864 at SUSECVE-2021-3864 at NVDCVE-2022-1348 at SUSECVE-2022-1348 at NVDcpe:/o:suse:sle-micro:5.4mozilla-nspr-4.34.1-150000.3.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the mozilla-nspr-4.34.1-150000.3.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:sle-micro:5.4nfs-client-2.1.1-150100.10.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the nfs-client-2.1.1-150100.10.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:sle-micro:5.4opensc-0.22.0-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the opensc-0.22.0-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16421 at SUSECVE-2018-16421 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16424 at SUSECVE-2018-16424 at NVDCVE-2018-16425 at SUSECVE-2018-16425 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDCVE-2019-15945 at SUSECVE-2019-15945 at NVDCVE-2019-15946 at SUSECVE-2019-15946 at NVDCVE-2019-19479 at SUSECVE-2019-19479 at NVDCVE-2019-19480 at SUSECVE-2019-19480 at NVDCVE-2019-20792 at SUSECVE-2019-20792 at NVDCVE-2019-6502 at SUSECVE-2019-6502 at NVDCVE-2020-26570 at SUSECVE-2020-26570 at NVDCVE-2020-26571 at SUSECVE-2020-26571 at NVDCVE-2020-26572 at SUSECVE-2020-26572 at NVDCVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:sle-micro:5.4openslp-2.0.0-6.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:sle-micro:5.4openssh-8.4p1-150300.3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the openssh-8.4p1-150300.3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDCVE-2021-28041 at SUSECVE-2021-28041 at NVDCVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:sle-micro:5.4openssl-1.1.1l-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the openssl-1.1.1l-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:sle-micro:5.4pam-1.3.0-150000.6.61.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the pam-1.3.0-150000.6.61.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:sle-micro:5.4pam_u2f-1.2.0-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the pam_u2f-1.2.0-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-12209 at SUSECVE-2019-12209 at NVDCVE-2019-12210 at SUSECVE-2019-12210 at NVDCVE-2021-31924 at SUSECVE-2021-31924 at NVDcpe:/o:suse:sle-micro:5.4perl-5.26.1-150300.17.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the perl-5.26.1-150300.17.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2017-6512 at SUSECVE-2017-6512 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDcpe:/o:suse:sle-micro:5.4perl-ExtUtils-MakeMaker-7.62-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the perl-ExtUtils-MakeMaker-7.62-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1238 at SUSECVE-2016-1238 at NVDcpe:/o:suse:sle-micro:5.4permissions-20201225-150400.5.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the permissions-20201225-150400.5.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDCVE-2022-31252 at SUSECVE-2022-31252 at NVDcpe:/o:suse:sle-micro:5.4podman-4.3.1-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the podman-4.3.1-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-1227 at SUSECVE-2022-1227 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27649 at SUSECVE-2022-27649 at NVDCVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:sle-micro:5.4policycoreutils-3.4-150400.1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the policycoreutils-3.4-150400.1.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:sle-micro:5.4powerpc-utils-1.3.10-150400.19.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the powerpc-utils-1.3.10-150400.19.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:sle-micro:5.4ppp-2.4.7-150000.5.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the ppp-2.4.7-150000.5.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-3310 at SUSECVE-2015-3310 at NVDCVE-2020-8597 at SUSECVE-2020-8597 at NVDcpe:/o:suse:sle-micro:5.4procmail-3.22-2.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:sle-micro:5.4python3-Babel-2.8.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-Babel-2.8.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:sle-micro:5.4python3-Jinja2-2.10.1-3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:sle-micro:5.4python3-M2Crypto-0.38.0-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-M2Crypto-0.38.0-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.4python3-PyYAML-5.4.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:sle-micro:5.4python3-certifi-2018.1.18-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-certifi-2018.1.18-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-23491 at SUSECVE-2022-23491 at NVDcpe:/o:suse:sle-micro:5.4python3-cryptography-3.3.2-150400.16.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-cryptography-3.3.2-150400.16.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:sle-micro:5.4python3-future-0.18.2-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-future-0.18.2-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2022-40899 at SUSECVE-2022-40899 at NVDcpe:/o:suse:sle-micro:5.4python3-lxml-4.7.1-150200.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-lxml-4.7.1-150200.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19787 at SUSECVE-2018-19787 at NVDCVE-2020-27783 at SUSECVE-2020-27783 at NVDCVE-2021-28957 at SUSECVE-2021-28957 at NVDCVE-2021-43818 at SUSECVE-2021-43818 at NVDCVE-2022-2309 at SUSECVE-2022-2309 at NVDcpe:/o:suse:sle-micro:5.4python3-py-1.10.0-150100.5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-py-1.10.0-150100.5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-29651 at SUSECVE-2020-29651 at NVDCVE-2022-42969 at SUSECVE-2022-42969 at NVDcpe:/o:suse:sle-micro:5.4python3-requests-2.24.0-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-requests-2.24.0-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDcpe:/o:suse:sle-micro:5.4python3-rsa-3.4.2-150000.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-rsa-3.4.2-150000.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-13757 at SUSECVE-2020-13757 at NVDCVE-2020-25658 at SUSECVE-2020-25658 at NVDcpe:/o:suse:sle-micro:5.4python3-salt-3004-150400.8.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-salt-3004-150400.8.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-21996 at SUSECVE-2021-21996 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDCVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDCVE-2022-22967 at SUSECVE-2022-22967 at NVDcpe:/o:suse:sle-micro:5.4python3-setuptools-44.1.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-setuptools-44.1.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.4python3-urllib3-1.25.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2018-20060 at SUSECVE-2018-20060 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:sle-micro:5.4qemu-6.2.0-150400.37.8.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the qemu-6.2.0-150400.37.8.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10717 at SUSECVE-2020-10717 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-17380 at SUSECVE-2020-17380 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-20263 at SUSECVE-2021-20263 at NVDCVE-2021-3409 at SUSECVE-2021-3409 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDCVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDCVE-2021-3929 at SUSECVE-2021-3929 at NVDCVE-2021-4158 at SUSECVE-2021-4158 at NVDCVE-2021-4206 at SUSECVE-2021-4206 at NVDCVE-2021-4207 at SUSECVE-2021-4207 at NVDCVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-0358 at SUSECVE-2022-0358 at NVDCVE-2022-26353 at SUSECVE-2022-26353 at NVDCVE-2022-26354 at SUSECVE-2022-26354 at NVDCVE-2022-35414 at SUSECVE-2022-35414 at NVDcpe:/o:suse:sle-micro:5.4qemu-ovmf-x86_64-202202-150400.5.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the qemu-ovmf-x86_64-202202-150400.5.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDCVE-2019-0161 at SUSECVE-2019-0161 at NVDCVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14558 at SUSECVE-2019-14558 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14562 at SUSECVE-2019-14562 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2019-14586 at SUSECVE-2019-14586 at NVDCVE-2019-14587 at SUSECVE-2019-14587 at NVDCVE-2021-28210 at SUSECVE-2021-28210 at NVDCVE-2021-28211 at SUSECVE-2021-28211 at NVDcpe:/o:suse:sle-micro:5.4rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:sle-micro:5.4rpm-4.14.3-150300.52.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the rpm-4.14.3-150300.52.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:sle-micro:5.4rsync-3.2.3-150400.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the rsync-3.2.3-150400.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDCVE-2020-14387 at SUSECVE-2020-14387 at NVDCVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:sle-micro:5.4runc-1.1.4-150000.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the runc-1.1.4-150000.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-43784 at SUSECVE-2021-43784 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDcpe:/o:suse:sle-micro:5.4samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-8143 at SUSECVE-2014-8143 at NVDCVE-2015-0240 at SUSECVE-2015-0240 at NVDCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5252 at SUSECVE-2015-5252 at NVDCVE-2015-5296 at SUSECVE-2015-5296 at NVDCVE-2015-5299 at SUSECVE-2015-5299 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2015-5370 at SUSECVE-2015-5370 at NVDCVE-2015-7560 at SUSECVE-2015-7560 at NVDCVE-2015-8467 at SUSECVE-2015-8467 at NVDCVE-2015-8543 at SUSECVE-2015-8543 at NVDCVE-2016-0771 at SUSECVE-2016-0771 at NVDCVE-2016-2110 at SUSECVE-2016-2110 at NVDCVE-2016-2111 at SUSECVE-2016-2111 at NVDCVE-2016-2112 at SUSECVE-2016-2112 at NVDCVE-2016-2113 at SUSECVE-2016-2113 at NVDCVE-2016-2115 at SUSECVE-2016-2115 at NVDCVE-2016-2118 at SUSECVE-2016-2118 at NVDCVE-2016-2119 at SUSECVE-2016-2119 at NVDCVE-2016-2123 at SUSECVE-2016-2123 at NVDCVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2016-2125 at SUSECVE-2016-2125 at NVDCVE-2016-2126 at SUSECVE-2016-2126 at NVDCVE-2017-11103 at SUSECVE-2017-11103 at NVDCVE-2017-12150 at SUSECVE-2017-12150 at NVDCVE-2017-12151 at SUSECVE-2017-12151 at NVDCVE-2017-12163 at SUSECVE-2017-12163 at NVDCVE-2017-14746 at SUSECVE-2017-14746 at NVDCVE-2017-15275 at SUSECVE-2017-15275 at NVDCVE-2017-2619 at SUSECVE-2017-2619 at NVDCVE-2017-7494 at SUSECVE-2017-7494 at NVDCVE-2018-1050 at SUSECVE-2018-1050 at NVDCVE-2018-1057 at SUSECVE-2018-1057 at NVDCVE-2018-10858 at SUSECVE-2018-10858 at NVDCVE-2018-10918 at SUSECVE-2018-10918 at NVDCVE-2018-10919 at SUSECVE-2018-10919 at NVDCVE-2018-1139 at SUSECVE-2018-1139 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2018-14629 at SUSECVE-2018-14629 at NVDCVE-2018-16841 at SUSECVE-2018-16841 at NVDCVE-2018-16851 at SUSECVE-2018-16851 at NVDCVE-2018-16852 at SUSECVE-2018-16852 at NVDCVE-2018-16853 at SUSECVE-2018-16853 at NVDCVE-2018-16857 at SUSECVE-2018-16857 at NVDCVE-2018-16860 at SUSECVE-2018-16860 at NVDCVE-2019-10197 at SUSECVE-2019-10197 at NVDCVE-2019-10218 at SUSECVE-2019-10218 at NVDCVE-2019-12435 at SUSECVE-2019-12435 at NVDCVE-2019-12436 at SUSECVE-2019-12436 at NVDCVE-2019-14833 at SUSECVE-2019-14833 at NVDCVE-2019-14847 at SUSECVE-2019-14847 at NVDCVE-2019-14861 at SUSECVE-2019-14861 at NVDCVE-2019-14870 at SUSECVE-2019-14870 at NVDCVE-2019-14902 at SUSECVE-2019-14902 at NVDCVE-2019-14907 at SUSECVE-2019-14907 at NVDCVE-2019-19344 at SUSECVE-2019-19344 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2019-3870 at SUSECVE-2019-3870 at NVDCVE-2019-3880 at SUSECVE-2019-3880 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10704 at SUSECVE-2020-10704 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-10745 at SUSECVE-2020-10745 at NVDCVE-2020-10760 at SUSECVE-2020-10760 at NVDCVE-2020-14303 at SUSECVE-2020-14303 at NVDCVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDCVE-2020-1472 at SUSECVE-2020-1472 at NVDCVE-2020-17049 at SUSECVE-2020-17049 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-25719 at SUSECVE-2020-25719 at NVDCVE-2020-25721 at SUSECVE-2020-25721 at NVDCVE-2020-25722 at SUSECVE-2020-25722 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2021-20254 at SUSECVE-2021-20254 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-23192 at SUSECVE-2021-23192 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDCVE-2021-44141 at SUSECVE-2021-44141 at NVDCVE-2021-44142 at SUSECVE-2021-44142 at NVDCVE-2022-0336 at SUSECVE-2022-0336 at NVDCVE-2022-1615 at SUSECVE-2022-1615 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32743 at SUSECVE-2022-32743 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2022-3437 at SUSECVE-2022-3437 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-37967 at SUSECVE-2022-37967 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sle-micro:5.4shim-15.4-4.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the shim-15.4-4.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDcpe:/o:suse:sle-micro:5.4slirp4netns-0.4.7-3.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the slirp4netns-0.4.7-3.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:sle-micro:5.4socat-1.7.3.2-4.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the socat-1.7.3.2-4.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-3571 at SUSECVE-2013-3571 at NVDCVE-2014-0019 at SUSECVE-2014-0019 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sle-micro:5.4squashfs-4.4-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDcpe:/o:suse:sle-micro:5.4sudo-1.9.9-150400.4.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the sudo-1.9.9-150400.4.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDCVE-2022-43995 at SUSECVE-2022-43995 at NVDCVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:sle-micro:5.4supportutils-3.1.21-150300.7.35.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the supportutils-3.1.21-150300.7.35.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:sle-micro:5.4swtpm-0.5.3-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the swtpm-0.5.3-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2020-28407 at SUSECVE-2020-28407 at NVDCVE-2022-23645 at SUSECVE-2022-23645 at NVDcpe:/o:suse:sle-micro:5.4sysstat-12.0.2-3.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the sysstat-12.0.2-3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDCVE-2019-16167 at SUSECVE-2019-16167 at NVDCVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:sle-micro:5.4tar-1.34-150000.3.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the tar-1.34-150000.3.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDCVE-2022-48303 at SUSECVE-2022-48303 at NVDcpe:/o:suse:sle-micro:5.4tpm2.0-tools-5.2-150400.4.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the tpm2.0-tools-5.2-150400.4.6 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7524 at SUSECVE-2017-7524 at NVDCVE-2021-3565 at SUSECVE-2021-3565 at NVDcpe:/o:suse:sle-micro:5.4trousers-0.3.15-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the trousers-0.3.15-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-18898 at SUSECVE-2019-18898 at NVDCVE-2020-24330 at SUSECVE-2020-24330 at NVDCVE-2020-24331 at SUSECVE-2020-24331 at NVDCVE-2020-24332 at SUSECVE-2020-24332 at NVDcpe:/o:suse:sle-micro:5.4u-boot-rpiarm64-2021.10-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the u-boot-rpiarm64-2021.10-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2018-18439 at SUSECVE-2018-18439 at NVDCVE-2018-18440 at SUSECVE-2018-18440 at NVDCVE-2020-10648 at SUSECVE-2020-10648 at NVDCVE-2020-8432 at SUSECVE-2020-8432 at NVDCVE-2022-30552 at SUSECVE-2022-30552 at NVDCVE-2022-30767 at SUSECVE-2022-30767 at NVDCVE-2022-30790 at SUSECVE-2022-30790 at NVDCVE-2022-33103 at SUSECVE-2022-33103 at NVDCVE-2022-33967 at SUSECVE-2022-33967 at NVDCVE-2022-34835 at SUSECVE-2022-34835 at NVDcpe:/o:suse:sle-micro:5.4ucode-intel-20230214-150200.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the ucode-intel-20230214-150200.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDCVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDCVE-2022-21151 at SUSECVE-2022-21151 at NVDCVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-21233 at SUSECVE-2022-21233 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:sle-micro:5.4update-alternatives-1.19.0.4-150000.4.4.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the update-alternatives-1.19.0.4-150000.4.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:sle-micro:5.4vim-data-common-9.0.1234-150000.5.34.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the vim-data-common-9.0.1234-150000.5.34.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:sle-micro:5.4virt-install-4.0.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the virt-install-4.0.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-10183 at SUSECVE-2019-10183 at NVDcpe:/o:suse:sle-micro:5.4wicked-0.6.70-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the wicked-0.6.70-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:sle-micro:5.4wpa_supplicant-2.9-150000.4.36.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the wpa_supplicant-2.9-150000.4.36.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDCVE-2021-27803 at SUSECVE-2021-27803 at NVDCVE-2021-30004 at SUSECVE-2021-30004 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:sle-micro:5.4xen-libs-4.16.3_02-150400.4.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the xen-libs-4.16.3_02-150400.4.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29040 at SUSECVE-2020-29040 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29567 at SUSECVE-2020-29567 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDCVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDCVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23824 at SUSECVE-2022-23824 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33747 at SUSECVE-2022-33747 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDCVE-2022-42327 at SUSECVE-2022-42327 at NVDcpe:/o:suse:sle-micro:5.4zypper-1.14.57-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.4
These are all security issues fixed in the zypper-1.14.57-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.4. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:sle-micro:5.4Mesa-22.3.5-150500.75.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the Mesa-22.3.5-150500.75.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-5068 at SUSECVE-2019-5068 at NVDcpe:/o:suse:sle-micro:5.5NetworkManager-1.38.6-150500.1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the NetworkManager-1.38.6-150500.1.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2006-7246 at SUSECVE-2006-7246 at NVDCVE-2015-2924 at SUSECVE-2015-2924 at NVDCVE-2016-0764 at SUSECVE-2016-0764 at NVDCVE-2018-1000135 at SUSECVE-2018-1000135 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2020-10754 at SUSECVE-2020-10754 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2021-20297 at SUSECVE-2021-20297 at NVDcpe:/o:suse:sle-micro:5.5afterburn-5.2.0-150500.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the afterburn-5.2.0-150500.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-35905 at SUSECVE-2020-35905 at NVDCVE-2020-36465 at SUSECVE-2020-36465 at NVDCVE-2021-27378 at SUSECVE-2021-27378 at NVDCVE-2021-32714 at SUSECVE-2021-32714 at NVDCVE-2021-32715 at SUSECVE-2021-32715 at NVDCVE-2021-38191 at SUSECVE-2021-38191 at NVDCVE-2021-45710 at SUSECVE-2021-45710 at NVDcpe:/o:suse:sle-micro:5.5aide-0.16-24.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the aide-0.16-24.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:sle-micro:5.5apparmor-parser-3.0.4-150500.11.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the apparmor-parser-3.0.4-150500.11.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-6507 at SUSECVE-2017-6507 at NVDCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.5avahi-0.8-150400.7.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the avahi-0.8-150400.7.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-6519 at SUSECVE-2017-6519 at NVDCVE-2018-1000845 at SUSECVE-2018-1000845 at NVDCVE-2021-26720 at SUSECVE-2021-26720 at NVDCVE-2021-3468 at SUSECVE-2021-3468 at NVDCVE-2021-3502 at SUSECVE-2021-3502 at NVDCVE-2023-1981 at SUSECVE-2023-1981 at NVDcpe:/o:suse:sle-micro:5.5aws-cli-1.27.89-150200.30.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the aws-cli-1.27.89-150200.30.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-15869 at SUSECVE-2018-15869 at NVDcpe:/o:suse:sle-micro:5.5bash-4.4-150400.25.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the bash-4.4-150400.25.22 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9401 at SUSECVE-2016-9401 at NVDcpe:/o:suse:sle-micro:5.5bcm43xx-firmware-20180314-150400.28.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the bcm43xx-firmware-20180314-150400.28.5 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-10370 at SUSECVE-2020-10370 at NVDcpe:/o:suse:sle-micro:5.5btrfsmaintenance-0.4.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the btrfsmaintenance-0.4.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-14722 at SUSECVE-2018-14722 at NVDcpe:/o:suse:sle-micro:5.5bzip2-1.0.8-150400.1.122 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the bzip2-1.0.8-150400.1.122 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-3189 at SUSECVE-2016-3189 at NVDCVE-2019-12900 at SUSECVE-2019-12900 at NVDcpe:/o:suse:sle-micro:5.5chrony-4.1-150400.19.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the chrony-4.1-150400.19.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-1567 at SUSECVE-2016-1567 at NVDCVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:sle-micro:5.5cifs-utils-6.15-150400.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cifs-utils-6.15-150400.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-14342 at SUSECVE-2020-14342 at NVDCVE-2021-20208 at SUSECVE-2021-20208 at NVDCVE-2022-27239 at SUSECVE-2022-27239 at NVDCVE-2022-29869 at SUSECVE-2022-29869 at NVDcpe:/o:suse:sle-micro:5.5cni-1.1.2-150500.1.20 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cni-1.1.2-150500.1.20 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.5cni-plugins-1.1.1-150500.1.19 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cni-plugins-1.1.1-150500.1.19 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-10749 at SUSECVE-2020-10749 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.5conmon-2.1.7-150500.9.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the conmon-2.1.7-150500.9.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-1708 at SUSECVE-2022-1708 at NVDcpe:/o:suse:sle-micro:5.5conntrack-tools-1.4.5-1.46 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the conntrack-tools-1.4.5-1.46 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-6496 at SUSECVE-2015-6496 at NVDcpe:/o:suse:sle-micro:5.5containerd-1.6.21-150000.93.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the containerd-1.6.21-150000.93.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-23471 at SUSECVE-2022-23471 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-31030 at SUSECVE-2022-31030 at NVDCVE-2023-25153 at SUSECVE-2023-25153 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:suse:sle-micro:5.5containerized-data-importer-manifests-1.55.0-150500.4.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the containerized-data-importer-manifests-1.55.0-150500.4.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.5coolkey-1.1.0-1.31 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the coolkey-1.1.0-1.31 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2007-4129 at SUSECVE-2007-4129 at NVDcpe:/o:suse:sle-micro:5.5coreutils-8.32-150400.7.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the coreutils-8.32-150400.7.5 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-4041 at SUSECVE-2015-4041 at NVDCVE-2015-4042 at SUSECVE-2015-4042 at NVDCVE-2017-7476 at SUSECVE-2017-7476 at NVDcpe:/o:suse:sle-micro:5.5cpio-2.13-150400.1.98 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cpio-2.13-150400.1.98 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9112 at SUSECVE-2014-9112 at NVDCVE-2015-1197 at SUSECVE-2015-1197 at NVDCVE-2016-2037 at SUSECVE-2016-2037 at NVDCVE-2019-14866 at SUSECVE-2019-14866 at NVDCVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:sle-micro:5.5cracklib-2.9.7-11.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cracklib-2.9.7-11.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-6318 at SUSECVE-2016-6318 at NVDcpe:/o:suse:sle-micro:5.5cryptsetup-2.4.3-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cryptsetup-2.4.3-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-14382 at SUSECVE-2020-14382 at NVDCVE-2021-4122 at SUSECVE-2021-4122 at NVDcpe:/o:suse:sle-micro:5.5cups-config-2.2.7-150000.3.46.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cups-config-2.2.7-150000.3.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2012-5519 at SUSECVE-2012-5519 at NVDCVE-2014-3537 at SUSECVE-2014-3537 at NVDCVE-2014-5029 at SUSECVE-2014-5029 at NVDCVE-2014-5030 at SUSECVE-2014-5030 at NVDCVE-2014-5031 at SUSECVE-2014-5031 at NVDCVE-2015-1158 at SUSECVE-2015-1158 at NVDCVE-2015-1159 at SUSECVE-2015-1159 at NVDCVE-2017-18248 at SUSECVE-2017-18248 at NVDCVE-2018-4180 at SUSECVE-2018-4180 at NVDCVE-2018-4181 at SUSECVE-2018-4181 at NVDCVE-2018-4182 at SUSECVE-2018-4182 at NVDCVE-2018-4183 at SUSECVE-2018-4183 at NVDCVE-2018-4700 at SUSECVE-2018-4700 at NVDCVE-2019-8675 at SUSECVE-2019-8675 at NVDCVE-2019-8696 at SUSECVE-2019-8696 at NVDCVE-2019-8842 at SUSECVE-2019-8842 at NVDCVE-2020-10001 at SUSECVE-2020-10001 at NVDCVE-2020-3898 at SUSECVE-2020-3898 at NVDCVE-2021-25317 at SUSECVE-2021-25317 at NVDCVE-2022-26691 at SUSECVE-2022-26691 at NVDCVE-2023-32324 at SUSECVE-2023-32324 at NVDCVE-2023-34241 at SUSECVE-2023-34241 at NVDcpe:/o:suse:sle-micro:5.5curl-8.0.1-150400.5.26.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the curl-8.0.1-150400.5.26.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8150 at SUSECVE-2014-8150 at NVDCVE-2015-3143 at SUSECVE-2015-3143 at NVDCVE-2015-3144 at SUSECVE-2015-3144 at NVDCVE-2015-3145 at SUSECVE-2015-3145 at NVDCVE-2015-3148 at SUSECVE-2015-3148 at NVDCVE-2015-3153 at SUSECVE-2015-3153 at NVDCVE-2015-3236 at SUSECVE-2015-3236 at NVDCVE-2015-3237 at SUSECVE-2015-3237 at NVDCVE-2016-0755 at SUSECVE-2016-0755 at NVDCVE-2016-7167 at SUSECVE-2016-7167 at NVDCVE-2016-8615 at SUSECVE-2016-8615 at NVDCVE-2016-8616 at SUSECVE-2016-8616 at NVDCVE-2016-8617 at SUSECVE-2016-8617 at NVDCVE-2016-8618 at SUSECVE-2016-8618 at NVDCVE-2016-8619 at SUSECVE-2016-8619 at NVDCVE-2016-8620 at SUSECVE-2016-8620 at NVDCVE-2016-8621 at SUSECVE-2016-8621 at NVDCVE-2016-8622 at SUSECVE-2016-8622 at NVDCVE-2016-8623 at SUSECVE-2016-8623 at NVDCVE-2016-8624 at SUSECVE-2016-8624 at NVDCVE-2016-8625 at SUSECVE-2016-8625 at NVDCVE-2016-9586 at SUSECVE-2016-9586 at NVDCVE-2016-9594 at SUSECVE-2016-9594 at NVDCVE-2017-1000099 at SUSECVE-2017-1000099 at NVDCVE-2017-1000100 at SUSECVE-2017-1000100 at NVDCVE-2017-1000101 at SUSECVE-2017-1000101 at NVDCVE-2017-1000254 at SUSECVE-2017-1000254 at NVDCVE-2017-1000257 at SUSECVE-2017-1000257 at NVDCVE-2017-2629 at SUSECVE-2017-2629 at NVDCVE-2017-7468 at SUSECVE-2017-7468 at NVDCVE-2017-8816 at SUSECVE-2017-8816 at NVDCVE-2017-8817 at SUSECVE-2017-8817 at NVDCVE-2017-8818 at SUSECVE-2017-8818 at NVDCVE-2017-9502 at SUSECVE-2017-9502 at NVDCVE-2018-0500 at SUSECVE-2018-0500 at NVDCVE-2018-1000005 at SUSECVE-2018-1000005 at NVDCVE-2018-1000007 at SUSECVE-2018-1000007 at NVDCVE-2018-1000120 at SUSECVE-2018-1000120 at NVDCVE-2018-1000121 at SUSECVE-2018-1000121 at NVDCVE-2018-1000122 at SUSECVE-2018-1000122 at NVDCVE-2018-1000300 at SUSECVE-2018-1000300 at NVDCVE-2018-1000301 at SUSECVE-2018-1000301 at NVDCVE-2018-14618 at SUSECVE-2018-14618 at NVDCVE-2018-16839 at SUSECVE-2018-16839 at NVDCVE-2018-16840 at SUSECVE-2018-16840 at NVDCVE-2018-16842 at SUSECVE-2018-16842 at NVDCVE-2018-16890 at SUSECVE-2018-16890 at NVDCVE-2019-15601 at SUSECVE-2019-15601 at NVDCVE-2019-3822 at SUSECVE-2019-3822 at NVDCVE-2019-3823 at SUSECVE-2019-3823 at NVDCVE-2019-5435 at SUSECVE-2019-5435 at NVDCVE-2019-5436 at SUSECVE-2019-5436 at NVDCVE-2019-5481 at SUSECVE-2019-5481 at NVDCVE-2019-5482 at SUSECVE-2019-5482 at NVDCVE-2020-8169 at SUSECVE-2020-8169 at NVDCVE-2020-8177 at SUSECVE-2020-8177 at NVDCVE-2020-8231 at SUSECVE-2020-8231 at NVDCVE-2020-8284 at SUSECVE-2020-8284 at NVDCVE-2020-8285 at SUSECVE-2020-8285 at NVDCVE-2020-8286 at SUSECVE-2020-8286 at NVDCVE-2021-22297 at SUSECVE-2021-22297 at NVDCVE-2021-22298 at SUSECVE-2021-22298 at NVDCVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDCVE-2021-22898 at SUSECVE-2021-22898 at NVDCVE-2021-22901 at SUSECVE-2021-22901 at NVDCVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDCVE-2021-22945 at SUSECVE-2021-22945 at NVDCVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDCVE-2022-22576 at SUSECVE-2022-22576 at NVDCVE-2022-27774 at SUSECVE-2022-27774 at NVDCVE-2022-27775 at SUSECVE-2022-27775 at NVDCVE-2022-27776 at SUSECVE-2022-27776 at NVDCVE-2022-27778 at SUSECVE-2022-27778 at NVDCVE-2022-27779 at SUSECVE-2022-27779 at NVDCVE-2022-27780 at SUSECVE-2022-27780 at NVDCVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDCVE-2022-30115 at SUSECVE-2022-30115 at NVDCVE-2022-32205 at SUSECVE-2022-32205 at NVDCVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32207 at SUSECVE-2022-32207 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDCVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-35252 at SUSECVE-2022-35252 at NVDCVE-2022-35260 at SUSECVE-2022-35260 at NVDCVE-2022-42915 at SUSECVE-2022-42915 at NVDCVE-2022-42916 at SUSECVE-2022-42916 at NVDCVE-2022-43551 at SUSECVE-2022-43551 at NVDCVE-2022-43552 at SUSECVE-2022-43552 at NVDCVE-2023-23914 at SUSECVE-2023-23914 at NVDCVE-2023-23915 at SUSECVE-2023-23915 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27537 at SUSECVE-2023-27537 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDCVE-2023-28319 at SUSECVE-2023-28319 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDCVE-2023-32001 at SUSECVE-2023-32001 at NVDcpe:/o:suse:sle-micro:5.5cyrus-sasl-2.1.28-150500.1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the cyrus-sasl-2.1.28-150500.1.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-19906 at SUSECVE-2019-19906 at NVDCVE-2020-8032 at SUSECVE-2020-8032 at NVDCVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:sle-micro:5.5dbus-1-1.12.2-150400.18.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the dbus-1-1.12.2-150400.18.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3636 at SUSECVE-2014-3636 at NVDCVE-2014-3637 at SUSECVE-2014-3637 at NVDCVE-2014-3639 at SUSECVE-2014-3639 at NVDCVE-2014-7824 at SUSECVE-2014-7824 at NVDCVE-2014-8148 at SUSECVE-2014-8148 at NVDCVE-2015-0245 at SUSECVE-2015-0245 at NVDCVE-2019-12749 at SUSECVE-2019-12749 at NVDCVE-2020-12049 at SUSECVE-2020-12049 at NVDCVE-2020-35512 at SUSECVE-2020-35512 at NVDCVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDCVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:suse:sle-micro:5.5dmidecode-3.4-150400.16.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the dmidecode-3.4-150400.16.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:sle-micro:5.5dnsmasq-2.86-150400.14.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the dnsmasq-2.86-150400.14.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3294 at SUSECVE-2015-3294 at NVDCVE-2015-8899 at SUSECVE-2015-8899 at NVDCVE-2017-14491 at SUSECVE-2017-14491 at NVDCVE-2017-14492 at SUSECVE-2017-14492 at NVDCVE-2017-14493 at SUSECVE-2017-14493 at NVDCVE-2017-14494 at SUSECVE-2017-14494 at NVDCVE-2017-14495 at SUSECVE-2017-14495 at NVDCVE-2017-14496 at SUSECVE-2017-14496 at NVDCVE-2017-15107 at SUSECVE-2017-15107 at NVDCVE-2019-14834 at SUSECVE-2019-14834 at NVDCVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2020-25681 at SUSECVE-2020-25681 at NVDCVE-2020-25682 at SUSECVE-2020-25682 at NVDCVE-2020-25683 at SUSECVE-2020-25683 at NVDCVE-2020-25684 at SUSECVE-2020-25684 at NVDCVE-2020-25685 at SUSECVE-2020-25685 at NVDCVE-2020-25686 at SUSECVE-2020-25686 at NVDCVE-2020-25687 at SUSECVE-2020-25687 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDCVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:sle-micro:5.5docker-24.0.5_ce-150000.185.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the docker-24.0.5_ce-150000.185.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-5277 at SUSECVE-2014-5277 at NVDCVE-2014-6407 at SUSECVE-2014-6407 at NVDCVE-2014-6408 at SUSECVE-2014-6408 at NVDCVE-2014-8178 at SUSECVE-2014-8178 at NVDCVE-2014-8179 at SUSECVE-2014-8179 at NVDCVE-2014-9356 at SUSECVE-2014-9356 at NVDCVE-2014-9357 at SUSECVE-2014-9357 at NVDCVE-2014-9358 at SUSECVE-2014-9358 at NVDCVE-2015-3627 at SUSECVE-2015-3627 at NVDCVE-2015-3629 at SUSECVE-2015-3629 at NVDCVE-2015-3630 at SUSECVE-2015-3630 at NVDCVE-2015-3631 at SUSECVE-2015-3631 at NVDCVE-2016-3697 at SUSECVE-2016-3697 at NVDCVE-2016-8867 at SUSECVE-2016-8867 at NVDCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2017-16539 at SUSECVE-2017-16539 at NVDCVE-2018-10892 at SUSECVE-2018-10892 at NVDCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-20699 at SUSECVE-2018-20699 at NVDCVE-2019-13509 at SUSECVE-2019-13509 at NVDCVE-2019-14271 at SUSECVE-2019-14271 at NVDCVE-2020-13401 at SUSECVE-2020-13401 at NVDCVE-2020-15257 at SUSECVE-2020-15257 at NVDCVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-36109 at SUSECVE-2022-36109 at NVDCVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:suse:sle-micro:5.5dracut-055+suse.369.gde6c81bf-150500.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the dracut-055+suse.369.gde6c81bf-150500.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-8637 at SUSECVE-2016-8637 at NVDcpe:/o:suse:sle-micro:5.5e2fsprogs-1.46.4-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the e2fsprogs-1.46.4-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-0247 at SUSECVE-2015-0247 at NVDCVE-2015-1572 at SUSECVE-2015-1572 at NVDCVE-2019-5094 at SUSECVE-2019-5094 at NVDCVE-2019-5188 at SUSECVE-2019-5188 at NVDCVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:sle-micro:5.5elfutils-0.185-150400.5.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the elfutils-0.185-150400.5.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9447 at SUSECVE-2014-9447 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7146 at SUSECVE-2019-7146 at NVDCVE-2019-7148 at SUSECVE-2019-7148 at NVDCVE-2019-7149 at SUSECVE-2019-7149 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7664 at SUSECVE-2019-7664 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:sle-micro:5.5file-5.32-7.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the file-5.32-7.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3710 at SUSECVE-2014-3710 at NVDCVE-2014-8116 at SUSECVE-2014-8116 at NVDCVE-2014-8117 at SUSECVE-2014-8117 at NVDCVE-2017-1000249 at SUSECVE-2017-1000249 at NVDCVE-2018-10360 at SUSECVE-2018-10360 at NVDCVE-2019-18218 at SUSECVE-2019-18218 at NVDCVE-2019-8905 at SUSECVE-2019-8905 at NVDCVE-2019-8906 at SUSECVE-2019-8906 at NVDCVE-2019-8907 at SUSECVE-2019-8907 at NVDcpe:/o:suse:sle-micro:5.5firewalld-0.9.3-150400.8.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the firewalld-0.9.3-150400.8.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-5410 at SUSECVE-2016-5410 at NVDcpe:/o:suse:sle-micro:5.5gawk-4.2.1-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gawk-4.2.1-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:suse:sle-micro:5.5gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gdk-pixbuf-loader-rsvg-2.52.10-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-11464 at SUSECVE-2017-11464 at NVDCVE-2019-20446 at SUSECVE-2019-20446 at NVDCVE-2021-25900 at SUSECVE-2021-25900 at NVDCVE-2023-38633 at SUSECVE-2023-38633 at NVDcpe:/o:suse:sle-micro:5.5gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-4491 at SUSECVE-2015-4491 at NVDCVE-2015-7552 at SUSECVE-2015-7552 at NVDCVE-2015-7673 at SUSECVE-2015-7673 at NVDCVE-2015-7674 at SUSECVE-2015-7674 at NVDCVE-2016-6352 at SUSECVE-2016-6352 at NVDCVE-2017-2862 at SUSECVE-2017-2862 at NVDCVE-2017-2870 at SUSECVE-2017-2870 at NVDCVE-2017-6312 at SUSECVE-2017-6312 at NVDCVE-2017-6313 at SUSECVE-2017-6313 at NVDCVE-2020-29385 at SUSECVE-2020-29385 at NVDCVE-2021-44648 at SUSECVE-2021-44648 at NVDCVE-2021-46829 at SUSECVE-2021-46829 at NVDcpe:/o:suse:sle-micro:5.5git-2.35.3-150300.10.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the git-2.35.3-150300.10.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2005-4900 at SUSECVE-2005-4900 at NVDCVE-2014-9390 at SUSECVE-2014-9390 at NVDCVE-2016-2315 at SUSECVE-2016-2315 at NVDCVE-2016-2324 at SUSECVE-2016-2324 at NVDCVE-2017-1000117 at SUSECVE-2017-1000117 at NVDCVE-2017-14867 at SUSECVE-2017-14867 at NVDCVE-2017-15298 at SUSECVE-2017-15298 at NVDCVE-2017-8386 at SUSECVE-2017-8386 at NVDCVE-2018-11233 at SUSECVE-2018-11233 at NVDCVE-2018-11235 at SUSECVE-2018-11235 at NVDCVE-2018-17456 at SUSECVE-2018-17456 at NVDCVE-2018-19486 at SUSECVE-2018-19486 at NVDCVE-2019-1348 at SUSECVE-2019-1348 at NVDCVE-2019-1349 at SUSECVE-2019-1349 at NVDCVE-2019-1350 at SUSECVE-2019-1350 at NVDCVE-2019-1351 at SUSECVE-2019-1351 at NVDCVE-2019-1352 at SUSECVE-2019-1352 at NVDCVE-2019-1353 at SUSECVE-2019-1353 at NVDCVE-2019-1354 at SUSECVE-2019-1354 at NVDCVE-2019-1387 at SUSECVE-2019-1387 at NVDCVE-2019-19604 at SUSECVE-2019-19604 at NVDCVE-2020-11008 at SUSECVE-2020-11008 at NVDCVE-2020-5260 at SUSECVE-2020-5260 at NVDCVE-2021-21300 at SUSECVE-2021-21300 at NVDCVE-2022-23521 at SUSECVE-2022-23521 at NVDCVE-2022-24765 at SUSECVE-2022-24765 at NVDCVE-2022-29187 at SUSECVE-2022-29187 at NVDCVE-2022-39253 at SUSECVE-2022-39253 at NVDCVE-2022-39260 at SUSECVE-2022-39260 at NVDCVE-2022-41903 at SUSECVE-2022-41903 at NVDCVE-2023-22490 at SUSECVE-2023-22490 at NVDCVE-2023-23946 at SUSECVE-2023-23946 at NVDCVE-2023-25652 at SUSECVE-2023-25652 at NVDCVE-2023-25815 at SUSECVE-2023-25815 at NVDCVE-2023-29007 at SUSECVE-2023-29007 at NVDcpe:/o:suse:sle-micro:5.5glib-networking-2.70.1-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the glib-networking-2.70.1-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:sle-micro:5.5glib2-tools-2.70.5-150400.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the glib2-tools-2.70.5-150400.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-16428 at SUSECVE-2018-16428 at NVDCVE-2018-16429 at SUSECVE-2018-16429 at NVDCVE-2019-12450 at SUSECVE-2019-12450 at NVDCVE-2020-6750 at SUSECVE-2020-6750 at NVDCVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDCVE-2023-24593 at SUSECVE-2023-24593 at NVDCVE-2023-25180 at SUSECVE-2023-25180 at NVDcpe:/o:suse:sle-micro:5.5glibc-2.31-150300.52.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the glibc-2.31-150300.52.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2009-5155 at SUSECVE-2009-5155 at NVDCVE-2010-3192 at SUSECVE-2010-3192 at NVDCVE-2012-3406 at SUSECVE-2012-3406 at NVDCVE-2013-4458 at SUSECVE-2013-4458 at NVDCVE-2014-7817 at SUSECVE-2014-7817 at NVDCVE-2014-8121 at SUSECVE-2014-8121 at NVDCVE-2014-9402 at SUSECVE-2014-9402 at NVDCVE-2014-9761 at SUSECVE-2014-9761 at NVDCVE-2015-1472 at SUSECVE-2015-1472 at NVDCVE-2015-1473 at SUSECVE-2015-1473 at NVDCVE-2015-1781 at SUSECVE-2015-1781 at NVDCVE-2015-5180 at SUSECVE-2015-5180 at NVDCVE-2015-7547 at SUSECVE-2015-7547 at NVDCVE-2015-8776 at SUSECVE-2015-8776 at NVDCVE-2015-8777 at SUSECVE-2015-8777 at NVDCVE-2015-8778 at SUSECVE-2015-8778 at NVDCVE-2015-8779 at SUSECVE-2015-8779 at NVDCVE-2016-10228 at SUSECVE-2016-10228 at NVDCVE-2016-10739 at SUSECVE-2016-10739 at NVDCVE-2016-1234 at SUSECVE-2016-1234 at NVDCVE-2016-3075 at SUSECVE-2016-3075 at NVDCVE-2016-3706 at SUSECVE-2016-3706 at NVDCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2016-5417 at SUSECVE-2016-5417 at NVDCVE-2016-6323 at SUSECVE-2016-6323 at NVDCVE-2017-1000366 at SUSECVE-2017-1000366 at NVDCVE-2017-1000408 at SUSECVE-2017-1000408 at NVDCVE-2017-1000409 at SUSECVE-2017-1000409 at NVDCVE-2017-12132 at SUSECVE-2017-12132 at NVDCVE-2017-12133 at SUSECVE-2017-12133 at NVDCVE-2017-15670 at SUSECVE-2017-15670 at NVDCVE-2017-15671 at SUSECVE-2017-15671 at NVDCVE-2017-15804 at SUSECVE-2017-15804 at NVDCVE-2017-16997 at SUSECVE-2017-16997 at NVDCVE-2017-17426 at SUSECVE-2017-17426 at NVDCVE-2017-18269 at SUSECVE-2017-18269 at NVDCVE-2018-1000001 at SUSECVE-2018-1000001 at NVDCVE-2018-11236 at SUSECVE-2018-11236 at NVDCVE-2018-11237 at SUSECVE-2018-11237 at NVDCVE-2018-6485 at SUSECVE-2018-6485 at NVDCVE-2018-6551 at SUSECVE-2018-6551 at NVDCVE-2019-19126 at SUSECVE-2019-19126 at NVDCVE-2019-9169 at SUSECVE-2019-9169 at NVDCVE-2020-10029 at SUSECVE-2020-10029 at NVDCVE-2020-1751 at SUSECVE-2020-1751 at NVDCVE-2020-1752 at SUSECVE-2020-1752 at NVDCVE-2020-27618 at SUSECVE-2020-27618 at NVDCVE-2020-29562 at SUSECVE-2020-29562 at NVDCVE-2020-29573 at SUSECVE-2020-29573 at NVDCVE-2021-27645 at SUSECVE-2021-27645 at NVDCVE-2021-3326 at SUSECVE-2021-3326 at NVDCVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDCVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDCVE-2023-0687 at SUSECVE-2023-0687 at NVDcpe:/o:suse:sle-micro:5.5gnutls-3.7.3-150400.4.35.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gnutls-3.7.3-150400.4.35.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8564 at SUSECVE-2014-8564 at NVDCVE-2015-6251 at SUSECVE-2015-6251 at NVDCVE-2016-8610 at SUSECVE-2016-8610 at NVDCVE-2017-10790 at SUSECVE-2017-10790 at NVDCVE-2017-7869 at SUSECVE-2017-7869 at NVDCVE-2018-10844 at SUSECVE-2018-10844 at NVDCVE-2018-10845 at SUSECVE-2018-10845 at NVDCVE-2018-10846 at SUSECVE-2018-10846 at NVDCVE-2018-16868 at SUSECVE-2018-16868 at NVDCVE-2019-3829 at SUSECVE-2019-3829 at NVDCVE-2019-3836 at SUSECVE-2019-3836 at NVDCVE-2020-11501 at SUSECVE-2020-11501 at NVDCVE-2020-13777 at SUSECVE-2020-13777 at NVDCVE-2020-24659 at SUSECVE-2020-24659 at NVDCVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDCVE-2022-2509 at SUSECVE-2022-2509 at NVDCVE-2023-0361 at SUSECVE-2023-0361 at NVDcpe:/o:suse:sle-micro:5.5gpg2-2.2.27-150300.3.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gpg2-2.2.27-150300.3.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-1000858 at SUSECVE-2018-1000858 at NVDCVE-2018-12020 at SUSECVE-2018-12020 at NVDCVE-2018-9234 at SUSECVE-2018-9234 at NVDCVE-2019-13050 at SUSECVE-2019-13050 at NVDCVE-2019-14855 at SUSECVE-2019-14855 at NVDCVE-2020-25125 at SUSECVE-2020-25125 at NVDCVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:sle-micro:5.5gptfdisk-1.0.8-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gptfdisk-1.0.8-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-0256 at SUSECVE-2020-0256 at NVDCVE-2021-0308 at SUSECVE-2021-0308 at NVDcpe:/o:suse:sle-micro:5.5grep-3.1-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the grep-3.1-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-1345 at SUSECVE-2015-1345 at NVDcpe:/o:suse:sle-micro:5.5groff-1.22.4-150400.3.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the groff-1.22.4-150400.3.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2009-5080 at SUSECVE-2009-5080 at NVDCVE-2009-5081 at SUSECVE-2009-5081 at NVDcpe:/o:suse:sle-micro:5.5grub2-2.06-150500.29.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the grub2-2.06-150500.29.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-8370 at SUSECVE-2015-8370 at NVDCVE-2020-10713 at SUSECVE-2020-10713 at NVDCVE-2020-14308 at SUSECVE-2020-14308 at NVDCVE-2020-14309 at SUSECVE-2020-14309 at NVDCVE-2020-14310 at SUSECVE-2020-14310 at NVDCVE-2020-14311 at SUSECVE-2020-14311 at NVDCVE-2020-14372 at SUSECVE-2020-14372 at NVDCVE-2020-15705 at SUSECVE-2020-15705 at NVDCVE-2020-15706 at SUSECVE-2020-15706 at NVDCVE-2020-15707 at SUSECVE-2020-15707 at NVDCVE-2020-25632 at SUSECVE-2020-25632 at NVDCVE-2020-25647 at SUSECVE-2020-25647 at NVDCVE-2020-27749 at SUSECVE-2020-27749 at NVDCVE-2020-27779 at SUSECVE-2020-27779 at NVDCVE-2021-20225 at SUSECVE-2021-20225 at NVDCVE-2021-20233 at SUSECVE-2021-20233 at NVDCVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2021-3981 at SUSECVE-2021-3981 at NVDCVE-2021-46705 at SUSECVE-2021-46705 at NVDCVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28735 at SUSECVE-2022-28735 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:sle-micro:5.5gstreamer-1.22.0-150500.3.2.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gstreamer-1.22.0-150500.3.2.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-10198 at SUSECVE-2016-10198 at NVDCVE-2016-10199 at SUSECVE-2016-10199 at NVDCVE-2017-5837 at SUSECVE-2017-5837 at NVDCVE-2017-5838 at SUSECVE-2017-5838 at NVDCVE-2017-5839 at SUSECVE-2017-5839 at NVDCVE-2017-5840 at SUSECVE-2017-5840 at NVDCVE-2017-5841 at SUSECVE-2017-5841 at NVDCVE-2017-5842 at SUSECVE-2017-5842 at NVDCVE-2017-5843 at SUSECVE-2017-5843 at NVDCVE-2017-5844 at SUSECVE-2017-5844 at NVDCVE-2017-5845 at SUSECVE-2017-5845 at NVDCVE-2017-5846 at SUSECVE-2017-5846 at NVDCVE-2017-5847 at SUSECVE-2017-5847 at NVDCVE-2017-5848 at SUSECVE-2017-5848 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:sle-micro:5.5gstreamer-plugins-base-1.22.0-150500.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gstreamer-plugins-base-1.22.0-150500.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-9928 at SUSECVE-2019-9928 at NVDCVE-2021-3185 at SUSECVE-2021-3185 at NVDCVE-2023-37327 at SUSECVE-2023-37327 at NVDCVE-2023-37328 at SUSECVE-2023-37328 at NVDcpe:/o:suse:sle-micro:5.5gtk2-tools-2.24.33-150400.2.11 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gtk2-tools-2.24.33-150400.2.11 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-7447 at SUSECVE-2013-7447 at NVDcpe:/o:suse:sle-micro:5.5guestfs-tools-1.48.3-150500.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the guestfs-tools-1.48.3-150500.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-2211 at SUSECVE-2022-2211 at NVDcpe:/o:suse:sle-micro:5.5gzip-1.10-150200.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the gzip-1.10-150200.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:sle-micro:5.5haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the haproxy-2.4.22+git0.f8e3218e2-150400.3.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3281 at SUSECVE-2015-3281 at NVDCVE-2018-11469 at SUSECVE-2018-11469 at NVDCVE-2018-14645 at SUSECVE-2018-14645 at NVDCVE-2018-20102 at SUSECVE-2018-20102 at NVDCVE-2018-20103 at SUSECVE-2018-20103 at NVDCVE-2018-20615 at SUSECVE-2018-20615 at NVDCVE-2019-14241 at SUSECVE-2019-14241 at NVDCVE-2019-18277 at SUSECVE-2019-18277 at NVDCVE-2020-11100 at SUSECVE-2020-11100 at NVDCVE-2021-39240 at SUSECVE-2021-39240 at NVDCVE-2021-39241 at SUSECVE-2021-39241 at NVDCVE-2021-39242 at SUSECVE-2021-39242 at NVDCVE-2021-40346 at SUSECVE-2021-40346 at NVDCVE-2022-0711 at SUSECVE-2022-0711 at NVDCVE-2023-0056 at SUSECVE-2023-0056 at NVDCVE-2023-40225 at SUSECVE-2023-40225 at NVDcpe:/o:suse:sle-micro:5.5iscsiuio-0.7.8.6-150500.44.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the iscsiuio-0.7.8.6-150500.44.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:sle-micro:5.5jq-1.6-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the jq-1.6-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-8863 at SUSECVE-2015-8863 at NVDCVE-2016-4074 at SUSECVE-2016-4074 at NVDcpe:/o:suse:sle-micro:5.5kdump-1.0.2+git42.ge1e25ed-150500.1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the kdump-1.0.2+git42.ge1e25ed-150500.1.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-5759 at SUSECVE-2016-5759 at NVDcpe:/o:suse:sle-micro:5.5keepalived-2.2.2-150500.6.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the keepalived-2.2.2-150500.6.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-19044 at SUSECVE-2018-19044 at NVDCVE-2018-19045 at SUSECVE-2018-19045 at NVDCVE-2018-19046 at SUSECVE-2018-19046 at NVDCVE-2021-44225 at SUSECVE-2021-44225 at NVDcpe:/o:suse:sle-micro:5.5kernel-default-5.14.21-150500.55.19.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the kernel-default-5.14.21-150500.55.19.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33135 at SUSECVE-2021-33135 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-2873 at SUSECVE-2022-2873 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-2959 at SUSECVE-2022-2959 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-3078 at SUSECVE-2022-3078 at NVDCVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45869 at SUSECVE-2022-45869 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45888 at SUSECVE-2022-45888 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0468 at SUSECVE-2023-0468 at NVDCVE-2023-0469 at SUSECVE-2023-0469 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1583 at SUSECVE-2023-1583 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-21106 at SUSECVE-2023-21106 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-2430 at SUSECVE-2023-2430 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3220 at SUSECVE-2023-3220 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-38409 at SUSECVE-2023-38409 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.5kernel-firmware-all-20230724-150500.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the kernel-firmware-all-20230724-150500.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2019-9836 at SUSECVE-2019-9836 at NVDCVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.5kernel-rt-5.14.21-150500.13.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the kernel-rt-5.14.21-150500.13.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2017-1000251 at SUSECVE-2017-1000251 at NVDCVE-2017-12153 at SUSECVE-2017-12153 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-14051 at SUSECVE-2017-14051 at NVDCVE-2017-16536 at SUSECVE-2017-16536 at NVDCVE-2017-16537 at SUSECVE-2017-16537 at NVDCVE-2017-16646 at SUSECVE-2017-16646 at NVDCVE-2017-16648 at SUSECVE-2017-16648 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2018-10323 at SUSECVE-2018-10323 at NVDCVE-2018-12232 at SUSECVE-2018-12232 at NVDCVE-2018-13053 at SUSECVE-2018-13053 at NVDCVE-2018-20669 at SUSECVE-2018-20669 at NVDCVE-2019-0154 at SUSECVE-2019-0154 at NVDCVE-2019-0155 at SUSECVE-2019-0155 at NVDCVE-2019-10220 at SUSECVE-2019-10220 at NVDCVE-2019-11477 at SUSECVE-2019-11477 at NVDCVE-2019-11478 at SUSECVE-2019-11478 at NVDCVE-2019-11479 at SUSECVE-2019-11479 at NVDCVE-2019-14615 at SUSECVE-2019-14615 at NVDCVE-2019-14814 at SUSECVE-2019-14814 at NVDCVE-2019-14815 at SUSECVE-2019-14815 at NVDCVE-2019-14816 at SUSECVE-2019-14816 at NVDCVE-2019-14895 at SUSECVE-2019-14895 at NVDCVE-2019-14896 at SUSECVE-2019-14896 at NVDCVE-2019-14897 at SUSECVE-2019-14897 at NVDCVE-2019-14901 at SUSECVE-2019-14901 at NVDCVE-2019-15030 at SUSECVE-2019-15030 at NVDCVE-2019-15031 at SUSECVE-2019-15031 at NVDCVE-2019-15098 at SUSECVE-2019-15098 at NVDCVE-2019-15099 at SUSECVE-2019-15099 at NVDCVE-2019-15290 at SUSECVE-2019-15290 at NVDCVE-2019-15291 at SUSECVE-2019-15291 at NVDCVE-2019-15504 at SUSECVE-2019-15504 at NVDCVE-2019-16231 at SUSECVE-2019-16231 at NVDCVE-2019-16232 at SUSECVE-2019-16232 at NVDCVE-2019-16233 at SUSECVE-2019-16233 at NVDCVE-2019-16234 at SUSECVE-2019-16234 at NVDCVE-2019-17133 at SUSECVE-2019-17133 at NVDCVE-2019-17666 at SUSECVE-2019-17666 at NVDCVE-2019-18198 at SUSECVE-2019-18198 at NVDCVE-2019-18660 at SUSECVE-2019-18660 at NVDCVE-2019-18683 at SUSECVE-2019-18683 at NVDCVE-2019-18786 at SUSECVE-2019-18786 at NVDCVE-2019-18808 at SUSECVE-2019-18808 at NVDCVE-2019-18809 at SUSECVE-2019-18809 at NVDCVE-2019-18811 at SUSECVE-2019-18811 at NVDCVE-2019-18812 at SUSECVE-2019-18812 at NVDCVE-2019-18813 at SUSECVE-2019-18813 at NVDCVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19037 at SUSECVE-2019-19037 at NVDCVE-2019-19043 at SUSECVE-2019-19043 at NVDCVE-2019-19044 at SUSECVE-2019-19044 at NVDCVE-2019-19045 at SUSECVE-2019-19045 at NVDCVE-2019-19046 at SUSECVE-2019-19046 at NVDCVE-2019-19047 at SUSECVE-2019-19047 at NVDCVE-2019-19048 at SUSECVE-2019-19048 at NVDCVE-2019-19049 at SUSECVE-2019-19049 at NVDCVE-2019-19050 at SUSECVE-2019-19050 at NVDCVE-2019-19051 at SUSECVE-2019-19051 at NVDCVE-2019-19052 at SUSECVE-2019-19052 at NVDCVE-2019-19053 at SUSECVE-2019-19053 at NVDCVE-2019-19054 at SUSECVE-2019-19054 at NVDCVE-2019-19055 at SUSECVE-2019-19055 at NVDCVE-2019-19056 at SUSECVE-2019-19056 at NVDCVE-2019-19057 at SUSECVE-2019-19057 at NVDCVE-2019-19058 at SUSECVE-2019-19058 at NVDCVE-2019-19060 at SUSECVE-2019-19060 at NVDCVE-2019-19061 at SUSECVE-2019-19061 at NVDCVE-2019-19062 at SUSECVE-2019-19062 at NVDCVE-2019-19063 at SUSECVE-2019-19063 at NVDCVE-2019-19064 at SUSECVE-2019-19064 at NVDCVE-2019-19065 at SUSECVE-2019-19065 at NVDCVE-2019-19066 at SUSECVE-2019-19066 at NVDCVE-2019-19067 at SUSECVE-2019-19067 at NVDCVE-2019-19068 at SUSECVE-2019-19068 at NVDCVE-2019-19069 at SUSECVE-2019-19069 at NVDCVE-2019-19070 at SUSECVE-2019-19070 at NVDCVE-2019-19071 at SUSECVE-2019-19071 at NVDCVE-2019-19072 at SUSECVE-2019-19072 at NVDCVE-2019-19073 at SUSECVE-2019-19073 at NVDCVE-2019-19074 at SUSECVE-2019-19074 at NVDCVE-2019-19075 at SUSECVE-2019-19075 at NVDCVE-2019-19077 at SUSECVE-2019-19077 at NVDCVE-2019-19078 at SUSECVE-2019-19078 at NVDCVE-2019-19080 at SUSECVE-2019-19080 at NVDCVE-2019-19081 at SUSECVE-2019-19081 at NVDCVE-2019-19082 at SUSECVE-2019-19082 at NVDCVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2019-19241 at SUSECVE-2019-19241 at NVDCVE-2019-19252 at SUSECVE-2019-19252 at NVDCVE-2019-19332 at SUSECVE-2019-19332 at NVDCVE-2019-19338 at SUSECVE-2019-19338 at NVDCVE-2019-19447 at SUSECVE-2019-19447 at NVDCVE-2019-19462 at SUSECVE-2019-19462 at NVDCVE-2019-19523 at SUSECVE-2019-19523 at NVDCVE-2019-19524 at SUSECVE-2019-19524 at NVDCVE-2019-19525 at SUSECVE-2019-19525 at NVDCVE-2019-19526 at SUSECVE-2019-19526 at NVDCVE-2019-19528 at SUSECVE-2019-19528 at NVDCVE-2019-19529 at SUSECVE-2019-19529 at NVDCVE-2019-19532 at SUSECVE-2019-19532 at NVDCVE-2019-19533 at SUSECVE-2019-19533 at NVDCVE-2019-19534 at SUSECVE-2019-19534 at NVDCVE-2019-19602 at SUSECVE-2019-19602 at NVDCVE-2019-19767 at SUSECVE-2019-19767 at NVDCVE-2019-19768 at SUSECVE-2019-19768 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2019-19770 at SUSECVE-2019-19770 at NVDCVE-2019-19807 at SUSECVE-2019-19807 at NVDCVE-2019-19922 at SUSECVE-2019-19922 at NVDCVE-2019-19947 at SUSECVE-2019-19947 at NVDCVE-2019-19965 at SUSECVE-2019-19965 at NVDCVE-2019-20422 at SUSECVE-2019-20422 at NVDCVE-2019-20810 at SUSECVE-2019-20810 at NVDCVE-2019-20812 at SUSECVE-2019-20812 at NVDCVE-2019-3016 at SUSECVE-2019-3016 at NVDCVE-2019-8912 at SUSECVE-2019-8912 at NVDCVE-2020-0110 at SUSECVE-2020-0110 at NVDCVE-2020-0305 at SUSECVE-2020-0305 at NVDCVE-2020-0404 at SUSECVE-2020-0404 at NVDCVE-2020-0427 at SUSECVE-2020-0427 at NVDCVE-2020-0431 at SUSECVE-2020-0431 at NVDCVE-2020-0432 at SUSECVE-2020-0432 at NVDCVE-2020-0444 at SUSECVE-2020-0444 at NVDCVE-2020-0465 at SUSECVE-2020-0465 at NVDCVE-2020-0466 at SUSECVE-2020-0466 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-10135 at SUSECVE-2020-10135 at NVDCVE-2020-10690 at SUSECVE-2020-10690 at NVDCVE-2020-10711 at SUSECVE-2020-10711 at NVDCVE-2020-10732 at SUSECVE-2020-10732 at NVDCVE-2020-10751 at SUSECVE-2020-10751 at NVDCVE-2020-10757 at SUSECVE-2020-10757 at NVDCVE-2020-10766 at SUSECVE-2020-10766 at NVDCVE-2020-10767 at SUSECVE-2020-10767 at NVDCVE-2020-10768 at SUSECVE-2020-10768 at NVDCVE-2020-10773 at SUSECVE-2020-10773 at NVDCVE-2020-10781 at SUSECVE-2020-10781 at NVDCVE-2020-10942 at SUSECVE-2020-10942 at NVDCVE-2020-11494 at SUSECVE-2020-11494 at NVDCVE-2020-11608 at SUSECVE-2020-11608 at NVDCVE-2020-11668 at SUSECVE-2020-11668 at NVDCVE-2020-11884 at SUSECVE-2020-11884 at NVDCVE-2020-12351 at SUSECVE-2020-12351 at NVDCVE-2020-12352 at SUSECVE-2020-12352 at NVDCVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-12464 at SUSECVE-2020-12464 at NVDCVE-2020-12465 at SUSECVE-2020-12465 at NVDCVE-2020-12652 at SUSECVE-2020-12652 at NVDCVE-2020-12653 at SUSECVE-2020-12653 at NVDCVE-2020-12654 at SUSECVE-2020-12654 at NVDCVE-2020-12655 at SUSECVE-2020-12655 at NVDCVE-2020-12656 at SUSECVE-2020-12656 at NVDCVE-2020-12657 at SUSECVE-2020-12657 at NVDCVE-2020-12659 at SUSECVE-2020-12659 at NVDCVE-2020-12769 at SUSECVE-2020-12769 at NVDCVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-12771 at SUSECVE-2020-12771 at NVDCVE-2020-12888 at SUSECVE-2020-12888 at NVDCVE-2020-13143 at SUSECVE-2020-13143 at NVDCVE-2020-13974 at SUSECVE-2020-13974 at NVDCVE-2020-14314 at SUSECVE-2020-14314 at NVDCVE-2020-14331 at SUSECVE-2020-14331 at NVDCVE-2020-14351 at SUSECVE-2020-14351 at NVDCVE-2020-14356 at SUSECVE-2020-14356 at NVDCVE-2020-14385 at SUSECVE-2020-14385 at NVDCVE-2020-14386 at SUSECVE-2020-14386 at NVDCVE-2020-14390 at SUSECVE-2020-14390 at NVDCVE-2020-14416 at SUSECVE-2020-14416 at NVDCVE-2020-15393 at SUSECVE-2020-15393 at NVDCVE-2020-15436 at SUSECVE-2020-15436 at NVDCVE-2020-15437 at SUSECVE-2020-15437 at NVDCVE-2020-15780 at SUSECVE-2020-15780 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-16120 at SUSECVE-2020-16120 at NVDCVE-2020-16166 at SUSECVE-2020-16166 at NVDCVE-2020-1749 at SUSECVE-2020-1749 at NVDCVE-2020-24490 at SUSECVE-2020-24490 at NVDCVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-2521 at SUSECVE-2020-2521 at NVDCVE-2020-25211 at SUSECVE-2020-25211 at NVDCVE-2020-25212 at SUSECVE-2020-25212 at NVDCVE-2020-25284 at SUSECVE-2020-25284 at NVDCVE-2020-25285 at SUSECVE-2020-25285 at NVDCVE-2020-25639 at SUSECVE-2020-25639 at NVDCVE-2020-25641 at SUSECVE-2020-25641 at NVDCVE-2020-25643 at SUSECVE-2020-25643 at NVDCVE-2020-25645 at SUSECVE-2020-25645 at NVDCVE-2020-25656 at SUSECVE-2020-25656 at NVDCVE-2020-25668 at SUSECVE-2020-25668 at NVDCVE-2020-25669 at SUSECVE-2020-25669 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-25704 at SUSECVE-2020-25704 at NVDCVE-2020-25705 at SUSECVE-2020-25705 at NVDCVE-2020-26088 at SUSECVE-2020-26088 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-27068 at SUSECVE-2020-27068 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27194 at SUSECVE-2020-27194 at NVDCVE-2020-2732 at SUSECVE-2020-2732 at NVDCVE-2020-27673 at SUSECVE-2020-27673 at NVDCVE-2020-27675 at SUSECVE-2020-27675 at NVDCVE-2020-27777 at SUSECVE-2020-27777 at NVDCVE-2020-27786 at SUSECVE-2020-27786 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2020-27830 at SUSECVE-2020-27830 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2020-28374 at SUSECVE-2020-28374 at NVDCVE-2020-28915 at SUSECVE-2020-28915 at NVDCVE-2020-28941 at SUSECVE-2020-28941 at NVDCVE-2020-28974 at SUSECVE-2020-28974 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29369 at SUSECVE-2020-29369 at NVDCVE-2020-29370 at SUSECVE-2020-29370 at NVDCVE-2020-29371 at SUSECVE-2020-29371 at NVDCVE-2020-29373 at SUSECVE-2020-29373 at NVDCVE-2020-29568 at SUSECVE-2020-29568 at NVDCVE-2020-29569 at SUSECVE-2020-29569 at NVDCVE-2020-29660 at SUSECVE-2020-29660 at NVDCVE-2020-29661 at SUSECVE-2020-29661 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36158 at SUSECVE-2020-36158 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-4788 at SUSECVE-2020-4788 at NVDCVE-2020-8428 at SUSECVE-2020-8428 at NVDCVE-2020-8647 at SUSECVE-2020-8647 at NVDCVE-2020-8648 at SUSECVE-2020-8648 at NVDCVE-2020-8649 at SUSECVE-2020-8649 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8835 at SUSECVE-2020-8835 at NVDCVE-2020-8992 at SUSECVE-2020-8992 at NVDCVE-2020-9383 at SUSECVE-2020-9383 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0342 at SUSECVE-2021-0342 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-20177 at SUSECVE-2021-20177 at NVDCVE-2021-20268 at SUSECVE-2021-20268 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28952 at SUSECVE-2021-28952 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2021-33135 at SUSECVE-2021-33135 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3347 at SUSECVE-2021-3347 at NVDCVE-2021-3348 at SUSECVE-2021-3348 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDCVE-2021-3489 at SUSECVE-2021-3489 at NVDCVE-2021-3490 at SUSECVE-2021-3490 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4090 at SUSECVE-2021-4090 at NVDCVE-2021-41073 at SUSECVE-2021-41073 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43057 at SUSECVE-2021-43057 at NVDCVE-2021-43267 at SUSECVE-2021-43267 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2021-45480 at SUSECVE-2021-45480 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0171 at SUSECVE-2022-0171 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0264 at SUSECVE-2022-0264 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0382 at SUSECVE-2022-0382 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0494 at SUSECVE-2022-0494 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0742 at SUSECVE-2022-0742 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-0886 at SUSECVE-2022-0886 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-0998 at SUSECVE-2022-0998 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1015 at SUSECVE-2022-1015 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1204 at SUSECVE-2022-1204 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-1508 at SUSECVE-2022-1508 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-1651 at SUSECVE-2022-1651 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1671 at SUSECVE-2022-1671 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1734 at SUSECVE-2022-1734 at NVDCVE-2022-1789 at SUSECVE-2022-1789 at NVDCVE-2022-1836 at SUSECVE-2022-1836 at NVDCVE-2022-1852 at SUSECVE-2022-1852 at NVDCVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-1998 at SUSECVE-2022-1998 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-21499 at SUSECVE-2022-21499 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-23960 at SUSECVE-2022-23960 at NVDCVE-2022-24122 at SUSECVE-2022-24122 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-26878 at SUSECVE-2022-26878 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-2873 at SUSECVE-2022-2873 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-29582 at SUSECVE-2022-29582 at NVDCVE-2022-2959 at SUSECVE-2022-2959 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-3078 at SUSECVE-2022-3078 at NVDCVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33743 at SUSECVE-2022-33743 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45869 at SUSECVE-2022-45869 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45888 at SUSECVE-2022-45888 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0468 at SUSECVE-2023-0468 at NVDCVE-2023-0469 at SUSECVE-2023-0469 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1583 at SUSECVE-2023-1583 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-21106 at SUSECVE-2023-21106 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-2430 at SUSECVE-2023-2430 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3220 at SUSECVE-2023-3220 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-38409 at SUSECVE-2023-38409 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.5kpartx-0.9.4+74+suse.f97cc59-150500.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the kpartx-0.9.4+74+suse.f97cc59-150500.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-41973 at SUSECVE-2022-41973 at NVDCVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:sle-micro:5.5krb5-1.20.1-150500.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the krb5-1.20.1-150500.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-5351 at SUSECVE-2014-5351 at NVDCVE-2014-5352 at SUSECVE-2014-5352 at NVDCVE-2014-5353 at SUSECVE-2014-5353 at NVDCVE-2014-5354 at SUSECVE-2014-5354 at NVDCVE-2014-5355 at SUSECVE-2014-5355 at NVDCVE-2014-9421 at SUSECVE-2014-9421 at NVDCVE-2014-9422 at SUSECVE-2014-9422 at NVDCVE-2014-9423 at SUSECVE-2014-9423 at NVDCVE-2015-2694 at SUSECVE-2015-2694 at NVDCVE-2015-2695 at SUSECVE-2015-2695 at NVDCVE-2015-2696 at SUSECVE-2015-2696 at NVDCVE-2015-2697 at SUSECVE-2015-2697 at NVDCVE-2015-2698 at SUSECVE-2015-2698 at NVDCVE-2015-8629 at SUSECVE-2015-8629 at NVDCVE-2015-8630 at SUSECVE-2015-8630 at NVDCVE-2015-8631 at SUSECVE-2015-8631 at NVDCVE-2016-3119 at SUSECVE-2016-3119 at NVDCVE-2016-3120 at SUSECVE-2016-3120 at NVDCVE-2017-11368 at SUSECVE-2017-11368 at NVDCVE-2017-11462 at SUSECVE-2017-11462 at NVDCVE-2018-20217 at SUSECVE-2018-20217 at NVDCVE-2018-5729 at SUSECVE-2018-5729 at NVDCVE-2018-5730 at SUSECVE-2018-5730 at NVDCVE-2020-28196 at SUSECVE-2020-28196 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-37750 at SUSECVE-2021-37750 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDCVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:suse:sle-micro:5.5kubevirt-manifests-0.58.0-150500.6.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the kubevirt-manifests-0.58.0-150500.6.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-1798 at SUSECVE-2022-1798 at NVDCVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDCVE-2023-26484 at SUSECVE-2023-26484 at NVDcpe:/o:suse:sle-micro:5.5less-590-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the less-590-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9488 at SUSECVE-2014-9488 at NVDCVE-2022-46663 at SUSECVE-2022-46663 at NVDcpe:/o:suse:sle-micro:5.5libX11-6-1.6.5-150000.3.30.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libX11-6-1.6.5-150000.3.30.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-14598 at SUSECVE-2018-14598 at NVDCVE-2018-14599 at SUSECVE-2018-14599 at NVDCVE-2018-14600 at SUSECVE-2018-14600 at NVDCVE-2020-14344 at SUSECVE-2020-14344 at NVDCVE-2020-14363 at SUSECVE-2020-14363 at NVDCVE-2021-31535 at SUSECVE-2021-31535 at NVDCVE-2022-3554 at SUSECVE-2022-3554 at NVDCVE-2022-3555 at SUSECVE-2022-3555 at NVDCVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:sle-micro:5.5libXcursor1-1.1.15-1.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXcursor1-1.1.15-1.18 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-2003 at SUSECVE-2013-2003 at NVDCVE-2017-16612 at SUSECVE-2017-16612 at NVDcpe:/o:suse:sle-micro:5.5libXext6-1.3.3-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXext6-1.3.3-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1982 at SUSECVE-2013-1982 at NVDcpe:/o:suse:sle-micro:5.5libXfixes3-6.0.0-150400.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXfixes3-6.0.0-150400.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1983 at SUSECVE-2013-1983 at NVDcpe:/o:suse:sle-micro:5.5libXi6-1.7.9-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXi6-1.7.9-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1984 at SUSECVE-2013-1984 at NVDCVE-2013-1995 at SUSECVE-2013-1995 at NVDCVE-2013-1998 at SUSECVE-2013-1998 at NVDcpe:/o:suse:sle-micro:5.5libXinerama1-1.1.3-1.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXinerama1-1.1.3-1.22 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1985 at SUSECVE-2013-1985 at NVDcpe:/o:suse:sle-micro:5.5libXrandr2-1.5.1-2.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXrandr2-1.5.1-2.17 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1986 at SUSECVE-2013-1986 at NVDCVE-2016-7947 at SUSECVE-2016-7947 at NVDCVE-2016-7948 at SUSECVE-2016-7948 at NVDcpe:/o:suse:sle-micro:5.5libXrender1-0.9.10-1.30 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXrender1-0.9.10-1.30 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1987 at SUSECVE-2013-1987 at NVDcpe:/o:suse:sle-micro:5.5libXtst6-1.2.3-1.24 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXtst6-1.2.3-1.24 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-2063 at SUSECVE-2013-2063 at NVDcpe:/o:suse:sle-micro:5.5libXv1-1.0.11-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXv1-1.0.11-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-1989 at SUSECVE-2013-1989 at NVDCVE-2013-2066 at SUSECVE-2013-2066 at NVDCVE-2016-5407 at SUSECVE-2016-5407 at NVDcpe:/o:suse:sle-micro:5.5libXxf86vm1-1.1.4-1.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libXxf86vm1-1.1.4-1.23 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-2001 at SUSECVE-2013-2001 at NVDcpe:/o:suse:sle-micro:5.5libarchive13-3.5.1-150400.3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libarchive13-3.5.1-150400.3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-0211 at SUSECVE-2013-0211 at NVDCVE-2015-2304 at SUSECVE-2015-2304 at NVDCVE-2015-8917 at SUSECVE-2015-8917 at NVDCVE-2015-8928 at SUSECVE-2015-8928 at NVDCVE-2015-8933 at SUSECVE-2015-8933 at NVDCVE-2015-8934 at SUSECVE-2015-8934 at NVDCVE-2016-1541 at SUSECVE-2016-1541 at NVDCVE-2016-4300 at SUSECVE-2016-4300 at NVDCVE-2016-4301 at SUSECVE-2016-4301 at NVDCVE-2016-4809 at SUSECVE-2016-4809 at NVDCVE-2016-5418 at SUSECVE-2016-5418 at NVDCVE-2016-5844 at SUSECVE-2016-5844 at NVDCVE-2016-6250 at SUSECVE-2016-6250 at NVDCVE-2016-8687 at SUSECVE-2016-8687 at NVDCVE-2016-8688 at SUSECVE-2016-8688 at NVDCVE-2016-8689 at SUSECVE-2016-8689 at NVDCVE-2017-14166 at SUSECVE-2017-14166 at NVDCVE-2017-14501 at SUSECVE-2017-14501 at NVDCVE-2017-14502 at SUSECVE-2017-14502 at NVDCVE-2017-14503 at SUSECVE-2017-14503 at NVDCVE-2017-5601 at SUSECVE-2017-5601 at NVDCVE-2018-1000877 at SUSECVE-2018-1000877 at NVDCVE-2018-1000878 at SUSECVE-2018-1000878 at NVDCVE-2018-1000879 at SUSECVE-2018-1000879 at NVDCVE-2018-1000880 at SUSECVE-2018-1000880 at NVDCVE-2019-1000019 at SUSECVE-2019-1000019 at NVDCVE-2019-1000020 at SUSECVE-2019-1000020 at NVDCVE-2019-18408 at SUSECVE-2019-18408 at NVDCVE-2019-19221 at SUSECVE-2019-19221 at NVDCVE-2021-23177 at SUSECVE-2021-23177 at NVDCVE-2021-31566 at SUSECVE-2021-31566 at NVDCVE-2021-36976 at SUSECVE-2021-36976 at NVDCVE-2022-26280 at SUSECVE-2022-26280 at NVDCVE-2022-36227 at SUSECVE-2022-36227 at NVDcpe:/o:suse:sle-micro:5.5libaudit1-3.0.6-150400.4.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libaudit1-3.0.6-150400.4.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-5186 at SUSECVE-2015-5186 at NVDcpe:/o:suse:sle-micro:5.5libaugeas0-1.12.0-150400.3.3.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libaugeas0-1.12.0-150400.3.3.6 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8119 at SUSECVE-2014-8119 at NVDCVE-2017-7555 at SUSECVE-2017-7555 at NVDcpe:/o:suse:sle-micro:5.5libblkid1-2.37.4-150500.7.16 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libblkid1-2.37.4-150500.7.16 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9114 at SUSECVE-2014-9114 at NVDCVE-2015-5218 at SUSECVE-2015-5218 at NVDCVE-2016-2779 at SUSECVE-2016-2779 at NVDCVE-2016-5011 at SUSECVE-2016-5011 at NVDCVE-2017-2616 at SUSECVE-2017-2616 at NVDCVE-2021-37600 at SUSECVE-2021-37600 at NVDCVE-2021-3995 at SUSECVE-2021-3995 at NVDCVE-2021-3996 at SUSECVE-2021-3996 at NVDCVE-2022-0563 at SUSECVE-2022-0563 at NVDcpe:/o:suse:sle-micro:5.5libbluetooth3-5.65-150500.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libbluetooth3-5.65-150500.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9797 at SUSECVE-2016-9797 at NVDCVE-2016-9798 at SUSECVE-2016-9798 at NVDCVE-2016-9800 at SUSECVE-2016-9800 at NVDCVE-2016-9801 at SUSECVE-2016-9801 at NVDCVE-2016-9802 at SUSECVE-2016-9802 at NVDCVE-2016-9804 at SUSECVE-2016-9804 at NVDCVE-2016-9917 at SUSECVE-2016-9917 at NVDCVE-2016-9918 at SUSECVE-2016-9918 at NVDCVE-2020-0556 at SUSECVE-2020-0556 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-3588 at SUSECVE-2021-3588 at NVDCVE-2022-0204 at SUSECVE-2022-0204 at NVDCVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:sle-micro:5.5libbpf1-1.1.0-150500.1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libbpf1-1.1.0-150500.1.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-45940 at SUSECVE-2021-45940 at NVDCVE-2021-45941 at SUSECVE-2021-45941 at NVDCVE-2022-3533 at SUSECVE-2022-3533 at NVDCVE-2022-3534 at SUSECVE-2022-3534 at NVDCVE-2022-3606 at SUSECVE-2022-3606 at NVDcpe:/o:suse:sle-micro:5.5libbrotlicommon1-1.0.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libbrotlicommon1-1.0.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:suse:sle-micro:5.5libbsd0-0.8.7-3.3.17 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libbsd0-0.8.7-3.3.17 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-20367 at SUSECVE-2019-20367 at NVDcpe:/o:suse:sle-micro:5.5libcairo-gobject2-1.16.0-150400.9.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libcairo-gobject2-1.16.0-150400.9.6 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9082 at SUSECVE-2016-9082 at NVDCVE-2017-7475 at SUSECVE-2017-7475 at NVDCVE-2017-9814 at SUSECVE-2017-9814 at NVDcpe:/o:suse:sle-micro:5.5libcap2-2.63-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libcap2-2.63-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2023-2602 at SUSECVE-2023-2602 at NVDCVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:suse:sle-micro:5.5libcares2-1.19.1-150000.3.23.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libcares2-1.19.1-150000.3.23.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-5180 at SUSECVE-2016-5180 at NVDCVE-2017-1000381 at SUSECVE-2017-1000381 at NVDCVE-2020-8277 at SUSECVE-2020-8277 at NVDCVE-2021-3672 at SUSECVE-2021-3672 at NVDCVE-2022-4904 at SUSECVE-2022-4904 at NVDCVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:sle-micro:5.5libcolord2-1.4.5-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libcolord2-1.4.5-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.5libcontainers-common-20230214-150500.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libcontainers-common-20230214-150500.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-15664 at SUSECVE-2018-15664 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20291 at SUSECVE-2021-20291 at NVDCVE-2021-3602 at SUSECVE-2021-3602 at NVDcpe:/o:suse:sle-micro:5.5libekmfweb1-2.25.0-150500.9.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libekmfweb1-2.25.0-150500.9.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-25316 at SUSECVE-2021-25316 at NVDcpe:/o:suse:sle-micro:5.5libevent-2_1-8-2.1.8-2.23 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libevent-2_1-8-2.1.8-2.23 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-6272 at SUSECVE-2014-6272 at NVDcpe:/o:suse:sle-micro:5.5libexpat1-2.4.4-150400.3.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libexpat1-2.4.4-150400.3.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2012-0876 at SUSECVE-2012-0876 at NVDCVE-2012-6702 at SUSECVE-2012-6702 at NVDCVE-2013-0340 at SUSECVE-2013-0340 at NVDCVE-2015-1283 at SUSECVE-2015-1283 at NVDCVE-2016-0718 at SUSECVE-2016-0718 at NVDCVE-2016-4472 at SUSECVE-2016-4472 at NVDCVE-2016-5300 at SUSECVE-2016-5300 at NVDCVE-2016-9063 at SUSECVE-2016-9063 at NVDCVE-2017-9233 at SUSECVE-2017-9233 at NVDCVE-2018-20843 at SUSECVE-2018-20843 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDCVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDCVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDCVE-2022-40674 at SUSECVE-2022-40674 at NVDCVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:sle-micro:5.5libfreebl3-3.90-150400.3.32.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libfreebl3-3.90-150400.3.32.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-1569 at SUSECVE-2014-1569 at NVDCVE-2015-2721 at SUSECVE-2015-2721 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2015-7181 at SUSECVE-2015-7181 at NVDCVE-2015-7182 at SUSECVE-2015-7182 at NVDCVE-2015-7575 at SUSECVE-2015-7575 at NVDCVE-2016-1950 at SUSECVE-2016-1950 at NVDCVE-2016-1979 at SUSECVE-2016-1979 at NVDCVE-2016-2834 at SUSECVE-2016-2834 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2018-12384 at SUSECVE-2018-12384 at NVDCVE-2018-12404 at SUSECVE-2018-12404 at NVDCVE-2018-18508 at SUSECVE-2018-18508 at NVDCVE-2019-11745 at SUSECVE-2019-11745 at NVDCVE-2019-17006 at SUSECVE-2019-17006 at NVDCVE-2020-12399 at SUSECVE-2020-12399 at NVDCVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12402 at SUSECVE-2020-12402 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2022-1097 at SUSECVE-2022-1097 at NVDCVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDCVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:sle-micro:5.5libfreetype6-2.10.4-150000.4.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libfreetype6-2.10.4-150000.4.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-2240 at SUSECVE-2014-2240 at NVDCVE-2014-9656 at SUSECVE-2014-9656 at NVDCVE-2014-9657 at SUSECVE-2014-9657 at NVDCVE-2014-9658 at SUSECVE-2014-9658 at NVDCVE-2014-9659 at SUSECVE-2014-9659 at NVDCVE-2014-9660 at SUSECVE-2014-9660 at NVDCVE-2014-9661 at SUSECVE-2014-9661 at NVDCVE-2014-9662 at SUSECVE-2014-9662 at NVDCVE-2014-9663 at SUSECVE-2014-9663 at NVDCVE-2014-9664 at SUSECVE-2014-9664 at NVDCVE-2014-9665 at SUSECVE-2014-9665 at NVDCVE-2014-9666 at SUSECVE-2014-9666 at NVDCVE-2014-9667 at SUSECVE-2014-9667 at NVDCVE-2014-9668 at SUSECVE-2014-9668 at NVDCVE-2014-9669 at SUSECVE-2014-9669 at NVDCVE-2014-9670 at SUSECVE-2014-9670 at NVDCVE-2014-9671 at SUSECVE-2014-9671 at NVDCVE-2014-9672 at SUSECVE-2014-9672 at NVDCVE-2014-9673 at SUSECVE-2014-9673 at NVDCVE-2014-9674 at SUSECVE-2014-9674 at NVDCVE-2014-9675 at SUSECVE-2014-9675 at NVDCVE-2017-8105 at SUSECVE-2017-8105 at NVDCVE-2017-8287 at SUSECVE-2017-8287 at NVDCVE-2018-6942 at SUSECVE-2018-6942 at NVDCVE-2020-15999 at SUSECVE-2020-15999 at NVDCVE-2022-27404 at SUSECVE-2022-27404 at NVDCVE-2022-27405 at SUSECVE-2022-27405 at NVDCVE-2022-27406 at SUSECVE-2022-27406 at NVDCVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:suse:sle-micro:5.5libfribidi0-1.0.10-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libfribidi0-1.0.10-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-18397 at SUSECVE-2019-18397 at NVDCVE-2022-25308 at SUSECVE-2022-25308 at NVDCVE-2022-25309 at SUSECVE-2022-25309 at NVDCVE-2022-25310 at SUSECVE-2022-25310 at NVDcpe:/o:suse:sle-micro:5.5libfuse2-2.9.7-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libfuse2-2.9.7-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2009-3297 at SUSECVE-2009-3297 at NVDCVE-2011-0541 at SUSECVE-2011-0541 at NVDCVE-2015-3202 at SUSECVE-2015-3202 at NVDCVE-2018-10906 at SUSECVE-2018-10906 at NVDcpe:/o:suse:sle-micro:5.5libgcrypt20-1.9.4-150500.10.19 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libgcrypt20-1.9.4-150500.10.19 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3591 at SUSECVE-2014-3591 at NVDCVE-2015-0837 at SUSECVE-2015-0837 at NVDCVE-2015-5738 at SUSECVE-2015-5738 at NVDCVE-2015-7511 at SUSECVE-2015-7511 at NVDCVE-2016-6313 at SUSECVE-2016-6313 at NVDCVE-2017-0379 at SUSECVE-2017-0379 at NVDCVE-2017-7526 at SUSECVE-2017-7526 at NVDCVE-2018-0495 at SUSECVE-2018-0495 at NVDCVE-2019-12904 at SUSECVE-2019-12904 at NVDCVE-2019-13627 at SUSECVE-2019-13627 at NVDCVE-2021-3345 at SUSECVE-2021-3345 at NVDCVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:sle-micro:5.5libgmp10-6.1.2-4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libgmp10-6.1.2-4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:sle-micro:5.5libgraphite2-3-1.3.11-150000.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libgraphite2-3-1.3.11-150000.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-1521 at SUSECVE-2016-1521 at NVDCVE-2017-5436 at SUSECVE-2017-5436 at NVDCVE-2018-7999 at SUSECVE-2018-7999 at NVDcpe:/o:suse:sle-micro:5.5libharfbuzz-gobject0-3.4.0-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libharfbuzz-gobject0-3.4.0-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-33068 at SUSECVE-2022-33068 at NVDCVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:sle-micro:5.5libhogweed6-3.8.1-150500.2.25 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libhogweed6-3.8.1-150500.2.25 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-8803 at SUSECVE-2015-8803 at NVDCVE-2015-8804 at SUSECVE-2015-8804 at NVDCVE-2015-8805 at SUSECVE-2015-8805 at NVDCVE-2016-6489 at SUSECVE-2016-6489 at NVDCVE-2018-16869 at SUSECVE-2018-16869 at NVDCVE-2021-20305 at SUSECVE-2021-20305 at NVDCVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:sle-micro:5.5libidn2-0-2.2.0-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libidn2-0-2.2.0-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-2059 at SUSECVE-2015-2059 at NVDCVE-2015-8948 at SUSECVE-2015-8948 at NVDCVE-2016-6261 at SUSECVE-2016-6261 at NVDCVE-2016-6262 at SUSECVE-2016-6262 at NVDCVE-2016-6263 at SUSECVE-2016-6263 at NVDCVE-2019-12290 at SUSECVE-2019-12290 at NVDCVE-2019-18224 at SUSECVE-2019-18224 at NVDcpe:/o:suse:sle-micro:5.5libjansson4-2.14-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libjansson4-2.14-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-6401 at SUSECVE-2013-6401 at NVDcpe:/o:suse:sle-micro:5.5libjbig2-2.1-3.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libjbig2-2.1-3.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-6369 at SUSECVE-2013-6369 at NVDcpe:/o:suse:sle-micro:5.5libjpeg8-8.2.2-150400.15.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libjpeg8-8.2.2-150400.15.9 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9092 at SUSECVE-2014-9092 at NVDCVE-2017-15232 at SUSECVE-2017-15232 at NVDCVE-2018-1152 at SUSECVE-2018-1152 at NVDCVE-2018-11813 at SUSECVE-2018-11813 at NVDCVE-2018-14498 at SUSECVE-2018-14498 at NVDCVE-2018-19644 at SUSECVE-2018-19644 at NVDCVE-2018-19664 at SUSECVE-2018-19664 at NVDCVE-2018-20330 at SUSECVE-2018-20330 at NVDCVE-2019-2201 at SUSECVE-2019-2201 at NVDCVE-2020-13790 at SUSECVE-2020-13790 at NVDCVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:sle-micro:5.5libjson-c3-0.13-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libjson-c3-0.13-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-6370 at SUSECVE-2013-6370 at NVDCVE-2013-6371 at SUSECVE-2013-6371 at NVDCVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:sle-micro:5.5libksba8-1.3.5-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libksba8-1.3.5-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9087 at SUSECVE-2014-9087 at NVDCVE-2016-4574 at SUSECVE-2016-4574 at NVDCVE-2016-4579 at SUSECVE-2016-4579 at NVDCVE-2022-3515 at SUSECVE-2022-3515 at NVDCVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:sle-micro:5.5liblcms2-2-2.12-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the liblcms2-2-2.12-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-16435 at SUSECVE-2018-16435 at NVDcpe:/o:suse:sle-micro:5.5libldap-2_4-2-2.4.46-150200.14.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libldap-2_4-2-2.4.46-150200.14.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-1545 at SUSECVE-2015-1545 at NVDCVE-2015-1546 at SUSECVE-2015-1546 at NVDCVE-2015-6908 at SUSECVE-2015-6908 at NVDCVE-2017-17740 at SUSECVE-2017-17740 at NVDCVE-2019-13057 at SUSECVE-2019-13057 at NVDCVE-2019-13565 at SUSECVE-2019-13565 at NVDCVE-2020-12243 at SUSECVE-2020-12243 at NVDCVE-2020-15719 at SUSECVE-2020-15719 at NVDCVE-2020-25692 at SUSECVE-2020-25692 at NVDCVE-2020-25709 at SUSECVE-2020-25709 at NVDCVE-2020-25710 at SUSECVE-2020-25710 at NVDCVE-2020-36221 at SUSECVE-2020-36221 at NVDCVE-2020-36222 at SUSECVE-2020-36222 at NVDCVE-2020-36223 at SUSECVE-2020-36223 at NVDCVE-2020-36224 at SUSECVE-2020-36224 at NVDCVE-2020-36225 at SUSECVE-2020-36225 at NVDCVE-2020-36226 at SUSECVE-2020-36226 at NVDCVE-2020-36227 at SUSECVE-2020-36227 at NVDCVE-2020-36228 at SUSECVE-2020-36228 at NVDCVE-2020-36229 at SUSECVE-2020-36229 at NVDCVE-2020-36230 at SUSECVE-2020-36230 at NVDCVE-2020-8023 at SUSECVE-2020-8023 at NVDCVE-2020-8027 at SUSECVE-2020-8027 at NVDCVE-2021-27212 at SUSECVE-2021-27212 at NVDCVE-2022-29155 at SUSECVE-2022-29155 at NVDCVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:suse:sle-micro:5.5libldb2-2.6.2-150500.1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libldb2-2.6.2-150500.1.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-3670 at SUSECVE-2021-3670 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDcpe:/o:suse:sle-micro:5.5liblua5_3-5-5.3.6-3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the liblua5_3-5-5.3.6-3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-6706 at SUSECVE-2019-6706 at NVDCVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:sle-micro:5.5liblz4-1-1.9.3-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the liblz4-1-1.9.3-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-17543 at SUSECVE-2019-17543 at NVDCVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:sle-micro:5.5liblzo2-2-2.10-2.22 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the liblzo2-2-2.10-2.22 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-4607 at SUSECVE-2014-4607 at NVDcpe:/o:suse:sle-micro:5.5libmicrohttpd12-0.9.57-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libmicrohttpd12-0.9.57-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2023-27371 at SUSECVE-2023-27371 at NVDcpe:/o:suse:sle-micro:5.5libmpfr6-4.0.2-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libmpfr6-4.0.2-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9474 at SUSECVE-2014-9474 at NVDcpe:/o:suse:sle-micro:5.5libmspack0-0.6-3.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libmspack0-0.6-3.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9556 at SUSECVE-2014-9556 at NVDCVE-2017-11423 at SUSECVE-2017-11423 at NVDCVE-2017-6419 at SUSECVE-2017-6419 at NVDCVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDCVE-2018-18584 at SUSECVE-2018-18584 at NVDCVE-2018-18585 at SUSECVE-2018-18585 at NVDCVE-2018-18586 at SUSECVE-2018-18586 at NVDCVE-2019-1010305 at SUSECVE-2019-1010305 at NVDcpe:/o:suse:sle-micro:5.5libncurses6-6.1-150000.5.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libncurses6-6.1-150000.5.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-19211 at SUSECVE-2018-19211 at NVDCVE-2019-17594 at SUSECVE-2019-17594 at NVDCVE-2019-17595 at SUSECVE-2019-17595 at NVDCVE-2021-39537 at SUSECVE-2021-39537 at NVDCVE-2022-29458 at SUSECVE-2022-29458 at NVDCVE-2023-29491 at SUSECVE-2023-29491 at NVDcpe:/o:suse:sle-micro:5.5libndp0-1.6-1.26 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libndp0-1.6-1.26 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-3698 at SUSECVE-2016-3698 at NVDcpe:/o:suse:sle-micro:5.5libnghttp2-14-1.40.0-6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libnghttp2-14-1.40.0-6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-1544 at SUSECVE-2016-1544 at NVDCVE-2018-1000168 at SUSECVE-2018-1000168 at NVDCVE-2019-18802 at SUSECVE-2019-18802 at NVDCVE-2019-9511 at SUSECVE-2019-9511 at NVDCVE-2019-9513 at SUSECVE-2019-9513 at NVDCVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:sle-micro:5.5libonig4-6.7.0-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libonig4-6.7.0-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-13224 at SUSECVE-2019-13224 at NVDCVE-2019-16163 at SUSECVE-2019-16163 at NVDCVE-2019-19203 at SUSECVE-2019-19203 at NVDCVE-2019-19204 at SUSECVE-2019-19204 at NVDCVE-2019-19246 at SUSECVE-2019-19246 at NVDCVE-2020-26159 at SUSECVE-2020-26159 at NVDcpe:/o:suse:sle-micro:5.5libopenssl-1_1-devel-1.1.1l-150500.17.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libopenssl-1_1-devel-1.1.1l-150500.17.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2002-20001 at SUSECVE-2002-20001 at NVDCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDCVE-2017-3735 at SUSECVE-2017-3735 at NVDCVE-2017-3736 at SUSECVE-2017-3736 at NVDCVE-2017-3738 at SUSECVE-2017-3738 at NVDCVE-2018-0732 at SUSECVE-2018-0732 at NVDCVE-2018-0734 at SUSECVE-2018-0734 at NVDCVE-2018-0735 at SUSECVE-2018-0735 at NVDCVE-2018-0737 at SUSECVE-2018-0737 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2019-1543 at SUSECVE-2019-1543 at NVDCVE-2019-1547 at SUSECVE-2019-1547 at NVDCVE-2019-1549 at SUSECVE-2019-1549 at NVDCVE-2019-1551 at SUSECVE-2019-1551 at NVDCVE-2019-1563 at SUSECVE-2019-1563 at NVDCVE-2020-1967 at SUSECVE-2020-1967 at NVDCVE-2020-1971 at SUSECVE-2020-1971 at NVDCVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDCVE-2021-3449 at SUSECVE-2021-3449 at NVDCVE-2021-3450 at SUSECVE-2021-3450 at NVDCVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDCVE-2022-0778 at SUSECVE-2022-0778 at NVDCVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDCVE-2022-2097 at SUSECVE-2022-2097 at NVDCVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDCVE-2023-0464 at SUSECVE-2023-0464 at NVDCVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDCVE-2023-2650 at SUSECVE-2023-2650 at NVDCVE-2023-3446 at SUSECVE-2023-3446 at NVDCVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.5libopus0-1.3.1-150000.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libopus0-1.3.1-150000.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-0381 at SUSECVE-2017-0381 at NVDcpe:/o:suse:sle-micro:5.5libosinfo-1.10.0-150500.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libosinfo-1.10.0-150500.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-13313 at SUSECVE-2019-13313 at NVDcpe:/o:suse:sle-micro:5.5libp11-kit0-0.23.22-150500.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libp11-kit0-0.23.22-150500.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-29361 at SUSECVE-2020-29361 at NVDCVE-2020-29362 at SUSECVE-2020-29362 at NVDCVE-2020-29363 at SUSECVE-2020-29363 at NVDcpe:/o:suse:sle-micro:5.5libpango-1_0-0-1.50.4-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpango-1_0-0-1.50.4-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-15120 at SUSECVE-2018-15120 at NVDcpe:/o:suse:sle-micro:5.5libpcap1-1.10.1-150400.1.7 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpcap1-1.10.1-150400.1.7 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-16301 at SUSECVE-2018-16301 at NVDCVE-2019-15161 at SUSECVE-2019-15161 at NVDCVE-2019-15162 at SUSECVE-2019-15162 at NVDCVE-2019-15163 at SUSECVE-2019-15163 at NVDCVE-2019-15164 at SUSECVE-2019-15164 at NVDCVE-2019-15165 at SUSECVE-2019-15165 at NVDcpe:/o:suse:sle-micro:5.5libpcre1-8.45-150000.20.13.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpcre1-8.45-150000.20.13.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2015-3217 at SUSECVE-2015-3217 at NVDCVE-2016-1283 at SUSECVE-2016-1283 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-6004 at SUSECVE-2017-6004 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-7244 at SUSECVE-2017-7244 at NVDCVE-2017-7245 at SUSECVE-2017-7245 at NVDCVE-2017-7246 at SUSECVE-2017-7246 at NVDCVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:sle-micro:5.5libpcre2-8-0-10.39-150400.4.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpcre2-8-0-10.39-150400.4.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8964 at SUSECVE-2014-8964 at NVDCVE-2015-2325 at SUSECVE-2015-2325 at NVDCVE-2015-2326 at SUSECVE-2015-2326 at NVDCVE-2016-3191 at SUSECVE-2016-3191 at NVDCVE-2017-7186 at SUSECVE-2017-7186 at NVDCVE-2017-8786 at SUSECVE-2017-8786 at NVDCVE-2022-1586 at SUSECVE-2022-1586 at NVDCVE-2022-1587 at SUSECVE-2022-1587 at NVDCVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:suse:sle-micro:5.5libpcsclite1-1.9.4-150400.1.9 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpcsclite1-1.9.4-150400.1.9 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-10109 at SUSECVE-2016-10109 at NVDcpe:/o:suse:sle-micro:5.5libpixman-1-0-0.40.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpixman-1-0-0.40.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:sle-micro:5.5libpng16-16-1.6.34-3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpng16-16-1.6.34-3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-8126 at SUSECVE-2015-8126 at NVDCVE-2016-10087 at SUSECVE-2016-10087 at NVDCVE-2016-5735 at SUSECVE-2016-5735 at NVDCVE-2017-12652 at SUSECVE-2017-12652 at NVDCVE-2018-13785 at SUSECVE-2018-13785 at NVDCVE-2019-7317 at SUSECVE-2019-7317 at NVDcpe:/o:suse:sle-micro:5.5libpolkit-agent-1-0-121-150500.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpolkit-agent-1-0-121-150500.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3218 at SUSECVE-2015-3218 at NVDCVE-2015-3255 at SUSECVE-2015-3255 at NVDCVE-2015-3256 at SUSECVE-2015-3256 at NVDCVE-2015-4625 at SUSECVE-2015-4625 at NVDCVE-2018-1116 at SUSECVE-2018-1116 at NVDCVE-2018-19788 at SUSECVE-2018-19788 at NVDCVE-2019-6133 at SUSECVE-2019-6133 at NVDCVE-2021-3560 at SUSECVE-2021-3560 at NVDCVE-2021-4034 at SUSECVE-2021-4034 at NVDCVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:sle-micro:5.5libprocps7-3.3.15-150000.7.34.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libprocps7-3.3.15-150000.7.34.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-1122 at SUSECVE-2018-1122 at NVDCVE-2018-1123 at SUSECVE-2018-1123 at NVDCVE-2018-1124 at SUSECVE-2018-1124 at NVDCVE-2018-1125 at SUSECVE-2018-1125 at NVDCVE-2018-1126 at SUSECVE-2018-1126 at NVDCVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.5libprotobuf-lite20-3.9.2-150200.4.21.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libprotobuf-lite20-3.9.2-150200.4.21.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-22569 at SUSECVE-2021-22569 at NVDCVE-2021-22570 at SUSECVE-2021-22570 at NVDCVE-2022-1941 at SUSECVE-2022-1941 at NVDCVE-2022-3171 at SUSECVE-2022-3171 at NVDcpe:/o:suse:sle-micro:5.5libproxy1-0.4.17-150400.1.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libproxy1-0.4.17-150400.1.8 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-25219 at SUSECVE-2020-25219 at NVDCVE-2020-26154 at SUSECVE-2020-26154 at NVDcpe:/o:suse:sle-micro:5.5libpython3_6m1_0-3.6.15-150300.10.48.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libpython3_6m1_0-3.6.15-150300.10.48.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2007-4559 at SUSECVE-2007-4559 at NVDCVE-2014-4650 at SUSECVE-2014-4650 at NVDCVE-2015-20107 at SUSECVE-2015-20107 at NVDCVE-2016-0772 at SUSECVE-2016-0772 at NVDCVE-2016-1000110 at SUSECVE-2016-1000110 at NVDCVE-2016-5636 at SUSECVE-2016-5636 at NVDCVE-2016-5699 at SUSECVE-2016-5699 at NVDCVE-2017-18207 at SUSECVE-2017-18207 at NVDCVE-2018-1000802 at SUSECVE-2018-1000802 at NVDCVE-2018-1060 at SUSECVE-2018-1060 at NVDCVE-2018-1061 at SUSECVE-2018-1061 at NVDCVE-2018-14647 at SUSECVE-2018-14647 at NVDCVE-2018-20406 at SUSECVE-2018-20406 at NVDCVE-2018-20852 at SUSECVE-2018-20852 at NVDCVE-2019-10160 at SUSECVE-2019-10160 at NVDCVE-2019-15903 at SUSECVE-2019-15903 at NVDCVE-2019-16056 at SUSECVE-2019-16056 at NVDCVE-2019-16935 at SUSECVE-2019-16935 at NVDCVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2019-20907 at SUSECVE-2019-20907 at NVDCVE-2019-20916 at SUSECVE-2019-20916 at NVDCVE-2019-5010 at SUSECVE-2019-5010 at NVDCVE-2019-9636 at SUSECVE-2019-9636 at NVDCVE-2019-9674 at SUSECVE-2019-9674 at NVDCVE-2019-9947 at SUSECVE-2019-9947 at NVDCVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2020-14422 at SUSECVE-2020-14422 at NVDCVE-2020-26116 at SUSECVE-2020-26116 at NVDCVE-2020-27619 at SUSECVE-2020-27619 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2021-23336 at SUSECVE-2021-23336 at NVDCVE-2021-28861 at SUSECVE-2021-28861 at NVDCVE-2021-3177 at SUSECVE-2021-3177 at NVDCVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3572 at SUSECVE-2021-3572 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-37454 at SUSECVE-2022-37454 at NVDCVE-2022-45061 at SUSECVE-2022-45061 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sle-micro:5.5librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the librados2-16.2.11.58+g38d6afd3b78-150400.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-16818 at SUSECVE-2017-16818 at NVDCVE-2018-10861 at SUSECVE-2018-10861 at NVDCVE-2018-1128 at SUSECVE-2018-1128 at NVDCVE-2018-1129 at SUSECVE-2018-1129 at NVDCVE-2018-16889 at SUSECVE-2018-16889 at NVDCVE-2019-10222 at SUSECVE-2019-10222 at NVDCVE-2019-3821 at SUSECVE-2019-3821 at NVDCVE-2020-10736 at SUSECVE-2020-10736 at NVDCVE-2020-1759 at SUSECVE-2020-1759 at NVDCVE-2020-1760 at SUSECVE-2020-1760 at NVDCVE-2020-25660 at SUSECVE-2020-25660 at NVDCVE-2020-25678 at SUSECVE-2020-25678 at NVDCVE-2020-27781 at SUSECVE-2020-27781 at NVDCVE-2020-27839 at SUSECVE-2020-27839 at NVDCVE-2021-20288 at SUSECVE-2021-20288 at NVDCVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDCVE-2021-3979 at SUSECVE-2021-3979 at NVDCVE-2022-0670 at SUSECVE-2022-0670 at NVDCVE-2022-3650 at SUSECVE-2022-3650 at NVDCVE-2022-3854 at SUSECVE-2022-3854 at NVDcpe:/o:suse:sle-micro:5.5libseccomp2-2.5.3-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libseccomp2-2.5.3-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-9893 at SUSECVE-2019-9893 at NVDcpe:/o:suse:sle-micro:5.5libsepol2-3.4-150500.1.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsepol2-3.4-150500.1.18 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-36085 at SUSECVE-2021-36085 at NVDCVE-2021-36086 at SUSECVE-2021-36086 at NVDCVE-2021-36087 at SUSECVE-2021-36087 at NVDcpe:/o:suse:sle-micro:5.5libsha1detectcoll1-1.0.3-2.18 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsha1detectcoll1-1.0.3-2.18 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2005-4900 at SUSECVE-2005-4900 at NVDcpe:/o:suse:sle-micro:5.5libslirp0-4.7.0+44-150500.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libslirp0-4.7.0+44-150500.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:sle-micro:5.5libsnmp40-5.9.3-150300.15.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsnmp40-5.9.3-150300.15.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-5621 at SUSECVE-2015-5621 at NVDCVE-2018-18065 at SUSECVE-2018-18065 at NVDCVE-2020-15862 at SUSECVE-2020-15862 at NVDCVE-2022-24805 at SUSECVE-2022-24805 at NVDCVE-2022-24806 at SUSECVE-2022-24806 at NVDCVE-2022-24807 at SUSECVE-2022-24807 at NVDCVE-2022-24808 at SUSECVE-2022-24808 at NVDCVE-2022-24809 at SUSECVE-2022-24809 at NVDCVE-2022-24810 at SUSECVE-2022-24810 at NVDCVE-2022-44792 at SUSECVE-2022-44792 at NVDCVE-2022-44793 at SUSECVE-2022-44793 at NVDcpe:/o:suse:sle-micro:5.5libsolv-tools-0.7.24-150400.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsolv-tools-0.7.24-150400.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-20532 at SUSECVE-2018-20532 at NVDCVE-2018-20533 at SUSECVE-2018-20533 at NVDCVE-2018-20534 at SUSECVE-2018-20534 at NVDcpe:/o:suse:sle-micro:5.5libsoup-2_4-1-2.74.2-150400.1.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsoup-2_4-1-2.74.2-150400.1.6 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-2885 at SUSECVE-2017-2885 at NVDCVE-2018-12910 at SUSECVE-2018-12910 at NVDcpe:/o:suse:sle-micro:5.5libspice-server1-0.15.0-150400.2.8 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libspice-server1-0.15.0-150400.2.8 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-4282 at SUSECVE-2013-4282 at NVDCVE-2015-3247 at SUSECVE-2015-3247 at NVDCVE-2015-5260 at SUSECVE-2015-5260 at NVDCVE-2015-5261 at SUSECVE-2015-5261 at NVDCVE-2016-0749 at SUSECVE-2016-0749 at NVDCVE-2016-2150 at SUSECVE-2016-2150 at NVDCVE-2016-9577 at SUSECVE-2016-9577 at NVDCVE-2016-9578 at SUSECVE-2016-9578 at NVDCVE-2018-10873 at SUSECVE-2018-10873 at NVDCVE-2018-10893 at SUSECVE-2018-10893 at NVDCVE-2019-3813 at SUSECVE-2019-3813 at NVDCVE-2020-14355 at SUSECVE-2020-14355 at NVDCVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:sle-micro:5.5libsqlite3-0-3.39.3-150000.3.20.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsqlite3-0-3.39.3-150000.3.20.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2018-20346 at SUSECVE-2018-20346 at NVDCVE-2018-8740 at SUSECVE-2018-8740 at NVDCVE-2019-16168 at SUSECVE-2019-16168 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2019-9936 at SUSECVE-2019-9936 at NVDCVE-2019-9937 at SUSECVE-2019-9937 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDCVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDCVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:sle-micro:5.5libssh-config-0.9.6-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libssh-config-0.9.6-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8132 at SUSECVE-2014-8132 at NVDCVE-2015-3146 at SUSECVE-2015-3146 at NVDCVE-2018-10933 at SUSECVE-2018-10933 at NVDCVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-16135 at SUSECVE-2020-16135 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDCVE-2021-3634 at SUSECVE-2021-3634 at NVDcpe:/o:suse:sle-micro:5.5libssh2-1-1.9.0-150000.4.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libssh2-1-1.9.0-150000.4.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-1782 at SUSECVE-2015-1782 at NVDCVE-2016-0787 at SUSECVE-2016-0787 at NVDCVE-2019-17498 at SUSECVE-2019-17498 at NVDCVE-2019-3855 at SUSECVE-2019-3855 at NVDCVE-2019-3856 at SUSECVE-2019-3856 at NVDCVE-2019-3857 at SUSECVE-2019-3857 at NVDCVE-2019-3858 at SUSECVE-2019-3858 at NVDCVE-2019-3859 at SUSECVE-2019-3859 at NVDCVE-2019-3860 at SUSECVE-2019-3860 at NVDCVE-2019-3861 at SUSECVE-2019-3861 at NVDCVE-2019-3862 at SUSECVE-2019-3862 at NVDCVE-2019-3863 at SUSECVE-2019-3863 at NVDCVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:suse:sle-micro:5.5libsss_certmap0-2.5.2-150500.10.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsss_certmap0-2.5.2-150500.10.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-12173 at SUSECVE-2017-12173 at NVDCVE-2018-10852 at SUSECVE-2018-10852 at NVDCVE-2018-16838 at SUSECVE-2018-16838 at NVDCVE-2019-3811 at SUSECVE-2019-3811 at NVDCVE-2021-3621 at SUSECVE-2021-3621 at NVDcpe:/o:suse:sle-micro:5.5libsystemd0-249.16-150400.8.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libsystemd0-249.16-150400.8.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-7510 at SUSECVE-2015-7510 at NVDCVE-2016-10156 at SUSECVE-2016-10156 at NVDCVE-2017-15908 at SUSECVE-2017-15908 at NVDCVE-2017-18078 at SUSECVE-2017-18078 at NVDCVE-2017-9445 at SUSECVE-2017-9445 at NVDCVE-2018-15686 at SUSECVE-2018-15686 at NVDCVE-2018-15687 at SUSECVE-2018-15687 at NVDCVE-2018-15688 at SUSECVE-2018-15688 at NVDCVE-2018-16864 at SUSECVE-2018-16864 at NVDCVE-2018-16865 at SUSECVE-2018-16865 at NVDCVE-2018-21029 at SUSECVE-2018-21029 at NVDCVE-2018-6954 at SUSECVE-2018-6954 at NVDCVE-2019-20386 at SUSECVE-2019-20386 at NVDCVE-2019-3842 at SUSECVE-2019-3842 at NVDCVE-2019-3843 at SUSECVE-2019-3843 at NVDCVE-2019-3844 at SUSECVE-2019-3844 at NVDCVE-2019-6454 at SUSECVE-2019-6454 at NVDCVE-2020-13529 at SUSECVE-2020-13529 at NVDCVE-2020-1712 at SUSECVE-2020-1712 at NVDCVE-2021-33910 at SUSECVE-2021-33910 at NVDCVE-2021-3997 at SUSECVE-2021-3997 at NVDCVE-2022-3821 at SUSECVE-2022-3821 at NVDCVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:sle-micro:5.5libtasn1-4.13-150000.4.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libtasn1-4.13-150000.4.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-2806 at SUSECVE-2015-2806 at NVDCVE-2015-3622 at SUSECVE-2015-3622 at NVDCVE-2016-4008 at SUSECVE-2016-4008 at NVDCVE-2018-1000654 at SUSECVE-2018-1000654 at NVDCVE-2018-6003 at SUSECVE-2018-6003 at NVDCVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:sle-micro:5.5libtiff5-4.0.9-150000.45.28.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libtiff5-4.0.9-150000.45.28.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2012-4564 at SUSECVE-2012-4564 at NVDCVE-2013-1960 at SUSECVE-2013-1960 at NVDCVE-2013-1961 at SUSECVE-2013-1961 at NVDCVE-2013-4231 at SUSECVE-2013-4231 at NVDCVE-2013-4232 at SUSECVE-2013-4232 at NVDCVE-2013-4243 at SUSECVE-2013-4243 at NVDCVE-2013-4244 at SUSECVE-2013-4244 at NVDCVE-2014-8127 at SUSECVE-2014-8127 at NVDCVE-2014-8128 at SUSECVE-2014-8128 at NVDCVE-2014-8129 at SUSECVE-2014-8129 at NVDCVE-2014-8130 at SUSECVE-2014-8130 at NVDCVE-2014-9655 at SUSECVE-2014-9655 at NVDCVE-2015-1547 at SUSECVE-2015-1547 at NVDCVE-2015-7554 at SUSECVE-2015-7554 at NVDCVE-2015-8665 at SUSECVE-2015-8665 at NVDCVE-2015-8683 at SUSECVE-2015-8683 at NVDCVE-2015-8781 at SUSECVE-2015-8781 at NVDCVE-2015-8782 at SUSECVE-2015-8782 at NVDCVE-2015-8783 at SUSECVE-2015-8783 at NVDCVE-2016-10092 at SUSECVE-2016-10092 at NVDCVE-2016-10093 at SUSECVE-2016-10093 at NVDCVE-2016-10094 at SUSECVE-2016-10094 at NVDCVE-2016-10095 at SUSECVE-2016-10095 at NVDCVE-2016-10266 at SUSECVE-2016-10266 at NVDCVE-2016-10267 at SUSECVE-2016-10267 at NVDCVE-2016-10268 at SUSECVE-2016-10268 at NVDCVE-2016-10269 at SUSECVE-2016-10269 at NVDCVE-2016-10270 at SUSECVE-2016-10270 at NVDCVE-2016-10271 at SUSECVE-2016-10271 at NVDCVE-2016-10272 at SUSECVE-2016-10272 at NVDCVE-2016-10371 at SUSECVE-2016-10371 at NVDCVE-2016-3186 at SUSECVE-2016-3186 at NVDCVE-2016-3622 at SUSECVE-2016-3622 at NVDCVE-2016-3623 at SUSECVE-2016-3623 at NVDCVE-2016-3658 at SUSECVE-2016-3658 at NVDCVE-2016-3945 at SUSECVE-2016-3945 at NVDCVE-2016-3990 at SUSECVE-2016-3990 at NVDCVE-2016-3991 at SUSECVE-2016-3991 at NVDCVE-2016-5314 at SUSECVE-2016-5314 at NVDCVE-2016-5316 at SUSECVE-2016-5316 at NVDCVE-2016-5317 at SUSECVE-2016-5317 at NVDCVE-2016-5318 at SUSECVE-2016-5318 at NVDCVE-2016-5320 at SUSECVE-2016-5320 at NVDCVE-2016-5321 at SUSECVE-2016-5321 at NVDCVE-2016-5323 at SUSECVE-2016-5323 at NVDCVE-2016-5652 at SUSECVE-2016-5652 at NVDCVE-2016-5875 at SUSECVE-2016-5875 at NVDCVE-2016-6223 at SUSECVE-2016-6223 at NVDCVE-2016-9273 at SUSECVE-2016-9273 at NVDCVE-2016-9297 at SUSECVE-2016-9297 at NVDCVE-2016-9448 at SUSECVE-2016-9448 at NVDCVE-2016-9453 at SUSECVE-2016-9453 at NVDCVE-2016-9538 at SUSECVE-2016-9538 at NVDCVE-2017-11613 at SUSECVE-2017-11613 at NVDCVE-2017-12944 at SUSECVE-2017-12944 at NVDCVE-2017-16232 at SUSECVE-2017-16232 at NVDCVE-2017-17095 at SUSECVE-2017-17095 at NVDCVE-2017-18013 at SUSECVE-2017-18013 at NVDCVE-2017-5225 at SUSECVE-2017-5225 at NVDCVE-2017-7592 at SUSECVE-2017-7592 at NVDCVE-2017-7593 at SUSECVE-2017-7593 at NVDCVE-2017-7594 at SUSECVE-2017-7594 at NVDCVE-2017-7595 at SUSECVE-2017-7595 at NVDCVE-2017-7596 at SUSECVE-2017-7596 at NVDCVE-2017-7597 at SUSECVE-2017-7597 at NVDCVE-2017-7598 at SUSECVE-2017-7598 at NVDCVE-2017-7599 at SUSECVE-2017-7599 at NVDCVE-2017-7600 at SUSECVE-2017-7600 at NVDCVE-2017-7601 at SUSECVE-2017-7601 at NVDCVE-2017-7602 at SUSECVE-2017-7602 at NVDCVE-2017-9403 at SUSECVE-2017-9403 at NVDCVE-2017-9404 at SUSECVE-2017-9404 at NVDCVE-2017-9935 at SUSECVE-2017-9935 at NVDCVE-2017-9936 at SUSECVE-2017-9936 at NVDCVE-2018-10779 at SUSECVE-2018-10779 at NVDCVE-2018-10963 at SUSECVE-2018-10963 at NVDCVE-2018-12900 at SUSECVE-2018-12900 at NVDCVE-2018-16335 at SUSECVE-2018-16335 at NVDCVE-2018-17000 at SUSECVE-2018-17000 at NVDCVE-2018-17100 at SUSECVE-2018-17100 at NVDCVE-2018-17101 at SUSECVE-2018-17101 at NVDCVE-2018-17795 at SUSECVE-2018-17795 at NVDCVE-2018-18557 at SUSECVE-2018-18557 at NVDCVE-2018-18661 at SUSECVE-2018-18661 at NVDCVE-2018-19210 at SUSECVE-2018-19210 at NVDCVE-2018-5784 at SUSECVE-2018-5784 at NVDCVE-2018-7456 at SUSECVE-2018-7456 at NVDCVE-2018-8905 at SUSECVE-2018-8905 at NVDCVE-2019-14973 at SUSECVE-2019-14973 at NVDCVE-2019-17546 at SUSECVE-2019-17546 at NVDCVE-2019-6128 at SUSECVE-2019-6128 at NVDCVE-2019-7663 at SUSECVE-2019-7663 at NVDCVE-2020-19131 at SUSECVE-2020-19131 at NVDCVE-2020-35521 at SUSECVE-2020-35521 at NVDCVE-2020-35522 at SUSECVE-2020-35522 at NVDCVE-2020-35523 at SUSECVE-2020-35523 at NVDCVE-2020-35524 at SUSECVE-2020-35524 at NVDCVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-0562 at SUSECVE-2022-0562 at NVDCVE-2022-0865 at SUSECVE-2022-0865 at NVDCVE-2022-0891 at SUSECVE-2022-0891 at NVDCVE-2022-0908 at SUSECVE-2022-0908 at NVDCVE-2022-0909 at SUSECVE-2022-0909 at NVDCVE-2022-0924 at SUSECVE-2022-0924 at NVDCVE-2022-1056 at SUSECVE-2022-1056 at NVDCVE-2022-2056 at SUSECVE-2022-2056 at NVDCVE-2022-2057 at SUSECVE-2022-2057 at NVDCVE-2022-2058 at SUSECVE-2022-2058 at NVDCVE-2022-22844 at SUSECVE-2022-22844 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDCVE-2022-3570 at SUSECVE-2022-3570 at NVDCVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3598 at SUSECVE-2022-3598 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDCVE-2022-48281 at SUSECVE-2022-48281 at NVDCVE-2023-0795 at SUSECVE-2023-0795 at NVDCVE-2023-0796 at SUSECVE-2023-0796 at NVDCVE-2023-0797 at SUSECVE-2023-0797 at NVDCVE-2023-0798 at SUSECVE-2023-0798 at NVDCVE-2023-0799 at SUSECVE-2023-0799 at NVDCVE-2023-0800 at SUSECVE-2023-0800 at NVDCVE-2023-0801 at SUSECVE-2023-0801 at NVDCVE-2023-0802 at SUSECVE-2023-0802 at NVDCVE-2023-0803 at SUSECVE-2023-0803 at NVDCVE-2023-0804 at SUSECVE-2023-0804 at NVDcpe:/o:suse:sle-micro:5.5libtirpc-netconfig-1.2.6-150300.3.17.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libtirpc-netconfig-1.2.6-150300.3.17.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-4429 at SUSECVE-2016-4429 at NVDCVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:sle-micro:5.5libtpms0-0.8.2-150300.3.9.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libtpms0-0.8.2-150300.3.9.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-3446 at SUSECVE-2021-3446 at NVDCVE-2021-3505 at SUSECVE-2021-3505 at NVDCVE-2021-3623 at SUSECVE-2021-3623 at NVDCVE-2021-3746 at SUSECVE-2021-3746 at NVDCVE-2023-1017 at SUSECVE-2023-1017 at NVDCVE-2023-1018 at SUSECVE-2023-1018 at NVDcpe:/o:suse:sle-micro:5.5libtss2-esys0-3.1.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libtss2-esys0-3.1.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-24455 at SUSECVE-2020-24455 at NVDCVE-2023-22745 at SUSECVE-2023-22745 at NVDcpe:/o:suse:sle-micro:5.5libudisks2-0-2.9.2-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libudisks2-0-2.9.2-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-17336 at SUSECVE-2018-17336 at NVDCVE-2021-3802 at SUSECVE-2021-3802 at NVDcpe:/o:suse:sle-micro:5.5libunwind-1.5.0-4.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libunwind-1.5.0-4.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3239 at SUSECVE-2015-3239 at NVDcpe:/o:suse:sle-micro:5.5libvirglrenderer1-0.9.1-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libvirglrenderer1-0.9.1-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-10214 at SUSECVE-2016-10214 at NVDCVE-2017-5937 at SUSECVE-2017-5937 at NVDCVE-2017-5957 at SUSECVE-2017-5957 at NVDCVE-2017-5993 at SUSECVE-2017-5993 at NVDCVE-2017-5994 at SUSECVE-2017-5994 at NVDCVE-2017-6386 at SUSECVE-2017-6386 at NVDCVE-2019-18388 at SUSECVE-2019-18388 at NVDCVE-2019-18389 at SUSECVE-2019-18389 at NVDCVE-2019-18390 at SUSECVE-2019-18390 at NVDCVE-2019-18391 at SUSECVE-2019-18391 at NVDCVE-2019-18392 at SUSECVE-2019-18392 at NVDCVE-2020-8002 at SUSECVE-2020-8002 at NVDCVE-2020-8003 at SUSECVE-2020-8003 at NVDCVE-2022-0135 at SUSECVE-2022-0135 at NVDCVE-2022-0175 at SUSECVE-2022-0175 at NVDcpe:/o:suse:sle-micro:5.5libvirt-client-9.0.0-150500.6.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libvirt-client-9.0.0-150500.6.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-7823 at SUSECVE-2014-7823 at NVDCVE-2014-8131 at SUSECVE-2014-8131 at NVDCVE-2015-0236 at SUSECVE-2015-0236 at NVDCVE-2015-5247 at SUSECVE-2015-5247 at NVDCVE-2015-5313 at SUSECVE-2015-5313 at NVDCVE-2017-1000256 at SUSECVE-2017-1000256 at NVDCVE-2017-2635 at SUSECVE-2017-2635 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-1064 at SUSECVE-2018-1064 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-5748 at SUSECVE-2018-5748 at NVDCVE-2019-10132 at SUSECVE-2019-10132 at NVDCVE-2019-10161 at SUSECVE-2019-10161 at NVDCVE-2019-10166 at SUSECVE-2019-10166 at NVDCVE-2019-10167 at SUSECVE-2019-10167 at NVDCVE-2019-10168 at SUSECVE-2019-10168 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-3886 at SUSECVE-2019-3886 at NVDCVE-2020-10701 at SUSECVE-2020-10701 at NVDCVE-2020-12430 at SUSECVE-2020-12430 at NVDCVE-2020-14339 at SUSECVE-2020-14339 at NVDCVE-2020-15708 at SUSECVE-2020-15708 at NVDCVE-2020-25637 at SUSECVE-2020-25637 at NVDCVE-2021-3631 at SUSECVE-2021-3631 at NVDCVE-2021-3667 at SUSECVE-2021-3667 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDCVE-2022-0897 at SUSECVE-2022-0897 at NVDCVE-2023-2700 at SUSECVE-2023-2700 at NVDCVE-2023-3750 at SUSECVE-2023-3750 at NVDcpe:/o:suse:sle-micro:5.5libvmtools0-12.2.0-150300.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libvmtools0-12.2.0-150300.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-5191 at SUSECVE-2015-5191 at NVDCVE-2022-31676 at SUSECVE-2022-31676 at NVDCVE-2023-20867 at SUSECVE-2023-20867 at NVDCVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.5libvorbis0-1.3.6-150000.4.5.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libvorbis0-1.3.6-150000.4.5.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-14160 at SUSECVE-2017-14160 at NVDCVE-2017-14632 at SUSECVE-2017-14632 at NVDCVE-2017-14633 at SUSECVE-2017-14633 at NVDCVE-2018-10392 at SUSECVE-2018-10392 at NVDCVE-2018-10393 at SUSECVE-2018-10393 at NVDCVE-2018-5146 at SUSECVE-2018-5146 at NVDcpe:/o:suse:sle-micro:5.5libxkbcommon0-1.3.0-150400.1.13 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libxkbcommon0-1.3.0-150400.1.13 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-15853 at SUSECVE-2018-15853 at NVDCVE-2018-15854 at SUSECVE-2018-15854 at NVDCVE-2018-15855 at SUSECVE-2018-15855 at NVDCVE-2018-15856 at SUSECVE-2018-15856 at NVDCVE-2018-15857 at SUSECVE-2018-15857 at NVDCVE-2018-15858 at SUSECVE-2018-15858 at NVDCVE-2018-15859 at SUSECVE-2018-15859 at NVDCVE-2018-15861 at SUSECVE-2018-15861 at NVDCVE-2018-15862 at SUSECVE-2018-15862 at NVDCVE-2018-15863 at SUSECVE-2018-15863 at NVDCVE-2018-15864 at SUSECVE-2018-15864 at NVDcpe:/o:suse:sle-micro:5.5libxml2-2-2.10.3-150500.5.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libxml2-2-2.10.3-150500.5.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-0191 at SUSECVE-2014-0191 at NVDCVE-2014-3660 at SUSECVE-2014-3660 at NVDCVE-2015-1819 at SUSECVE-2015-1819 at NVDCVE-2015-5312 at SUSECVE-2015-5312 at NVDCVE-2015-7497 at SUSECVE-2015-7497 at NVDCVE-2015-7498 at SUSECVE-2015-7498 at NVDCVE-2015-7499 at SUSECVE-2015-7499 at NVDCVE-2015-7500 at SUSECVE-2015-7500 at NVDCVE-2015-7941 at SUSECVE-2015-7941 at NVDCVE-2015-7942 at SUSECVE-2015-7942 at NVDCVE-2015-8035 at SUSECVE-2015-8035 at NVDCVE-2015-8242 at SUSECVE-2015-8242 at NVDCVE-2016-1762 at SUSECVE-2016-1762 at NVDCVE-2016-1833 at SUSECVE-2016-1833 at NVDCVE-2016-1834 at SUSECVE-2016-1834 at NVDCVE-2016-1835 at SUSECVE-2016-1835 at NVDCVE-2016-1836 at SUSECVE-2016-1836 at NVDCVE-2016-1837 at SUSECVE-2016-1837 at NVDCVE-2016-1838 at SUSECVE-2016-1838 at NVDCVE-2016-1839 at SUSECVE-2016-1839 at NVDCVE-2016-1840 at SUSECVE-2016-1840 at NVDCVE-2016-3627 at SUSECVE-2016-3627 at NVDCVE-2016-3705 at SUSECVE-2016-3705 at NVDCVE-2016-4483 at SUSECVE-2016-4483 at NVDCVE-2016-4658 at SUSECVE-2016-4658 at NVDCVE-2017-0663 at SUSECVE-2017-0663 at NVDCVE-2017-5969 at SUSECVE-2017-5969 at NVDCVE-2017-9047 at SUSECVE-2017-9047 at NVDCVE-2017-9048 at SUSECVE-2017-9048 at NVDCVE-2017-9049 at SUSECVE-2017-9049 at NVDCVE-2018-14404 at SUSECVE-2018-14404 at NVDCVE-2018-14567 at SUSECVE-2018-14567 at NVDCVE-2018-9251 at SUSECVE-2018-9251 at NVDCVE-2019-19956 at SUSECVE-2019-19956 at NVDCVE-2019-20388 at SUSECVE-2019-20388 at NVDCVE-2020-24977 at SUSECVE-2020-24977 at NVDCVE-2020-7595 at SUSECVE-2020-7595 at NVDCVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDCVE-2021-3541 at SUSECVE-2021-3541 at NVDCVE-2022-2309 at SUSECVE-2022-2309 at NVDCVE-2022-23308 at SUSECVE-2022-23308 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDCVE-2023-28484 at SUSECVE-2023-28484 at NVDCVE-2023-29469 at SUSECVE-2023-29469 at NVDcpe:/o:suse:sle-micro:5.5libxslt1-1.1.34-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libxslt1-1.1.34-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-7995 at SUSECVE-2015-7995 at NVDCVE-2015-9019 at SUSECVE-2015-9019 at NVDCVE-2016-4738 at SUSECVE-2016-4738 at NVDCVE-2017-5029 at SUSECVE-2017-5029 at NVDCVE-2019-11068 at SUSECVE-2019-11068 at NVDCVE-2019-13117 at SUSECVE-2019-13117 at NVDCVE-2019-13118 at SUSECVE-2019-13118 at NVDCVE-2019-18197 at SUSECVE-2019-18197 at NVDCVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:sle-micro:5.5libyajl2-2.1.0-150000.4.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libyajl2-2.1.0-150000.4.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-24795 at SUSECVE-2022-24795 at NVDCVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:suse:sle-micro:5.5libyaml-cpp0_6-0.6.3-150400.4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libyaml-cpp0_6-0.6.3-150400.4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-5950 at SUSECVE-2017-5950 at NVDCVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:sle-micro:5.5libz1-1.2.13-150500.2.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libz1-1.2.13-150500.2.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9843 at SUSECVE-2016-9843 at NVDCVE-2018-25032 at SUSECVE-2018-25032 at NVDCVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:sle-micro:5.5libzmq5-4.2.3-3.15.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libzmq5-4.2.3-3.15.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-7202 at SUSECVE-2014-7202 at NVDCVE-2014-7203 at SUSECVE-2014-7203 at NVDCVE-2014-9721 at SUSECVE-2014-9721 at NVDCVE-2019-13132 at SUSECVE-2019-13132 at NVDCVE-2019-6250 at SUSECVE-2019-6250 at NVDCVE-2020-15166 at SUSECVE-2020-15166 at NVDcpe:/o:suse:sle-micro:5.5libzstd1-1.5.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libzstd1-1.5.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-11922 at SUSECVE-2019-11922 at NVDCVE-2022-4899 at SUSECVE-2022-4899 at NVDcpe:/o:suse:sle-micro:5.5libzypp-17.31.20-150400.3.40.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the libzypp-17.31.20-150400.3.40.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-7435 at SUSECVE-2017-7435 at NVDCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDCVE-2017-9271 at SUSECVE-2017-9271 at NVDCVE-2018-7685 at SUSECVE-2018-7685 at NVDCVE-2019-18900 at SUSECVE-2019-18900 at NVDcpe:/o:suse:sle-micro:5.5login_defs-4.8.1-150500.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the login_defs-4.8.1-150500.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-7169 at SUSECVE-2018-7169 at NVDcpe:/o:suse:sle-micro:5.5logrotate-3.18.1-150400.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the logrotate-3.18.1-150400.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-3864 at SUSECVE-2021-3864 at NVDCVE-2022-1348 at SUSECVE-2022-1348 at NVDcpe:/o:suse:sle-micro:5.5mozilla-nspr-4.35-150000.3.29.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the mozilla-nspr-4.35-150000.3.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-7183 at SUSECVE-2015-7183 at NVDcpe:/o:suse:sle-micro:5.5nfs-client-2.1.1-150500.20.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the nfs-client-2.1.1-150500.20.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-3689 at SUSECVE-2019-3689 at NVDcpe:/o:suse:sle-micro:5.5opensc-0.22.0-150400.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the opensc-0.22.0-150400.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-16391 at SUSECVE-2018-16391 at NVDCVE-2018-16392 at SUSECVE-2018-16392 at NVDCVE-2018-16393 at SUSECVE-2018-16393 at NVDCVE-2018-16418 at SUSECVE-2018-16418 at NVDCVE-2018-16419 at SUSECVE-2018-16419 at NVDCVE-2018-16420 at SUSECVE-2018-16420 at NVDCVE-2018-16421 at SUSECVE-2018-16421 at NVDCVE-2018-16422 at SUSECVE-2018-16422 at NVDCVE-2018-16423 at SUSECVE-2018-16423 at NVDCVE-2018-16424 at SUSECVE-2018-16424 at NVDCVE-2018-16425 at SUSECVE-2018-16425 at NVDCVE-2018-16426 at SUSECVE-2018-16426 at NVDCVE-2018-16427 at SUSECVE-2018-16427 at NVDCVE-2019-15945 at SUSECVE-2019-15945 at NVDCVE-2019-15946 at SUSECVE-2019-15946 at NVDCVE-2019-19479 at SUSECVE-2019-19479 at NVDCVE-2019-19480 at SUSECVE-2019-19480 at NVDCVE-2019-20792 at SUSECVE-2019-20792 at NVDCVE-2019-6502 at SUSECVE-2019-6502 at NVDCVE-2020-26570 at SUSECVE-2020-26570 at NVDCVE-2020-26571 at SUSECVE-2020-26571 at NVDCVE-2020-26572 at SUSECVE-2020-26572 at NVDCVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDCVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:suse:sle-micro:5.5openslp-2.0.0-6.15.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the openslp-2.0.0-6.15.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-4912 at SUSECVE-2016-4912 at NVDCVE-2016-7567 at SUSECVE-2016-7567 at NVDCVE-2017-17833 at SUSECVE-2017-17833 at NVDcpe:/o:suse:sle-micro:5.5openssh-8.4p1-150300.3.22.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the openssh-8.4p1-150300.3.22.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-8325 at SUSECVE-2015-8325 at NVDCVE-2016-0777 at SUSECVE-2016-0777 at NVDCVE-2016-0778 at SUSECVE-2016-0778 at NVDCVE-2016-10009 at SUSECVE-2016-10009 at NVDCVE-2016-10010 at SUSECVE-2016-10010 at NVDCVE-2016-10011 at SUSECVE-2016-10011 at NVDCVE-2016-10012 at SUSECVE-2016-10012 at NVDCVE-2016-6210 at SUSECVE-2016-6210 at NVDCVE-2016-6515 at SUSECVE-2016-6515 at NVDCVE-2016-8858 at SUSECVE-2016-8858 at NVDCVE-2018-20685 at SUSECVE-2018-20685 at NVDCVE-2019-6109 at SUSECVE-2019-6109 at NVDCVE-2019-6110 at SUSECVE-2019-6110 at NVDCVE-2019-6111 at SUSECVE-2019-6111 at NVDCVE-2021-28041 at SUSECVE-2021-28041 at NVDCVE-2021-41617 at SUSECVE-2021-41617 at NVDCVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:suse:sle-micro:5.5openssl-1.1.1l-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the openssl-1.1.1l-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3513 at SUSECVE-2014-3513 at NVDCVE-2014-3567 at SUSECVE-2014-3567 at NVDCVE-2014-3568 at SUSECVE-2014-3568 at NVDCVE-2014-3569 at SUSECVE-2014-3569 at NVDCVE-2014-3570 at SUSECVE-2014-3570 at NVDCVE-2014-3571 at SUSECVE-2014-3571 at NVDCVE-2014-3572 at SUSECVE-2014-3572 at NVDCVE-2014-8275 at SUSECVE-2014-8275 at NVDCVE-2015-0204 at SUSECVE-2015-0204 at NVDCVE-2015-0205 at SUSECVE-2015-0205 at NVDCVE-2015-0206 at SUSECVE-2015-0206 at NVDCVE-2015-0209 at SUSECVE-2015-0209 at NVDCVE-2015-0286 at SUSECVE-2015-0286 at NVDCVE-2015-0287 at SUSECVE-2015-0287 at NVDCVE-2015-0288 at SUSECVE-2015-0288 at NVDCVE-2015-0289 at SUSECVE-2015-0289 at NVDCVE-2015-0293 at SUSECVE-2015-0293 at NVDCVE-2015-1788 at SUSECVE-2015-1788 at NVDCVE-2015-1789 at SUSECVE-2015-1789 at NVDCVE-2015-1790 at SUSECVE-2015-1790 at NVDCVE-2015-1791 at SUSECVE-2015-1791 at NVDCVE-2015-1792 at SUSECVE-2015-1792 at NVDCVE-2015-1793 at SUSECVE-2015-1793 at NVDCVE-2015-1794 at SUSECVE-2015-1794 at NVDCVE-2015-3193 at SUSECVE-2015-3193 at NVDCVE-2015-3194 at SUSECVE-2015-3194 at NVDCVE-2015-3195 at SUSECVE-2015-3195 at NVDCVE-2015-3196 at SUSECVE-2015-3196 at NVDCVE-2015-3197 at SUSECVE-2015-3197 at NVDCVE-2016-0701 at SUSECVE-2016-0701 at NVDCVE-2016-0702 at SUSECVE-2016-0702 at NVDCVE-2016-0705 at SUSECVE-2016-0705 at NVDCVE-2016-0797 at SUSECVE-2016-0797 at NVDCVE-2016-0798 at SUSECVE-2016-0798 at NVDCVE-2016-0800 at SUSECVE-2016-0800 at NVDCVE-2016-2105 at SUSECVE-2016-2105 at NVDCVE-2016-2106 at SUSECVE-2016-2106 at NVDCVE-2016-2107 at SUSECVE-2016-2107 at NVDCVE-2016-2109 at SUSECVE-2016-2109 at NVDCVE-2016-2176 at SUSECVE-2016-2176 at NVDCVE-2016-2177 at SUSECVE-2016-2177 at NVDCVE-2016-2178 at SUSECVE-2016-2178 at NVDCVE-2016-2179 at SUSECVE-2016-2179 at NVDCVE-2016-2180 at SUSECVE-2016-2180 at NVDCVE-2016-2181 at SUSECVE-2016-2181 at NVDCVE-2016-2182 at SUSECVE-2016-2182 at NVDCVE-2016-2183 at SUSECVE-2016-2183 at NVDCVE-2016-6302 at SUSECVE-2016-6302 at NVDCVE-2016-6303 at SUSECVE-2016-6303 at NVDCVE-2016-6304 at SUSECVE-2016-6304 at NVDCVE-2016-6306 at SUSECVE-2016-6306 at NVDCVE-2016-7052 at SUSECVE-2016-7052 at NVDCVE-2016-7055 at SUSECVE-2016-7055 at NVDCVE-2016-7056 at SUSECVE-2016-7056 at NVDCVE-2017-3731 at SUSECVE-2017-3731 at NVDCVE-2017-3732 at SUSECVE-2017-3732 at NVDcpe:/o:suse:sle-micro:5.5pam-1.3.0-150000.6.61.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the pam-1.3.0-150000.6.61.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3238 at SUSECVE-2015-3238 at NVDCVE-2018-17953 at SUSECVE-2018-17953 at NVDcpe:/o:suse:sle-micro:5.5pam_u2f-1.2.0-150400.2.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the pam_u2f-1.2.0-150400.2.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-12209 at SUSECVE-2019-12209 at NVDCVE-2019-12210 at SUSECVE-2019-12210 at NVDCVE-2021-31924 at SUSECVE-2021-31924 at NVDcpe:/o:suse:sle-micro:5.5perl-5.26.1-150300.17.14.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the perl-5.26.1-150300.17.14.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-12837 at SUSECVE-2017-12837 at NVDCVE-2017-12883 at SUSECVE-2017-12883 at NVDCVE-2017-6512 at SUSECVE-2017-6512 at NVDCVE-2018-12015 at SUSECVE-2018-12015 at NVDCVE-2018-18311 at SUSECVE-2018-18311 at NVDCVE-2018-18312 at SUSECVE-2018-18312 at NVDCVE-2018-18313 at SUSECVE-2018-18313 at NVDCVE-2018-18314 at SUSECVE-2018-18314 at NVDCVE-2020-10543 at SUSECVE-2020-10543 at NVDCVE-2020-10878 at SUSECVE-2020-10878 at NVDCVE-2020-12723 at SUSECVE-2020-12723 at NVDCVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:sle-micro:5.5perl-ExtUtils-MakeMaker-7.62-150400.1.5 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the perl-ExtUtils-MakeMaker-7.62-150400.1.5 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-1238 at SUSECVE-2016-1238 at NVDcpe:/o:suse:sle-micro:5.5permissions-20201225-150400.5.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the permissions-20201225-150400.5.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-3687 at SUSECVE-2019-3687 at NVDCVE-2019-3688 at SUSECVE-2019-3688 at NVDCVE-2019-3690 at SUSECVE-2019-3690 at NVDCVE-2020-8013 at SUSECVE-2020-8013 at NVDCVE-2020-8025 at SUSECVE-2020-8025 at NVDCVE-2022-31252 at SUSECVE-2022-31252 at NVDcpe:/o:suse:sle-micro:5.5podman-4.4.4-150500.1.4 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the podman-4.4.4-150500.1.4 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-10856 at SUSECVE-2018-10856 at NVDCVE-2019-10152 at SUSECVE-2019-10152 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDCVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-1726 at SUSECVE-2020-1726 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-1227 at SUSECVE-2022-1227 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDCVE-2022-27649 at SUSECVE-2022-27649 at NVDCVE-2022-2989 at SUSECVE-2022-2989 at NVDCVE-2023-0778 at SUSECVE-2023-0778 at NVDcpe:/o:suse:sle-micro:5.5policycoreutils-3.4-150500.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the policycoreutils-3.4-150500.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-7545 at SUSECVE-2016-7545 at NVDCVE-2018-1063 at SUSECVE-2018-1063 at NVDcpe:/o:suse:sle-micro:5.5powerpc-utils-1.3.11-150500.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the powerpc-utils-1.3.11-150500.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-4040 at SUSECVE-2014-4040 at NVDcpe:/o:suse:sle-micro:5.5ppp-2.4.7-150000.5.10.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the ppp-2.4.7-150000.5.10.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-3310 at SUSECVE-2015-3310 at NVDCVE-2020-8597 at SUSECVE-2020-8597 at NVDcpe:/o:suse:sle-micro:5.5procmail-3.22-2.34 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the procmail-3.22-2.34 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3618 at SUSECVE-2014-3618 at NVDCVE-2017-16844 at SUSECVE-2017-16844 at NVDcpe:/o:suse:sle-micro:5.5python3-Babel-2.8.0-3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-Babel-2.8.0-3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:sle-micro:5.5python3-Jinja2-2.10.1-3.10.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-Jinja2-2.10.1-3.10.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-10745 at SUSECVE-2016-10745 at NVDCVE-2019-10906 at SUSECVE-2019-10906 at NVDCVE-2019-8341 at SUSECVE-2019-8341 at NVDCVE-2020-28493 at SUSECVE-2020-28493 at NVDcpe:/o:suse:sle-micro:5.5python3-M2Crypto-0.38.0-150400.7.64 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-M2Crypto-0.38.0-150400.7.64 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.5python3-PyYAML-5.4.1-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-PyYAML-5.4.1-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-18342 at SUSECVE-2017-18342 at NVDCVE-2020-14343 at SUSECVE-2020-14343 at NVDcpe:/o:suse:sle-micro:5.5python3-certifi-2018.1.18-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-certifi-2018.1.18-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-23491 at SUSECVE-2022-23491 at NVDcpe:/o:suse:sle-micro:5.5python3-configobj-5.0.6-150000.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-configobj-5.0.6-150000.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2023-26112 at SUSECVE-2023-26112 at NVDcpe:/o:suse:sle-micro:5.5python3-cryptography-3.3.2-150400.16.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-cryptography-3.3.2-150400.16.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDCVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:sle-micro:5.5python3-future-0.18.2-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-future-0.18.2-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2022-40899 at SUSECVE-2022-40899 at NVDcpe:/o:suse:sle-micro:5.5python3-lxml-4.9.1-150500.1.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-lxml-4.9.1-150500.1.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-19787 at SUSECVE-2018-19787 at NVDCVE-2020-27783 at SUSECVE-2020-27783 at NVDCVE-2021-28957 at SUSECVE-2021-28957 at NVDCVE-2021-43818 at SUSECVE-2021-43818 at NVDCVE-2022-2309 at SUSECVE-2022-2309 at NVDcpe:/o:suse:sle-micro:5.5python3-py-1.10.0-150100.5.12.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-py-1.10.0-150100.5.12.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-29651 at SUSECVE-2020-29651 at NVDCVE-2022-42969 at SUSECVE-2022-42969 at NVDcpe:/o:suse:sle-micro:5.5python3-requests-2.24.0-150300.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-requests-2.24.0-150300.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-2296 at SUSECVE-2015-2296 at NVDCVE-2018-18074 at SUSECVE-2018-18074 at NVDCVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:suse:sle-micro:5.5python3-rsa-3.4.2-150000.3.7.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-rsa-3.4.2-150000.3.7.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-13757 at SUSECVE-2020-13757 at NVDCVE-2020-25658 at SUSECVE-2020-25658 at NVDcpe:/o:suse:sle-micro:5.5python3-salt-3006.0-150500.4.12.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-salt-3006.0-150500.4.12.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-1866 at SUSECVE-2016-1866 at NVDCVE-2016-9639 at SUSECVE-2016-9639 at NVDCVE-2017-12791 at SUSECVE-2017-12791 at NVDCVE-2017-14695 at SUSECVE-2017-14695 at NVDCVE-2017-14696 at SUSECVE-2017-14696 at NVDCVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2019-17361 at SUSECVE-2019-17361 at NVDCVE-2019-18897 at SUSECVE-2019-18897 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-16846 at SUSECVE-2020-16846 at NVDCVE-2020-17490 at SUSECVE-2020-17490 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2020-28243 at SUSECVE-2020-28243 at NVDCVE-2020-28972 at SUSECVE-2020-28972 at NVDCVE-2020-35662 at SUSECVE-2020-35662 at NVDCVE-2021-21996 at SUSECVE-2021-21996 at NVDCVE-2021-25281 at SUSECVE-2021-25281 at NVDCVE-2021-25282 at SUSECVE-2021-25282 at NVDCVE-2021-25283 at SUSECVE-2021-25283 at NVDCVE-2021-25284 at SUSECVE-2021-25284 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-3144 at SUSECVE-2021-3144 at NVDCVE-2021-3148 at SUSECVE-2021-3148 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDCVE-2021-3197 at SUSECVE-2021-3197 at NVDCVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDCVE-2022-22967 at SUSECVE-2022-22967 at NVDCVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.5python3-setuptools-44.1.1-150400.9.3.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-setuptools-44.1.1-150400.9.3.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-20916 at SUSECVE-2019-20916 at NVDcpe:/o:suse:sle-micro:5.5python3-tornado-4.5.3-150000.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-tornado-4.5.3-150000.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.5python3-urllib3-1.25.10-4.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the python3-urllib3-1.25.10-4.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9015 at SUSECVE-2016-9015 at NVDCVE-2018-20060 at SUSECVE-2018-20060 at NVDCVE-2019-11236 at SUSECVE-2019-11236 at NVDCVE-2019-11324 at SUSECVE-2019-11324 at NVDCVE-2019-9740 at SUSECVE-2019-9740 at NVDCVE-2020-26137 at SUSECVE-2020-26137 at NVDCVE-2021-33503 at SUSECVE-2021-33503 at NVDcpe:/o:suse:sle-micro:5.5qemu-7.1.0-150500.49.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the qemu-7.1.0-150500.49.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-0223 at SUSECVE-2014-0223 at NVDCVE-2014-3461 at SUSECVE-2014-3461 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-7840 at SUSECVE-2014-7840 at NVDCVE-2014-8106 at SUSECVE-2014-8106 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3209 at SUSECVE-2015-3209 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5225 at SUSECVE-2015-5225 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5279 at SUSECVE-2015-5279 at NVDCVE-2015-5745 at SUSECVE-2015-5745 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7295 at SUSECVE-2015-7295 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10028 at SUSECVE-2016-10028 at NVDCVE-2016-10155 at SUSECVE-2016-10155 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-3710 at SUSECVE-2016-3710 at NVDCVE-2016-3712 at SUSECVE-2016-3712 at NVDCVE-2016-4002 at SUSECVE-2016-4002 at NVDCVE-2016-4020 at SUSECVE-2016-4020 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-4453 at SUSECVE-2016-4453 at NVDCVE-2016-4454 at SUSECVE-2016-4454 at NVDCVE-2016-4952 at SUSECVE-2016-4952 at NVDCVE-2016-4964 at SUSECVE-2016-4964 at NVDCVE-2016-5105 at SUSECVE-2016-5105 at NVDCVE-2016-5106 at SUSECVE-2016-5106 at NVDCVE-2016-5107 at SUSECVE-2016-5107 at NVDCVE-2016-5126 at SUSECVE-2016-5126 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5337 at SUSECVE-2016-5337 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-5403 at SUSECVE-2016-5403 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-6490 at SUSECVE-2016-6490 at NVDCVE-2016-6833 at SUSECVE-2016-6833 at NVDCVE-2016-6836 at SUSECVE-2016-6836 at NVDCVE-2016-6888 at SUSECVE-2016-6888 at NVDCVE-2016-7116 at SUSECVE-2016-7116 at NVDCVE-2016-7155 at SUSECVE-2016-7155 at NVDCVE-2016-7156 at SUSECVE-2016-7156 at NVDCVE-2016-7157 at SUSECVE-2016-7157 at NVDCVE-2016-7161 at SUSECVE-2016-7161 at NVDCVE-2016-7170 at SUSECVE-2016-7170 at NVDCVE-2016-7421 at SUSECVE-2016-7421 at NVDCVE-2016-7422 at SUSECVE-2016-7422 at NVDCVE-2016-7423 at SUSECVE-2016-7423 at NVDCVE-2016-7466 at SUSECVE-2016-7466 at NVDCVE-2016-7907 at SUSECVE-2016-7907 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-7994 at SUSECVE-2016-7994 at NVDCVE-2016-7995 at SUSECVE-2016-7995 at NVDCVE-2016-8576 at SUSECVE-2016-8576 at NVDCVE-2016-8577 at SUSECVE-2016-8577 at NVDCVE-2016-8578 at SUSECVE-2016-8578 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8668 at SUSECVE-2016-8668 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8909 at SUSECVE-2016-8909 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9101 at SUSECVE-2016-9101 at NVDCVE-2016-9102 at SUSECVE-2016-9102 at NVDCVE-2016-9103 at SUSECVE-2016-9103 at NVDCVE-2016-9104 at SUSECVE-2016-9104 at NVDCVE-2016-9105 at SUSECVE-2016-9105 at NVDCVE-2016-9106 at SUSECVE-2016-9106 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9602 at SUSECVE-2016-9602 at NVDCVE-2016-9776 at SUSECVE-2016-9776 at NVDCVE-2016-9845 at SUSECVE-2016-9845 at NVDCVE-2016-9846 at SUSECVE-2016-9846 at NVDCVE-2016-9907 at SUSECVE-2016-9907 at NVDCVE-2016-9908 at SUSECVE-2016-9908 at NVDCVE-2016-9911 at SUSECVE-2016-9911 at NVDCVE-2016-9912 at SUSECVE-2016-9912 at NVDCVE-2016-9913 at SUSECVE-2016-9913 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9923 at SUSECVE-2016-9923 at NVDCVE-2017-10664 at SUSECVE-2017-10664 at NVDCVE-2017-10806 at SUSECVE-2017-10806 at NVDCVE-2017-11334 at SUSECVE-2017-11334 at NVDCVE-2017-11434 at SUSECVE-2017-11434 at NVDCVE-2017-13672 at SUSECVE-2017-13672 at NVDCVE-2017-13673 at SUSECVE-2017-13673 at NVDCVE-2017-13711 at SUSECVE-2017-13711 at NVDCVE-2017-14167 at SUSECVE-2017-14167 at NVDCVE-2017-15038 at SUSECVE-2017-15038 at NVDCVE-2017-15118 at SUSECVE-2017-15118 at NVDCVE-2017-15119 at SUSECVE-2017-15119 at NVDCVE-2017-15268 at SUSECVE-2017-15268 at NVDCVE-2017-15289 at SUSECVE-2017-15289 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-2630 at SUSECVE-2017-2630 at NVDCVE-2017-2633 at SUSECVE-2017-2633 at NVDCVE-2017-5525 at SUSECVE-2017-5525 at NVDCVE-2017-5526 at SUSECVE-2017-5526 at NVDCVE-2017-5552 at SUSECVE-2017-5552 at NVDCVE-2017-5578 at SUSECVE-2017-5578 at NVDCVE-2017-5579 at SUSECVE-2017-5579 at NVDCVE-2017-5667 at SUSECVE-2017-5667 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5856 at SUSECVE-2017-5856 at NVDCVE-2017-5857 at SUSECVE-2017-5857 at NVDCVE-2017-5898 at SUSECVE-2017-5898 at NVDCVE-2017-5931 at SUSECVE-2017-5931 at NVDCVE-2017-5973 at SUSECVE-2017-5973 at NVDCVE-2017-5987 at SUSECVE-2017-5987 at NVDCVE-2017-6058 at SUSECVE-2017-6058 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-7471 at SUSECVE-2017-7471 at NVDCVE-2017-7493 at SUSECVE-2017-7493 at NVDCVE-2017-8112 at SUSECVE-2017-8112 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-8379 at SUSECVE-2017-8379 at NVDCVE-2017-8380 at SUSECVE-2017-8380 at NVDCVE-2017-9503 at SUSECVE-2017-9503 at NVDCVE-2017-9524 at SUSECVE-2017-9524 at NVDCVE-2018-10839 at SUSECVE-2018-10839 at NVDCVE-2018-11806 at SUSECVE-2018-11806 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12207 at SUSECVE-2018-12207 at NVDCVE-2018-12617 at SUSECVE-2018-12617 at NVDCVE-2018-15746 at SUSECVE-2018-15746 at NVDCVE-2018-16847 at SUSECVE-2018-16847 at NVDCVE-2018-16872 at SUSECVE-2018-16872 at NVDCVE-2018-17958 at SUSECVE-2018-17958 at NVDCVE-2018-17962 at SUSECVE-2018-17962 at NVDCVE-2018-17963 at SUSECVE-2018-17963 at NVDCVE-2018-18849 at SUSECVE-2018-18849 at NVDCVE-2018-20123 at SUSECVE-2018-20123 at NVDCVE-2018-20124 at SUSECVE-2018-20124 at NVDCVE-2018-20125 at SUSECVE-2018-20125 at NVDCVE-2018-20126 at SUSECVE-2018-20126 at NVDCVE-2018-20191 at SUSECVE-2018-20191 at NVDCVE-2018-20216 at SUSECVE-2018-20216 at NVDCVE-2018-20815 at SUSECVE-2018-20815 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-7550 at SUSECVE-2018-7550 at NVDCVE-2018-7858 at SUSECVE-2018-7858 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-12068 at SUSECVE-2019-12068 at NVDCVE-2019-12155 at SUSECVE-2019-12155 at NVDCVE-2019-13164 at SUSECVE-2019-13164 at NVDCVE-2019-14378 at SUSECVE-2019-14378 at NVDCVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2019-5008 at SUSECVE-2019-5008 at NVDCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2019-8934 at SUSECVE-2019-8934 at NVDCVE-2019-9824 at SUSECVE-2019-9824 at NVDCVE-2020-10702 at SUSECVE-2020-10702 at NVDCVE-2020-10717 at SUSECVE-2020-10717 at NVDCVE-2020-10761 at SUSECVE-2020-10761 at NVDCVE-2020-11102 at SUSECVE-2020-11102 at NVDCVE-2020-11869 at SUSECVE-2020-11869 at NVDCVE-2020-13361 at SUSECVE-2020-13361 at NVDCVE-2020-13362 at SUSECVE-2020-13362 at NVDCVE-2020-13659 at SUSECVE-2020-13659 at NVDCVE-2020-13800 at SUSECVE-2020-13800 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-15863 at SUSECVE-2020-15863 at NVDCVE-2020-16092 at SUSECVE-2020-16092 at NVDCVE-2020-1711 at SUSECVE-2020-1711 at NVDCVE-2020-17380 at SUSECVE-2020-17380 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-24352 at SUSECVE-2020-24352 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-7039 at SUSECVE-2020-7039 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20181 at SUSECVE-2021-20181 at NVDCVE-2021-20203 at SUSECVE-2021-20203 at NVDCVE-2021-20221 at SUSECVE-2021-20221 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-20263 at SUSECVE-2021-20263 at NVDCVE-2021-3409 at SUSECVE-2021-3409 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDCVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDCVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDCVE-2021-3929 at SUSECVE-2021-3929 at NVDCVE-2021-4158 at SUSECVE-2021-4158 at NVDCVE-2021-4206 at SUSECVE-2021-4206 at NVDCVE-2021-4207 at SUSECVE-2021-4207 at NVDCVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-0358 at SUSECVE-2022-0358 at NVDCVE-2022-1050 at SUSECVE-2022-1050 at NVDCVE-2022-26353 at SUSECVE-2022-26353 at NVDCVE-2022-26354 at SUSECVE-2022-26354 at NVDCVE-2022-2962 at SUSECVE-2022-2962 at NVDCVE-2022-3165 at SUSECVE-2022-3165 at NVDCVE-2022-35414 at SUSECVE-2022-35414 at NVDCVE-2022-4144 at SUSECVE-2022-4144 at NVDCVE-2022-4172 at SUSECVE-2022-4172 at NVDCVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2023-3255 at SUSECVE-2023-3255 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDcpe:/o:suse:sle-micro:5.5qemu-ovmf-x86_64-202208-150500.4.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the qemu-ovmf-x86_64-202208-150500.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-5731 at SUSECVE-2017-5731 at NVDCVE-2017-5732 at SUSECVE-2017-5732 at NVDCVE-2017-5733 at SUSECVE-2017-5733 at NVDCVE-2017-5734 at SUSECVE-2017-5734 at NVDCVE-2017-5735 at SUSECVE-2017-5735 at NVDCVE-2018-0739 at SUSECVE-2018-0739 at NVDCVE-2018-12178 at SUSECVE-2018-12178 at NVDCVE-2018-12180 at SUSECVE-2018-12180 at NVDCVE-2018-12181 at SUSECVE-2018-12181 at NVDCVE-2018-3613 at SUSECVE-2018-3613 at NVDCVE-2018-3630 at SUSECVE-2018-3630 at NVDCVE-2019-0160 at SUSECVE-2019-0160 at NVDCVE-2019-0161 at SUSECVE-2019-0161 at NVDCVE-2019-14553 at SUSECVE-2019-14553 at NVDCVE-2019-14558 at SUSECVE-2019-14558 at NVDCVE-2019-14559 at SUSECVE-2019-14559 at NVDCVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2019-14562 at SUSECVE-2019-14562 at NVDCVE-2019-14563 at SUSECVE-2019-14563 at NVDCVE-2019-14575 at SUSECVE-2019-14575 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2019-14586 at SUSECVE-2019-14586 at NVDCVE-2019-14587 at SUSECVE-2019-14587 at NVDCVE-2021-28210 at SUSECVE-2021-28210 at NVDCVE-2021-28211 at SUSECVE-2021-28211 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:sle-micro:5.5rpcbind-0.2.3-5.9.2 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the rpcbind-0.2.3-5.9.2 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-7236 at SUSECVE-2015-7236 at NVDCVE-2017-8779 at SUSECVE-2017-8779 at NVDcpe:/o:suse:sle-micro:5.5rpm-4.14.3-150300.55.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the rpm-4.14.3-150300.55.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-7500 at SUSECVE-2017-7500 at NVDCVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:sle-micro:5.5rsync-3.2.3-150400.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the rsync-3.2.3-150400.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8242 at SUSECVE-2014-8242 at NVDCVE-2014-9512 at SUSECVE-2014-9512 at NVDCVE-2017-16548 at SUSECVE-2017-16548 at NVDCVE-2018-5764 at SUSECVE-2018-5764 at NVDCVE-2020-14387 at SUSECVE-2020-14387 at NVDCVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:sle-micro:5.5runc-1.1.7-150000.46.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the runc-1.1.7-150000.46.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-9962 at SUSECVE-2016-9962 at NVDCVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2019-16884 at SUSECVE-2019-16884 at NVDCVE-2019-19921 at SUSECVE-2019-19921 at NVDCVE-2019-5736 at SUSECVE-2019-5736 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-43784 at SUSECVE-2021-43784 at NVDCVE-2022-29162 at SUSECVE-2022-29162 at NVDCVE-2023-25809 at SUSECVE-2023-25809 at NVDCVE-2023-27561 at SUSECVE-2023-27561 at NVDCVE-2023-28642 at SUSECVE-2023-28642 at NVDcpe:/o:suse:sle-micro:5.5samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the samba-client-libs-4.17.9+git.387.ca59f91f61-150500.3.8.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-8143 at SUSECVE-2014-8143 at NVDCVE-2015-0240 at SUSECVE-2015-0240 at NVDCVE-2015-3223 at SUSECVE-2015-3223 at NVDCVE-2015-5252 at SUSECVE-2015-5252 at NVDCVE-2015-5296 at SUSECVE-2015-5296 at NVDCVE-2015-5299 at SUSECVE-2015-5299 at NVDCVE-2015-5330 at SUSECVE-2015-5330 at NVDCVE-2015-5370 at SUSECVE-2015-5370 at NVDCVE-2015-7560 at SUSECVE-2015-7560 at NVDCVE-2015-8467 at SUSECVE-2015-8467 at NVDCVE-2015-8543 at SUSECVE-2015-8543 at NVDCVE-2016-0771 at SUSECVE-2016-0771 at NVDCVE-2016-2110 at SUSECVE-2016-2110 at NVDCVE-2016-2111 at SUSECVE-2016-2111 at NVDCVE-2016-2112 at SUSECVE-2016-2112 at NVDCVE-2016-2113 at SUSECVE-2016-2113 at NVDCVE-2016-2115 at SUSECVE-2016-2115 at NVDCVE-2016-2118 at SUSECVE-2016-2118 at NVDCVE-2016-2119 at SUSECVE-2016-2119 at NVDCVE-2016-2123 at SUSECVE-2016-2123 at NVDCVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2016-2125 at SUSECVE-2016-2125 at NVDCVE-2016-2126 at SUSECVE-2016-2126 at NVDCVE-2017-11103 at SUSECVE-2017-11103 at NVDCVE-2017-12150 at SUSECVE-2017-12150 at NVDCVE-2017-12151 at SUSECVE-2017-12151 at NVDCVE-2017-12163 at SUSECVE-2017-12163 at NVDCVE-2017-14746 at SUSECVE-2017-14746 at NVDCVE-2017-15275 at SUSECVE-2017-15275 at NVDCVE-2017-2619 at SUSECVE-2017-2619 at NVDCVE-2017-7494 at SUSECVE-2017-7494 at NVDCVE-2018-1050 at SUSECVE-2018-1050 at NVDCVE-2018-1057 at SUSECVE-2018-1057 at NVDCVE-2018-10858 at SUSECVE-2018-10858 at NVDCVE-2018-10918 at SUSECVE-2018-10918 at NVDCVE-2018-10919 at SUSECVE-2018-10919 at NVDCVE-2018-1139 at SUSECVE-2018-1139 at NVDCVE-2018-1140 at SUSECVE-2018-1140 at NVDCVE-2018-14629 at SUSECVE-2018-14629 at NVDCVE-2018-16841 at SUSECVE-2018-16841 at NVDCVE-2018-16851 at SUSECVE-2018-16851 at NVDCVE-2018-16852 at SUSECVE-2018-16852 at NVDCVE-2018-16853 at SUSECVE-2018-16853 at NVDCVE-2018-16857 at SUSECVE-2018-16857 at NVDCVE-2018-16860 at SUSECVE-2018-16860 at NVDCVE-2019-10197 at SUSECVE-2019-10197 at NVDCVE-2019-10218 at SUSECVE-2019-10218 at NVDCVE-2019-12435 at SUSECVE-2019-12435 at NVDCVE-2019-12436 at SUSECVE-2019-12436 at NVDCVE-2019-14833 at SUSECVE-2019-14833 at NVDCVE-2019-14847 at SUSECVE-2019-14847 at NVDCVE-2019-14861 at SUSECVE-2019-14861 at NVDCVE-2019-14870 at SUSECVE-2019-14870 at NVDCVE-2019-14902 at SUSECVE-2019-14902 at NVDCVE-2019-14907 at SUSECVE-2019-14907 at NVDCVE-2019-19344 at SUSECVE-2019-19344 at NVDCVE-2019-3824 at SUSECVE-2019-3824 at NVDCVE-2019-3870 at SUSECVE-2019-3870 at NVDCVE-2019-3880 at SUSECVE-2019-3880 at NVDCVE-2020-10700 at SUSECVE-2020-10700 at NVDCVE-2020-10704 at SUSECVE-2020-10704 at NVDCVE-2020-10730 at SUSECVE-2020-10730 at NVDCVE-2020-10745 at SUSECVE-2020-10745 at NVDCVE-2020-10760 at SUSECVE-2020-10760 at NVDCVE-2020-14303 at SUSECVE-2020-14303 at NVDCVE-2020-14318 at SUSECVE-2020-14318 at NVDCVE-2020-14323 at SUSECVE-2020-14323 at NVDCVE-2020-14383 at SUSECVE-2020-14383 at NVDCVE-2020-1472 at SUSECVE-2020-1472 at NVDCVE-2020-17049 at SUSECVE-2020-17049 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-25719 at SUSECVE-2020-25719 at NVDCVE-2020-25720 at SUSECVE-2020-25720 at NVDCVE-2020-25721 at SUSECVE-2020-25721 at NVDCVE-2020-25722 at SUSECVE-2020-25722 at NVDCVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2021-20254 at SUSECVE-2021-20254 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-23192 at SUSECVE-2021-23192 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDCVE-2021-44141 at SUSECVE-2021-44141 at NVDCVE-2021-44142 at SUSECVE-2021-44142 at NVDCVE-2022-0336 at SUSECVE-2022-0336 at NVDCVE-2022-1615 at SUSECVE-2022-1615 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-2127 at SUSECVE-2022-2127 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32743 at SUSECVE-2022-32743 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2022-3437 at SUSECVE-2022-3437 at NVDCVE-2022-3592 at SUSECVE-2022-3592 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-37967 at SUSECVE-2022-37967 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDCVE-2022-44640 at SUSECVE-2022-44640 at NVDCVE-2023-0225 at SUSECVE-2023-0225 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDCVE-2023-0922 at SUSECVE-2023-0922 at NVDCVE-2023-3347 at SUSECVE-2023-3347 at NVDCVE-2023-34966 at SUSECVE-2023-34966 at NVDCVE-2023-34967 at SUSECVE-2023-34967 at NVDCVE-2023-34968 at SUSECVE-2023-34968 at NVDcpe:/o:suse:sle-micro:5.5shim-15.7-150300.4.16.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the shim-15.7-150300.4.16.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3675 at SUSECVE-2014-3675 at NVDCVE-2014-3676 at SUSECVE-2014-3676 at NVDCVE-2014-3677 at SUSECVE-2014-3677 at NVDCVE-2019-14584 at SUSECVE-2019-14584 at NVDCVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.5skopeo-1.12.0-150300.11.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the skopeo-1.12.0-150300.11.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-14992 at SUSECVE-2017-14992 at NVDCVE-2019-10214 at SUSECVE-2019-10214 at NVDcpe:/o:suse:sle-micro:5.5slirp4netns-1.2.0-150500.1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the slirp4netns-1.2.0-150500.1.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-6778 at SUSECVE-2019-6778 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-1983 at SUSECVE-2020-1983 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:sle-micro:5.5socat-1.7.3.2-4.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the socat-1.7.3.2-4.10 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-3571 at SUSECVE-2013-3571 at NVDCVE-2014-0019 at SUSECVE-2014-0019 at NVDCVE-2015-4000 at SUSECVE-2015-4000 at NVDcpe:/o:suse:sle-micro:5.5squashfs-4.4-1.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the squashfs-4.4-1.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDcpe:/o:suse:sle-micro:5.5sudo-1.9.12p1-150500.5.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the sudo-1.9.12p1-150500.5.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-9680 at SUSECVE-2014-9680 at NVDCVE-2016-7032 at SUSECVE-2016-7032 at NVDCVE-2016-7076 at SUSECVE-2016-7076 at NVDCVE-2017-1000367 at SUSECVE-2017-1000367 at NVDCVE-2017-1000368 at SUSECVE-2017-1000368 at NVDCVE-2019-14287 at SUSECVE-2019-14287 at NVDCVE-2019-18634 at SUSECVE-2019-18634 at NVDCVE-2021-23239 at SUSECVE-2021-23239 at NVDCVE-2021-23240 at SUSECVE-2021-23240 at NVDCVE-2021-3156 at SUSECVE-2021-3156 at NVDCVE-2022-43995 at SUSECVE-2022-43995 at NVDCVE-2023-22809 at SUSECVE-2023-22809 at NVDCVE-2023-27320 at SUSECVE-2023-27320 at NVDCVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:sle-micro:5.5supportutils-3.1.21-150300.7.35.18.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the supportutils-3.1.21-150300.7.35.18.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-19637 at SUSECVE-2018-19637 at NVDCVE-2018-19638 at SUSECVE-2018-19638 at NVDCVE-2018-19639 at SUSECVE-2018-19639 at NVDCVE-2018-19640 at SUSECVE-2018-19640 at NVDcpe:/o:suse:sle-micro:5.5swtpm-0.7.3-150500.2.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the swtpm-0.7.3-150500.2.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2020-28407 at SUSECVE-2020-28407 at NVDCVE-2022-23645 at SUSECVE-2022-23645 at NVDcpe:/o:suse:sle-micro:5.5sysstat-12.0.2-3.33.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the sysstat-12.0.2-3.33.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-19416 at SUSECVE-2018-19416 at NVDCVE-2018-19517 at SUSECVE-2018-19517 at NVDCVE-2019-16167 at SUSECVE-2019-16167 at NVDCVE-2019-19725 at SUSECVE-2019-19725 at NVDcpe:/o:suse:sle-micro:5.5tar-1.34-150000.3.31.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the tar-1.34-150000.3.31.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2016-6321 at SUSECVE-2016-6321 at NVDCVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDCVE-2022-48303 at SUSECVE-2022-48303 at NVDcpe:/o:suse:sle-micro:5.5tpm2.0-tools-5.2-150400.4.6 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the tpm2.0-tools-5.2-150400.4.6 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-7524 at SUSECVE-2017-7524 at NVDCVE-2021-3565 at SUSECVE-2021-3565 at NVDcpe:/o:suse:sle-micro:5.5trousers-0.3.15-150400.1.10 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the trousers-0.3.15-150400.1.10 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-18898 at SUSECVE-2019-18898 at NVDCVE-2020-24330 at SUSECVE-2020-24330 at NVDCVE-2020-24331 at SUSECVE-2020-24331 at NVDCVE-2020-24332 at SUSECVE-2020-24332 at NVDcpe:/o:suse:sle-micro:5.5u-boot-rpiarm64-2021.10-150400.4.11.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the u-boot-rpiarm64-2021.10-150400.4.11.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2018-18439 at SUSECVE-2018-18439 at NVDCVE-2018-18440 at SUSECVE-2018-18440 at NVDCVE-2020-10648 at SUSECVE-2020-10648 at NVDCVE-2020-8432 at SUSECVE-2020-8432 at NVDCVE-2022-30552 at SUSECVE-2022-30552 at NVDCVE-2022-30767 at SUSECVE-2022-30767 at NVDCVE-2022-30790 at SUSECVE-2022-30790 at NVDCVE-2022-33103 at SUSECVE-2022-33103 at NVDCVE-2022-33967 at SUSECVE-2022-33967 at NVDCVE-2022-34835 at SUSECVE-2022-34835 at NVDcpe:/o:suse:sle-micro:5.5ucode-intel-20230808-150200.27.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the ucode-intel-20230808-150200.27.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3640 at SUSECVE-2018-3640 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-11135 at SUSECVE-2019-11135 at NVDCVE-2019-11139 at SUSECVE-2019-11139 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-0548 at SUSECVE-2020-0548 at NVDCVE-2020-0549 at SUSECVE-2020-0549 at NVDCVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDCVE-2020-8696 at SUSECVE-2020-8696 at NVDCVE-2020-8698 at SUSECVE-2020-8698 at NVDCVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDCVE-2022-21151 at SUSECVE-2022-21151 at NVDCVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-21233 at SUSECVE-2022-21233 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-33972 at SUSECVE-2022-33972 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDCVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:suse:sle-micro:5.5update-alternatives-1.19.0.4-150000.4.4.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the update-alternatives-1.19.0.4-150000.4.4.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2015-0840 at SUSECVE-2015-0840 at NVDcpe:/o:suse:sle-micro:5.5vim-data-common-9.0.1632-150500.20.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the vim-data-common-9.0.1632-150500.20.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2009-0316 at SUSECVE-2009-0316 at NVDCVE-2017-1000382 at SUSECVE-2017-1000382 at NVDCVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2017-5953 at SUSECVE-2017-5953 at NVDCVE-2017-6349 at SUSECVE-2017-6349 at NVDCVE-2017-6350 at SUSECVE-2017-6350 at NVDCVE-2019-12735 at SUSECVE-2019-12735 at NVDCVE-2019-20807 at SUSECVE-2019-20807 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDCVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDCVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDCVE-2023-1264 at SUSECVE-2023-1264 at NVDCVE-2023-1355 at SUSECVE-2023-1355 at NVDCVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:suse:sle-micro:5.5virt-install-4.1.0-150500.3.3.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the virt-install-4.1.0-150500.3.3.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-10183 at SUSECVE-2019-10183 at NVDcpe:/o:suse:sle-micro:5.5wicked-0.6.73-150500.3.10.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the wicked-0.6.73-150500.3.10.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2019-18902 at SUSECVE-2019-18902 at NVDCVE-2019-18903 at SUSECVE-2019-18903 at NVDCVE-2020-7216 at SUSECVE-2020-7216 at NVDCVE-2020-7217 at SUSECVE-2020-7217 at NVDcpe:/o:suse:sle-micro:5.5wpa_supplicant-2.10-150500.1.3 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the wpa_supplicant-2.10-150500.1.3 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2014-3686 at SUSECVE-2014-3686 at NVDCVE-2015-1863 at SUSECVE-2015-1863 at NVDCVE-2015-4141 at SUSECVE-2015-4141 at NVDCVE-2015-4142 at SUSECVE-2015-4142 at NVDCVE-2015-4143 at SUSECVE-2015-4143 at NVDCVE-2015-4144 at SUSECVE-2015-4144 at NVDCVE-2015-4145 at SUSECVE-2015-4145 at NVDCVE-2015-4146 at SUSECVE-2015-4146 at NVDCVE-2015-5310 at SUSECVE-2015-5310 at NVDCVE-2015-5315 at SUSECVE-2015-5315 at NVDCVE-2015-5316 at SUSECVE-2015-5316 at NVDCVE-2015-8041 at SUSECVE-2015-8041 at NVDCVE-2016-4476 at SUSECVE-2016-4476 at NVDCVE-2016-4477 at SUSECVE-2016-4477 at NVDCVE-2017-13077 at SUSECVE-2017-13077 at NVDCVE-2017-13078 at SUSECVE-2017-13078 at NVDCVE-2017-13079 at SUSECVE-2017-13079 at NVDCVE-2017-13080 at SUSECVE-2017-13080 at NVDCVE-2017-13081 at SUSECVE-2017-13081 at NVDCVE-2017-13082 at SUSECVE-2017-13082 at NVDCVE-2017-13086 at SUSECVE-2017-13086 at NVDCVE-2017-13087 at SUSECVE-2017-13087 at NVDCVE-2017-13088 at SUSECVE-2017-13088 at NVDCVE-2018-14526 at SUSECVE-2018-14526 at NVDCVE-2019-11555 at SUSECVE-2019-11555 at NVDCVE-2019-13377 at SUSECVE-2019-13377 at NVDCVE-2019-16275 at SUSECVE-2019-16275 at NVDCVE-2019-9494 at SUSECVE-2019-9494 at NVDCVE-2019-9495 at SUSECVE-2019-9495 at NVDCVE-2019-9497 at SUSECVE-2019-9497 at NVDCVE-2019-9498 at SUSECVE-2019-9498 at NVDCVE-2019-9499 at SUSECVE-2019-9499 at NVDCVE-2021-0326 at SUSECVE-2021-0326 at NVDCVE-2021-27803 at SUSECVE-2021-27803 at NVDCVE-2021-30004 at SUSECVE-2021-30004 at NVDCVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:sle-micro:5.5xen-libs-4.17.2_02-150500.3.6.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the xen-libs-4.17.2_02-150500.3.6.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2013-3495 at SUSECVE-2013-3495 at NVDCVE-2013-4533 at SUSECVE-2013-4533 at NVDCVE-2013-4534 at SUSECVE-2013-4534 at NVDCVE-2013-4537 at SUSECVE-2013-4537 at NVDCVE-2013-4538 at SUSECVE-2013-4538 at NVDCVE-2013-4539 at SUSECVE-2013-4539 at NVDCVE-2013-4540 at SUSECVE-2013-4540 at NVDCVE-2014-0222 at SUSECVE-2014-0222 at NVDCVE-2014-3640 at SUSECVE-2014-3640 at NVDCVE-2014-3672 at SUSECVE-2014-3672 at NVDCVE-2014-7815 at SUSECVE-2014-7815 at NVDCVE-2015-1779 at SUSECVE-2015-1779 at NVDCVE-2015-3259 at SUSECVE-2015-3259 at NVDCVE-2015-3340 at SUSECVE-2015-3340 at NVDCVE-2015-3456 at SUSECVE-2015-3456 at NVDCVE-2015-4037 at SUSECVE-2015-4037 at NVDCVE-2015-4103 at SUSECVE-2015-4103 at NVDCVE-2015-4104 at SUSECVE-2015-4104 at NVDCVE-2015-4105 at SUSECVE-2015-4105 at NVDCVE-2015-4106 at SUSECVE-2015-4106 at NVDCVE-2015-5154 at SUSECVE-2015-5154 at NVDCVE-2015-5239 at SUSECVE-2015-5239 at NVDCVE-2015-5278 at SUSECVE-2015-5278 at NVDCVE-2015-5307 at SUSECVE-2015-5307 at NVDCVE-2015-6815 at SUSECVE-2015-6815 at NVDCVE-2015-6855 at SUSECVE-2015-6855 at NVDCVE-2015-7311 at SUSECVE-2015-7311 at NVDCVE-2015-7504 at SUSECVE-2015-7504 at NVDCVE-2015-7512 at SUSECVE-2015-7512 at NVDCVE-2015-7549 at SUSECVE-2015-7549 at NVDCVE-2015-7835 at SUSECVE-2015-7835 at NVDCVE-2015-7969 at SUSECVE-2015-7969 at NVDCVE-2015-7970 at SUSECVE-2015-7970 at NVDCVE-2015-7971 at SUSECVE-2015-7971 at NVDCVE-2015-7972 at SUSECVE-2015-7972 at NVDCVE-2015-8104 at SUSECVE-2015-8104 at NVDCVE-2015-8339 at SUSECVE-2015-8339 at NVDCVE-2015-8340 at SUSECVE-2015-8340 at NVDCVE-2015-8341 at SUSECVE-2015-8341 at NVDCVE-2015-8345 at SUSECVE-2015-8345 at NVDCVE-2015-8504 at SUSECVE-2015-8504 at NVDCVE-2015-8550 at SUSECVE-2015-8550 at NVDCVE-2015-8554 at SUSECVE-2015-8554 at NVDCVE-2015-8555 at SUSECVE-2015-8555 at NVDCVE-2015-8558 at SUSECVE-2015-8558 at NVDCVE-2015-8567 at SUSECVE-2015-8567 at NVDCVE-2015-8568 at SUSECVE-2015-8568 at NVDCVE-2015-8613 at SUSECVE-2015-8613 at NVDCVE-2015-8615 at SUSECVE-2015-8615 at NVDCVE-2015-8619 at SUSECVE-2015-8619 at NVDCVE-2015-8743 at SUSECVE-2015-8743 at NVDCVE-2015-8744 at SUSECVE-2015-8744 at NVDCVE-2015-8745 at SUSECVE-2015-8745 at NVDCVE-2016-10013 at SUSECVE-2016-10013 at NVDCVE-2016-10024 at SUSECVE-2016-10024 at NVDCVE-2016-10025 at SUSECVE-2016-10025 at NVDCVE-2016-1568 at SUSECVE-2016-1568 at NVDCVE-2016-1570 at SUSECVE-2016-1570 at NVDCVE-2016-1571 at SUSECVE-2016-1571 at NVDCVE-2016-1714 at SUSECVE-2016-1714 at NVDCVE-2016-1922 at SUSECVE-2016-1922 at NVDCVE-2016-1981 at SUSECVE-2016-1981 at NVDCVE-2016-2198 at SUSECVE-2016-2198 at NVDCVE-2016-2270 at SUSECVE-2016-2270 at NVDCVE-2016-2271 at SUSECVE-2016-2271 at NVDCVE-2016-2391 at SUSECVE-2016-2391 at NVDCVE-2016-2392 at SUSECVE-2016-2392 at NVDCVE-2016-2538 at SUSECVE-2016-2538 at NVDCVE-2016-2841 at SUSECVE-2016-2841 at NVDCVE-2016-4439 at SUSECVE-2016-4439 at NVDCVE-2016-4441 at SUSECVE-2016-4441 at NVDCVE-2016-5238 at SUSECVE-2016-5238 at NVDCVE-2016-5338 at SUSECVE-2016-5338 at NVDCVE-2016-6258 at SUSECVE-2016-6258 at NVDCVE-2016-6259 at SUSECVE-2016-6259 at NVDCVE-2016-6351 at SUSECVE-2016-6351 at NVDCVE-2016-7092 at SUSECVE-2016-7092 at NVDCVE-2016-7093 at SUSECVE-2016-7093 at NVDCVE-2016-7094 at SUSECVE-2016-7094 at NVDCVE-2016-7777 at SUSECVE-2016-7777 at NVDCVE-2016-7908 at SUSECVE-2016-7908 at NVDCVE-2016-7909 at SUSECVE-2016-7909 at NVDCVE-2016-8667 at SUSECVE-2016-8667 at NVDCVE-2016-8669 at SUSECVE-2016-8669 at NVDCVE-2016-8910 at SUSECVE-2016-8910 at NVDCVE-2016-9377 at SUSECVE-2016-9377 at NVDCVE-2016-9378 at SUSECVE-2016-9378 at NVDCVE-2016-9379 at SUSECVE-2016-9379 at NVDCVE-2016-9380 at SUSECVE-2016-9380 at NVDCVE-2016-9381 at SUSECVE-2016-9381 at NVDCVE-2016-9382 at SUSECVE-2016-9382 at NVDCVE-2016-9383 at SUSECVE-2016-9383 at NVDCVE-2016-9384 at SUSECVE-2016-9384 at NVDCVE-2016-9385 at SUSECVE-2016-9385 at NVDCVE-2016-9386 at SUSECVE-2016-9386 at NVDCVE-2016-9637 at SUSECVE-2016-9637 at NVDCVE-2016-9921 at SUSECVE-2016-9921 at NVDCVE-2016-9922 at SUSECVE-2016-9922 at NVDCVE-2016-9932 at SUSECVE-2016-9932 at NVDCVE-2017-12135 at SUSECVE-2017-12135 at NVDCVE-2017-12136 at SUSECVE-2017-12136 at NVDCVE-2017-12137 at SUSECVE-2017-12137 at NVDCVE-2017-2615 at SUSECVE-2017-2615 at NVDCVE-2017-2620 at SUSECVE-2017-2620 at NVDCVE-2017-5715 at SUSECVE-2017-5715 at NVDCVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2017-5754 at SUSECVE-2017-5754 at NVDCVE-2017-6505 at SUSECVE-2017-6505 at NVDCVE-2017-8309 at SUSECVE-2017-8309 at NVDCVE-2017-9330 at SUSECVE-2017-9330 at NVDCVE-2018-10471 at SUSECVE-2018-10471 at NVDCVE-2018-10472 at SUSECVE-2018-10472 at NVDCVE-2018-10981 at SUSECVE-2018-10981 at NVDCVE-2018-10982 at SUSECVE-2018-10982 at NVDCVE-2018-12126 at SUSECVE-2018-12126 at NVDCVE-2018-12127 at SUSECVE-2018-12127 at NVDCVE-2018-12130 at SUSECVE-2018-12130 at NVDCVE-2018-12891 at SUSECVE-2018-12891 at NVDCVE-2018-12892 at SUSECVE-2018-12892 at NVDCVE-2018-12893 at SUSECVE-2018-12893 at NVDCVE-2018-15468 at SUSECVE-2018-15468 at NVDCVE-2018-15469 at SUSECVE-2018-15469 at NVDCVE-2018-15470 at SUSECVE-2018-15470 at NVDCVE-2018-18883 at SUSECVE-2018-18883 at NVDCVE-2018-19961 at SUSECVE-2018-19961 at NVDCVE-2018-19962 at SUSECVE-2018-19962 at NVDCVE-2018-19963 at SUSECVE-2018-19963 at NVDCVE-2018-19964 at SUSECVE-2018-19964 at NVDCVE-2018-19965 at SUSECVE-2018-19965 at NVDCVE-2018-19966 at SUSECVE-2018-19966 at NVDCVE-2018-19967 at SUSECVE-2018-19967 at NVDCVE-2018-3639 at SUSECVE-2018-3639 at NVDCVE-2018-3646 at SUSECVE-2018-3646 at NVDCVE-2018-3665 at SUSECVE-2018-3665 at NVDCVE-2018-5244 at SUSECVE-2018-5244 at NVDCVE-2018-7540 at SUSECVE-2018-7540 at NVDCVE-2018-7541 at SUSECVE-2018-7541 at NVDCVE-2018-7542 at SUSECVE-2018-7542 at NVDCVE-2018-8897 at SUSECVE-2018-8897 at NVDCVE-2019-11091 at SUSECVE-2019-11091 at NVDCVE-2019-17349 at SUSECVE-2019-17349 at NVDCVE-2020-0543 at SUSECVE-2020-0543 at NVDCVE-2020-11739 at SUSECVE-2020-11739 at NVDCVE-2020-11740 at SUSECVE-2020-11740 at NVDCVE-2020-11741 at SUSECVE-2020-11741 at NVDCVE-2020-11742 at SUSECVE-2020-11742 at NVDCVE-2020-11743 at SUSECVE-2020-11743 at NVDCVE-2020-15563 at SUSECVE-2020-15563 at NVDCVE-2020-15565 at SUSECVE-2020-15565 at NVDCVE-2020-15566 at SUSECVE-2020-15566 at NVDCVE-2020-15567 at SUSECVE-2020-15567 at NVDCVE-2020-25595 at SUSECVE-2020-25595 at NVDCVE-2020-25596 at SUSECVE-2020-25596 at NVDCVE-2020-25597 at SUSECVE-2020-25597 at NVDCVE-2020-25598 at SUSECVE-2020-25598 at NVDCVE-2020-25599 at SUSECVE-2020-25599 at NVDCVE-2020-25600 at SUSECVE-2020-25600 at NVDCVE-2020-25601 at SUSECVE-2020-25601 at NVDCVE-2020-25602 at SUSECVE-2020-25602 at NVDCVE-2020-25603 at SUSECVE-2020-25603 at NVDCVE-2020-25604 at SUSECVE-2020-25604 at NVDCVE-2020-27670 at SUSECVE-2020-27670 at NVDCVE-2020-27671 at SUSECVE-2020-27671 at NVDCVE-2020-27672 at SUSECVE-2020-27672 at NVDCVE-2020-27674 at SUSECVE-2020-27674 at NVDCVE-2020-28368 at SUSECVE-2020-28368 at NVDCVE-2020-29040 at SUSECVE-2020-29040 at NVDCVE-2020-29480 at SUSECVE-2020-29480 at NVDCVE-2020-29481 at SUSECVE-2020-29481 at NVDCVE-2020-29483 at SUSECVE-2020-29483 at NVDCVE-2020-29484 at SUSECVE-2020-29484 at NVDCVE-2020-29566 at SUSECVE-2020-29566 at NVDCVE-2020-29567 at SUSECVE-2020-29567 at NVDCVE-2020-29570 at SUSECVE-2020-29570 at NVDCVE-2020-29571 at SUSECVE-2020-29571 at NVDCVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDCVE-2021-28701 at SUSECVE-2021-28701 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-27672 at SUSECVE-2022-27672 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33747 at SUSECVE-2022-33747 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDCVE-2022-42327 at SUSECVE-2022-42327 at NVDCVE-2022-42330 at SUSECVE-2022-42330 at NVDCVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDCVE-2022-42335 at SUSECVE-2022-42335 at NVDCVE-2022-42336 at SUSECVE-2022-42336 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.5zypper-1.14.63-150400.3.29.1 on GA media (Moderate)SUSE Linux Enterprise Micro 5.5
These are all security issues fixed in the zypper-1.14.63-150400.3.29.1 package on the GA media of SUSE Linux Enterprise Micro 5.5. ModerateCVE-2017-7436 at SUSECVE-2017-7436 at NVDCVE-2017-9269 at SUSECVE-2017-9269 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite was updated to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Updated to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Important)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:sle-micro:5.3Security update for colord (Moderate)SUSE Linux Enterprise Micro 5.3
This update for colord fixes the following issues:
- CVE-2021-42523: Fixed a small memory leak in sqlite3_exec (bsc#1202802).
ModerateSUSE bug 1202802CVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.3Security update for cifs-utils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cifs-utils fixes the following issues:
- Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update
ModerateSUSE bug 1198976CVE-2022-29869 at SUSECVE-2022-29869 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:sle-micro:5.3Security update for libksba (Critical)SUSE Linux Enterprise Micro 5.3
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).
ImportantSUSE bug 1201723SUSE bug 1201971SUSE bug 1202026SUSE bug 1202466SUSE bug 1202467SUSE bug 1202468SUSE bug 1202968SUSE bug 1202971SUSE bug 1202973CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1204366SUSE bug 1204367CVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:sle-micro:5.3Security update for multipath-tools (Important)SUSE Linux Enterprise Micro 5.3
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483)
- multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)
- multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)
- Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for 'protocol' subsection in
'overrides' section to set certain config options by protocol.
- Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout
- Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use remove_map_callback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported dev_loss_tmo
ImportantSUSE bug 1197570SUSE bug 1199342SUSE bug 1199345SUSE bug 1199346SUSE bug 1199347SUSE bug 1201483SUSE bug 1202616SUSE bug 1202739CVE-2022-41973 at SUSECVE-2022-41973 at NVDCVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
Updated to version 4.16.2 (bsc#1027519):
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
Bugfixes:
- Fixed Xen DomU unable to emulate audio device (bsc#1201994).
- Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631).
ModerateSUSE bug 1027519SUSE bug 1167608SUSE bug 1201631SUSE bug 1201994SUSE bug 1203806SUSE bug 1203807CVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDcpe:/o:suse:sle-micro:5.3Security update for libtasn1 (Critical)SUSE Linux Enterprise Micro 5.3
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
- CVE-2022-42916: Fixed HSTS bypass via IDN (bsc#1204386).
ImportantSUSE bug 1204383SUSE bug 1204386CVE-2022-32221 at SUSECVE-2022-32221 at NVDCVE-2022-42916 at SUSECVE-2022-42916 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)
ModerateSUSE bug 1192115SUSE bug 1198038SUSE bug 1201367CVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-35414 at SUSECVE-2022-35414 at NVDcpe:/o:suse:sle-micro:5.3Security update for dbus-1 (Important)SUSE Linux Enterprise Micro 5.3
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809).
ModerateSUSE bug 1202809CVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated.
The following security bugs were fixed:
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-1263: Fixed a NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allowed an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service (bnc#1198189).
- CVE-2022-32296: Fixed a bug which allowed TCP servers to identify clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3202: Fixed a NULL pointer dereference flaw in Journaled File System. This could allow a local attacker to crash the system or leak kernel internal information (bnc#1203389).
- CVE-2022-39189: Fixed a bug in the x86 KVM subsystem which allows unprivileged guest users to compromise the guest kernel because TLB flush operations are mishandled (bnc#1203066).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095).
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)
- CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
- CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
- CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
The following non-security bugs were fixed:
- ACPI / scan: Create platform device for CS35L41 (bsc#1203699).
- ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bsc#1203767).
- ACPI: resource: skip IRQ override on AMD Zen platforms (git-fixes).
- ACPI: scan: Add CLSA0101 Laptop Support (bsc#1203699).
- ACPI: utils: Add api to read _SUB from ACPI (bsc#1203699).
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
- ALSA: core: Fix double-free at snd_card_new() (git-fixes).
- ALSA: cs35l41: Check hw_config before using it (bsc#1203699).
- ALSA: cs35l41: Enable Internal Boost in shared lib (bsc#1203699).
- ALSA: cs35l41: Move cs35l41_gpio_config to shared lib (bsc#1203699).
- ALSA: cs35l41: Unify hardware configuration (bsc#1203699).
- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- ALSA: hda: cs35l41: Add Amp Name based on channel and index (bsc#1203699).
- ALSA: hda: cs35l41: Add Boost type flag (bsc#1203699).
- ALSA: hda: cs35l41: Add calls to newly added test key function (bsc#1203699).
- ALSA: hda: cs35l41: Add defaulted values into dsp bypass config sequence (bsc#1203699).
- ALSA: hda: cs35l41: Add initial DSP support and firmware loading (bsc#1203699).
- ALSA: hda: cs35l41: Add missing default cases (bsc#1203699).
- ALSA: hda: cs35l41: Add module parameter to control firmware load (bsc#1203699).
- ALSA: hda: cs35l41: Add support for CS35L41 in HDA systems (bsc#1203699).
- ALSA: hda: cs35l41: Add Support for Interrupts (bsc#1203699).
- ALSA: hda: cs35l41: Allow compilation test on non-ACPI configurations (bsc#1203699).
- ALSA: hda: cs35l41: Always configure the DAI (bsc#1203699).
- ALSA: hda: cs35l41: Avoid overwriting register patch (bsc#1203699).
- ALSA: hda: cs35l41: Clarify support for CSC3551 without _DSD Properties (bsc#1203699).
- ALSA: hda: cs35l41: Consolidate selections under SND_HDA_SCODEC_CS35L41 (bsc#1203699).
- ALSA: hda: cs35l41: Do not dereference fwnode handle (bsc#1203699).
- ALSA: hda: cs35l41: Drop wrong use of ACPI_PTR() (bsc#1203699).
- ALSA: hda: cs35l41: Enable GPIO2 Interrupt for CLSA0100 laptops (bsc#1203699).
- ALSA: hda: cs35l41: Fix comments wrt serial-multi-instantiate reference (bsc#1203699).
- ALSA: hda: cs35l41: fix double free on error in probe() (bsc#1203699).
- ALSA: hda: cs35l41: Fix error in spi cs35l41 hda driver name (bsc#1203699).
- ALSA: hda: cs35l41: Fix I2S params comments (bsc#1203699).
- ALSA: hda: cs35l41: Handle all external boost setups the same way (bsc#1203699).
- ALSA: hda: cs35l41: Improve dev_err_probe() messaging (bsc#1203699).
- ALSA: hda: cs35l41: Make cs35l41_hda_remove() return void (bsc#1203699).
- ALSA: hda: cs35l41: Make use of the helper function dev_err_probe() (bsc#1203699).
- ALSA: hda: cs35l41: Move boost config to initialization code (bsc#1203699).
- ALSA: hda: cs35l41: Move cs35l41* calls to its own symbol namespace (bsc#1203699).
- ALSA: hda: cs35l41: Move external boost handling to lib for ASoC use (bsc#1203699).
- ALSA: hda: cs35l41: Mute the device before shutdown (bsc#1203699).
- ALSA: hda: cs35l41: Put the device into safe mode for external boost (bsc#1203699).
- ALSA: hda: cs35l41: Read Speaker Calibration data from UEFI variables (bsc#1203699).
- ALSA: hda: cs35l41: Remove cs35l41_hda_reg_sequence struct (bsc#1203699).
- ALSA: hda: cs35l41: Remove Set Channel Map api from binding (bsc#1203699).
- ALSA: hda: cs35l41: Reorganize log for playback actions (bsc#1203699).
- ALSA: hda: cs35l41: Save codec object inside component struct (bsc#1203699).
- ALSA: hda: cs35l41: Save Subsystem ID inside CS35L41 Driver (bsc#1203699).
- ALSA: hda: cs35l41: Set Speaker Position for CLSA0100 Laptop (bsc#1203699).
- ALSA: hda: cs35l41: Support CLSA0101 (bsc#1203699).
- ALSA: hda: cs35l41: Support Firmware switching and reloading (bsc#1203699).
- ALSA: hda: cs35l41: Support Hibernation during Suspend (bsc#1203699).
- ALSA: hda: cs35l41: Support multiple load paths for firmware (bsc#1203699).
- ALSA: hda: cs35l41: Support reading subsystem id from ACPI (bsc#1203699).
- ALSA: hda: cs35l41: Support Speaker ID for laptops (bsc#1203699).
- ALSA: hda: cs35l41: Tidyup code (bsc#1203699).
- ALSA: hda: cs35l41: Use the CS35L41 HDA internal define (bsc#1203699).
- ALSA: hda: Fix dependencies of CS35L41 on SPI/I2C buses (bsc#1203699).
- ALSA: hda: Fix dependency on ASoC cs35l41 codec (bsc#1203699).
- ALSA: hda: Fix hang at HD-audio codec unbinding due to refcount saturation (git-fixes).
- ALSA: hda: Fix Nvidia dp infoframe (git-fixes).
- ALSA: hda: hda_cs_dsp_ctl: Add apis to write the controls directly (bsc#1203699).
- ALSA: hda: hda_cs_dsp_ctl: Add fw id strings (bsc#1203699).
- ALSA: hda: hda_cs_dsp_ctl: Add Library to support CS_DSP ALSA controls (bsc#1203699).
- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs (jsc#PED-720).
- ALSA: hda/cs8409: Add new Dolphin HW variants (bsc#1203699).
- ALSA: hda/cs8409: Add Speaker Playback Switch for Cyborg (bsc#1203699).
- ALSA: hda/cs8409: Add Speaker Playback Switch for Warlock (bsc#1203699).
- ALSA: hda/cs8409: change cs8409_fixups v.pins initializers to static (bsc#1203699).
- ALSA: hda/cs8409: Disable HSBIAS_SENSE_EN for Cyborg (bsc#1203699).
- ALSA: hda/cs8409: Fix Full Scale Volume setting for all variants (bsc#1203699).
- ALSA: hda/cs8409: Fix Warlock to use mono mic configuration (bsc#1203699).
- ALSA: hda/cs8409: Re-order quirk table into ascending order (bsc#1203699).
- ALSA: hda/cs8409: Support manual mode detection for CS42L42 (bsc#1203699).
- ALSA: hda/cs8409: Support new Dolphin Variants (bsc#1203699).
- ALSA: hda/cs8409: Support new Odin Variants (bsc#1203699).
- ALSA: hda/cs8409: Support new Warlock MLK Variants (bsc#1203699).
- ALSA: hda/cs8409: Use general cs42l42 include in cs8409 hda driver (bsc#1203699).
- ALSA: hda/realtek: Add a quirk for HP OMEN 16 (8902) mute LED (git-fixes).
- ALSA: hda/realtek: Add CS35L41 support for Thinkpad laptops (bsc#1203699).
- ALSA: hda/realtek: Add mute and micmut LED support for Zbook Fury 17 G9 (bsc#1203699).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Zbook Firefly 14 G9 model (bsc#1203699).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga7 14IAL7 (bsc#1203699).
- ALSA: hda/realtek: Add quirks for ASUS Zenbooks using CS35L41 (bsc#1203699).
- ALSA: hda/realtek: Add support for HP Laptops (bsc#1203699).
- ALSA: hda/realtek: Add support for Legion 7 16ACHg6 laptop (bsc#1203699).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5570 laptop (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook 845/865 G9 (bsc#1203699).
- ALSA: hda/realtek: Enable mute/micmute LEDs support for HP Laptops (bsc#1203699).
- ALSA: hda/realtek: Enable speaker and mute LEDs for HP laptops (bsc#1203699).
- ALSA: hda/realtek: Fix LED on Zbook Studio G9 (bsc#1203699).
- ALSA: hda/realtek: Fix mute led issue on thinkpad with cs35l41 s-codec (bsc#1203699).
- ALSA: hda/realtek: More robust component matching for CS35L41 (bsc#1203699).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
- ALSA: hda/tegra: Add Tegra234 hda driver support (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda/tegra: set depop delay for tegra (git-fixes).
- ALSA: hda/tegra: Update scratch reg. communication (git-fixes).
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly (git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
- ARM: dts: am33xx: Fix MMCHS0 dma properties (git-fixes).
- ARM: dts: imx: align SPI NOR node name with dtschema (git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: fix spi-flash compatible (git-fixes).
- arm64: dts: qcom: sm8350: fix UFS PHY serdes size (git-fixes).
- arm64: dts: rockchip: Fix typo in lisense text for PX30.Core (git-fixes).
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes).
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes).
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes).
- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) Enable this errata fix configuration option to arm64/default.
- arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
- arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes)
- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
- arm64: topology: fix possible overflow in amu_fie_setup() (git-fixes).
- ASoC: cs35l41: Add ASP TX3/4 source to register patch (bsc#1203699).
- ASoC: cs35l41: Add bindings for CS35L41 (bsc#1203699).
- ASoC: cs35l41: Add common cs35l41 enter hibernate function (bsc#1203699).
- ASoC: cs35l41: Add cs35l51/53 IDs (bsc#1203699).
- ASoC: cs35l41: Add endianness flag in snd_soc_component_driver (bsc#1203699).
- ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
- ASoC: cs35l41: Add one more variable in the debug log (bsc#1203699).
- ASoC: cs35l41: Add support for CLSA3541 ACPI device ID (bsc#1203699).
- ASoC: cs35l41: Add support for hibernate memory retention mode (bsc#1203699).
- ASoC: cs35l41: Binding fixes (bsc#1203699).
- ASoC: cs35l41: Change monitor widgets to siggens (bsc#1203699).
- ASoC: cs35l41: Combine adjacent register writes (bsc#1203699).
- ASoC: cs35l41: Convert tables to shared source code (bsc#1203699).
- ASoC: cs35l41: Correct DSP power down (bsc#1203699).
- ASoC: cs35l41: Correct handling of some registers in the cache (bsc#1203699).
- ASoC: cs35l41: Correct some control names (bsc#1203699).
- ASoC: cs35l41: Create shared function for boost configuration (bsc#1203699).
- ASoC: cs35l41: Create shared function for errata patches (bsc#1203699).
- ASoC: cs35l41: Create shared function for setting channels (bsc#1203699).
- ASoC: cs35l41: CS35L41 Boosted Smart Amplifier (bsc#1203699).
- ASoC: cs35l41: Do not overwrite returned error code (bsc#1203699).
- ASoC: cs35l41: Do not print error when waking from hibernation (bsc#1203699).
- ASoC: cs35l41: Document CS35l41 External Boost (bsc#1203699).
- ASoC: cs35l41: DSP Support (bsc#1203699).
- ASoC: cs35l41: Fix a bunch of trivial code formating/style issues (bsc#1203699).
- ASoC: cs35l41: Fix a shift-out-of-bounds warning found by UBSAN (bsc#1203699).
- ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t (bsc#1203699).
- ASoC: cs35l41: Fix DSP mbox start command and global enable order (bsc#1203699).
- ASoC: cs35l41: Fix GPIO2 configuration (bsc#1203699).
- ASoC: cs35l41: Fix link problem (bsc#1203699).
- ASoC: cs35l41: Fix max number of TX channels (bsc#1203699).
- ASoC: cs35l41: Fix undefined reference to core functions (bsc#1203699).
- ASoC: cs35l41: Fix use of an uninitialised variable (bsc#1203699).
- ASoC: cs35l41: Fixup the error messages (bsc#1203699).
- ASoC: cs35l41: Make cs35l41_remove() return void (bsc#1203699).
- ASoC: cs35l41: Move cs_dsp config struct into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41 exit hibernate function into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41 fs errata into shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41_otp_unpack to shared code (bsc#1203699).
- ASoC: cs35l41: Move cs35l41_set_cspl_mbox_cmd to shared code (bsc#1203699).
- ASoC: cs35l41: Move power initializations to reg_sequence (bsc#1203699).
- ASoC: cs35l41: Read System Name from ACPI _SUB to identify firmware (bsc#1203699).
- ASoC: cs35l41: Remove incorrect comment (bsc#1203699).
- ASoC: cs35l41: Remove unnecessary param (bsc#1203699).
- ASoC: cs35l41: Set the max SPI speed for the whole device (bsc#1203699).
- ASoC: cs35l41: Support external boost (bsc#1203699).
- ASoC: cs35l41: Update handling of test key registers (bsc#1203699).
- ASoC: cs35l41: Use regmap_read_poll_timeout to wait for OTP boot (bsc#1203699).
- ASoC: cs42l42: Add control for audio slow-start switch (bsc#1203699).
- ASoC: cs42l42: Add warnings about DETECT_MODE and PLL_START (bsc#1203699).
- ASoC: cs42l42: Allow time for HP/ADC to power-up after enable (bsc#1203699).
- ASoC: cs42l42: Always enable TS_PLUG and TS_UNPLUG interrupts (bsc#1203699).
- ASoC: cs42l42: Change jack_detect_mutex to a lock of all IRQ handling (bsc#1203699).
- ASoC: cs42l42: Do not claim to support 192k (bsc#1203699).
- ASoC: cs42l42: Do not reconfigure the PLL while it is running (bsc#1203699).
- ASoC: cs42l42: Fix WARN in remove() if running without an interrupt (bsc#1203699).
- ASoC: cs42l42: free_irq() before powering-down on probe() fail (bsc#1203699).
- ASoC: cs42l42: Handle system suspend (bsc#1203699).
- ASoC: cs42l42: Implement Manual Type detection as fallback (bsc#1203699).
- ASoC: cs42l42: Mark OSC_SWITCH_STATUS register volatile (bsc#1203699).
- ASoC: cs42l42: Minor fix all errors reported by checkpatch.pl script (bsc#1203699).
- ASoC: cs42l42: Move CS42L42 register descriptions to general include (bsc#1203699).
- ASoC: cs42l42: Only report button state if there was a button interrupt (git-fixes).
- ASoC: cs42l42: Prevent NULL pointer deref in interrupt handler (bsc#1203699).
- ASoC: cs42l42: Remove redundant pll_divout member (bsc#1203699).
- ASoC: cs42l42: Remove redundant writes to DETECT_MODE (bsc#1203699).
- ASoC: cs42l42: Remove redundant writes to RS_PLUG/RS_UNPLUG masks (bsc#1203699).
- ASoC: cs42l42: Remove unused runtime_suspend/runtime_resume callbacks (bsc#1203699).
- ASoC: cs42l42: Report full jack status when plug is detected (bsc#1203699).
- ASoC: cs42l42: Report initial jack state (bsc#1203699).
- ASoC: cs42l42: Reset and power-down on remove() and failed probe() (bsc#1203699).
- ASoC: cs42l42: Set correct SRC MCLK (bsc#1203699).
- ASoC: cs42l42: Simplify reporting of jack unplug (bsc#1203699).
- ASoC: cs42l42: Use PLL for SCLK > 12.288MHz (bsc#1203699).
- ASoC: cs42l42: Use two thresholds and increased wait time for manual type detection (bsc#1203699).
- ASoC: dt-bindings: cs42l42: Convert binding to yaml (bsc#1203699).
- ASoC: imx-card: Fix refcount issue with of_node_put (git-fixes).
- ASoC: mchp-spdiftx: Fix clang -Wbitfield-constant-conversion (git-fixes).
- ASoC: mchp-spdiftx: remove references to mchp_i2s_caps (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- ASoC: qcom: sm8250: add missing module owner (git-fixes).
- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- ASoC: wm_adsp: Add support for 'toggle' preloaders (bsc#1203699).
- ASoC: wm_adsp: Add trace caps to speaker protection FW (bsc#1203699).
- ASoC: wm_adsp: Cancel ongoing work when removing controls (bsc#1203699).
- ASoC: wm_adsp: Compressed stream DSP memory structs should be __packed (bsc#1203699).
- ASoC: wm_adsp: Correct control read size when parsing compressed buffer (bsc#1203699).
- ASoC: wm_adsp: Expand firmware loading search options (bsc#1203699).
- ASoC: wm_adsp: Fix event for preloader (bsc#1203699).
- ASoC: wm_adsp: Introduce cs_dsp logging macros (bsc#1203699).
- ASoC: wm_adsp: Make compressed buffers optional (bsc#1203699).
- ASoC: wm_adsp: Minor clean and redundant code removal (bsc#1203699).
- ASoC: wm_adsp: Move check for control existence (bsc#1203699).
- ASoC: wm_adsp: Move check of dsp->running to better place (bsc#1203699).
- ASoC: wm_adsp: move firmware loading to client (bsc#1203699).
- ASoC: wm_adsp: Move sys_config_size to wm_adsp (bsc#1203699).
- ASoC: wm_adsp: Pass firmware names as parameters when starting DSP core (bsc#1203699).
- ASoC: wm_adsp: remove a repeated including (bsc#1203699).
- ASoC: wm_adsp: Remove pointless string comparison (bsc#1203699).
- ASoC: wm_adsp: Remove the wmfw_add_ctl helper function (bsc#1203699).
- ASoC: wm_adsp: Remove use of snd_ctl_elem_type_t (bsc#1203699).
- ASoC: wm_adsp: Rename generic DSP support (bsc#1203699).
- ASoC: wm_adsp: Separate generic cs_dsp_coeff_ctl handling (bsc#1203699).
- ASoC: wm_adsp: Separate some ASoC and generic functions (bsc#1203699).
- ASoC: wm_adsp: Separate wm_adsp specifics in cs_dsp_client_ops (bsc#1203699).
- ASoC: wm_adsp: Split DSP power operations into helper functions (bsc#1203699).
- ASoC: wm_adsp: Split out struct cs_dsp from struct wm_adsp (bsc#1203699).
- ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers (bsc#1203699).
- ASoC: wm_adsp: wm_adsp_control_add() error: uninitialized symbol 'ret' (bsc#1203699).
- batman-adv: Fix hang up with small MTU hard-interface (git-fixes).
- Bluetooth: btusb: mediatek: fix WMT failure during runtime suspend (git-fixes).
- Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
- bnx2x: fix built-in kernel driver load failure (git-fixes).
- bnx2x: fix driver load from initrd (git-fixes).
- btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() (bsc#1203360).
- btrfs: fix space cache corruption and potential double allocations (bsc#1203361).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
- can: rx-offload: can_rx_offload_init_queue(): fix typo (git-fixes).
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (bsc#1196869).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
- cgroup: Fix race condition at rebind_subsystems() (bsc#1203902).
- cgroup: Fix threadgroup_rwsem cpus_read_lock() deadlock (bsc#1196869).
- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
- clk: bcm: rpi: Use correct order for the parameters of devm_kcalloc() (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
- clk: ingenic-tcu: Properly enable registers before accessing timers (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- cs-dsp and serial-multi-instantiate enablement (bsc#1203699)
- dmaengine: idxd: add helper for per interrupt handle drain (jsc#PED-682).
- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
- dmaengine: idxd: change MSIX allocation based on per wq activation (jsc#PED-664).
- dmaengine: idxd: create locked version of idxd_quiesce() call (jsc#PED-682).
- dmaengine: idxd: embed irq_entry in idxd_wq struct (jsc#PED-664).
- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
- dmaengine: idxd: fix retry value to be constant for duration of function call (git-fixes).
- dmaengine: idxd: handle interrupt handle revoked event (jsc#PED-682).
- dmaengine: idxd: handle invalid interrupt handle descriptors (jsc#PED-682).
- dmaengine: idxd: int handle management refactoring (jsc#PED-682).
- dmaengine: idxd: match type for retries var in idxd_enqcmds() (git-fixes).
- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
- dmaengine: idxd: rework descriptor free path on failure (jsc#PED-682).
- dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
- dmaengine: idxd: update IAA definitions for user header (jsc#PED-763).
- dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() (git-fixes).
- docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
- drm/amd/amdgpu: fixing read wrong pf2vf data in SRIOV (git-fixes).
- drm/amd/amdgpu: skip ucode loading if ucode_size == 0 (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amd/display: Mark dml30's UseMinimumDCFCLK() as noinline for stack usage (git-fixes).
- drm/amd/display: Reduce number of arguments of dml31's CalculateFlipSchedule() (git-fixes).
- drm/amd/display: Reduce number of arguments of dml31's CalculateWatermarksAndDRAMSpeedChangeSupport() (git-fixes).
- drm/amd/pm: disable BACO entry/exit completely on several sienna cichlid cards (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: make sure to init common IP before gmc (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: move nbio ih_doorbell_range() into ih code for vega (git-fixes).
- drm/amdgpu: move nbio sdma_doorbell_range() into sdma code for vega (git-fixes).
- drm/amdgpu: Move psp_xgmi_terminate call from amdgpu_xgmi_remove_device to psp_hw_fini (git-fixes).
- drm/amdgpu: Separate vf2pf work item init from virt data exchange (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/bridge: display-connector: implement bus fmts callbacks (git-fixes).
- drm/bridge: lt8912b: add vsync hsync (git-fixes).
- drm/bridge: lt8912b: fix corrupted image output (git-fixes).
- drm/bridge: lt8912b: set hdmi or dvi mode (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gma500: Fix BUG: sleeping function called from invalid context errors (git-fixes).
- drm/i915: Implement WaEdpLinkRateDataReload (git-fixes).
- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/gt: Restrict forced preemption to the active context (git-fixes).
- drm/mediatek: dsi: Add atomic {destroy,duplicate}_state, reset callbacks (git-fixes).
- drm/mediatek: dsi: Move mtk_dsi_stop() call back to mtk_dsi_poweroff() (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/panel: simple: Fix innolux_g121i1_l01 bus_format (git-fixes).
- drm/panfrost: devfreq: set opp to the recommended one to configure regulator (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/tegra: vic: Fix build warning when CONFIG_PM=n (git-fixes).
- dt-bindings: hwmon: (mr75203) fix 'intel,vm-map' property to be optional (git-fixes).
- EDAC/dmc520: Do not print an error for each unconfigured interrupt line (bsc#1190497).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- efi: libstub: Disable struct randomization (git-fixes).
- eth: alx: take rtnl_lock on resume (git-fixes).
- eth: sun: cassini: remove dead code (git-fixes).
- fbcon: Add option to enable legacy hardware acceleration (bsc#1152472) Backporting changes: * context fixes in other patch * update config
- fbcon: Fix accelerated fbdev scrolling while logo is still shown (bsc#1152472)
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
- firmware: arm_scmi: Fix the asynchronous reset requests (git-fixes).
- firmware: arm_scmi: Harden accesses to the reset domains (git-fixes).
- firmware: cs_dsp: add driver to support firmware loading on Cirrus Logic DSPs (bsc#1203699).
- firmware: cs_dsp: Add lockdep asserts to interface functions (bsc#1203699).
- firmware: cs_dsp: Add memory chunk helpers (bsc#1203699).
- firmware: cs_dsp: Add offset to cs_dsp read/write (bsc#1203699).
- firmware: cs_dsp: Add pre_run callback (bsc#1203699).
- firmware: cs_dsp: Add pre_stop callback (bsc#1203699).
- firmware: cs_dsp: Add support for rev 2 coefficient files (bsc#1203699).
- firmware: cs_dsp: Add version checks on coefficient loading (bsc#1203699).
- firmware: cs_dsp: Allow creation of event controls (bsc#1203699).
- firmware: cs_dsp: Clarify some kernel doc comments (bsc#1203699).
- firmware: cs_dsp: Clear core reset for cache (bsc#1203699).
- firmware: cs_dsp: Fix overrun of unterminated control name string (bsc#1203699).
- firmware: cs_dsp: Move lockdep asserts to avoid potential null pointer (bsc#1203699).
- firmware: cs_dsp: Perform NULL check in cs_dsp_coeff_write/read_ctrl (bsc#1203699).
- firmware: cs_dsp: Print messages from bin files (bsc#1203699).
- firmware: cs_dsp: tidy includes in cs_dsp.c and cs_dsp.h (bsc#1203699).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
- fuse: Remove the control interface for virtio-fs (bsc#1203798).
- gpio: mockup: fix NULL pointer dereference when removing debugfs (git-fixes).
- gpio: mockup: remove gpio debugfs when remove device (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
- gpio: mvebu: Fix check for pwm support on non-A8K platforms (git-fixes).
- gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully (git-fixes).
- gve: Fix GFP flags when allocing pages (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- hwmon: (gsc-hwmon) Call of_node_get() before of_find_xxx API (git-fixes).
- hwmon: (mr75203) enable polling for all VM channels (git-fixes).
- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
- hwmon: (mr75203) fix VM sensor allocation when 'intel,vm-map' not defined (git-fixes).
- hwmon: (mr75203) fix voltage equation for negative source input (git-fixes).
- hwmon: (mr75203) update pvt->v_num and vm_num to the actual number of used sensors (git-fixes).
- hwmon: (pmbus/mp2888) Fix sensors readouts for MPS Multi-phase mp2888 controller (git-fixes).
- hwmon: (tps23861) fix byte order in resistance register (git-fixes).
- i2c: acpi: Add an i2c_acpi_client_count() helper function (bsc#1203699).
- i2c: imx: If pm_runtime_get_sync() returned 1 device access is possible (git-fixes).
- i2c: mlxbf: Fix frequency calculation (git-fixes).
- i2c: mlxbf: incorrect base address passed during io write (git-fixes).
- i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (git-fixes).
- i2c: mlxbf: support lock mechanism (git-fixes).
- ice: Allow operation with reduced device MSI-X (bsc#1201987).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (git-fixes).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (git-fixes).
- ice: fix crash when writing timestamp on RX rings (git-fixes).
- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler (git-fixes).
- ice: fix possible under reporting of ethtool Tx and Rx statistics (git-fixes).
- ice: Fix race during aux device (un)plugging (git-fixes).
- ice: Match on all profiles in slow-path (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- igb: skip phy status check where unavailable (git-fixes).
- Input: goodix - add compatible string for GT1158 (git-fixes).
- Input: goodix - add support for GT1158 (git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: iqs62x-keys - drop unused device node references (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- kABI workaround for spi changes (bsc#1203699).
- kABI: Add back removed struct paca member (bsc#1203664 ltc#199236).
- kABI: fix adding another field to scsi_device (bsc#1203039).
- kABI: Fix kABI after SNP-Guest backport (jsc#SLE-19924, jsc#SLE-24814).
- kbuild: disable header exports for UML in a straightforward way (git-fixes).
- kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- KVM: SVM: Create a separate mapping for the GHCB save area (jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: Create a separate mapping for the SEV-ES save area (jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: Define sev_features and VMPL field in the VMSA (jsc#SLE-19924, jsc#SLE-24814).
- KVM: SVM: fix tsc scaling cache logic (bsc#1203263).
- KVM: SVM: Update the SEV-ES save area mapping (jsc#SLE-19924, jsc#SLE-24814).
- KVM: VMX: Heed the 'msr' argument in msr_write_intercepted() (git-fixes).
- KVM: X86: Fix when shadow_root_level=5 and guest root_level 4 (git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_send_ipi() (git-fixes).
- KVM: x86: hyper-v: HVCALL_SEND_IPI_EX is an XMM fast hypercall (git-fixes).
- KVM: x86: Move lookup of indexed CPUID leafs to helper (jsc#SLE-19924, jsc#SLE-24814).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
- lockd: detect and reject lock arguments that overflow (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- media: aspeed: Fix an error handling path in aspeed_video_probe() (git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- media: exynos4-is: Change clk_disable to clk_disable_unprepare (git-fixes).
- media: exynos4-is: Fix PM disable depth imbalance in fimc_is_probe (git-fixes).
- media: flexcop-usb: fix endpoint type check (git-fixes).
- media: imx-jpeg: Add pm-sleep support for imx-jpeg (git-fixes).
- media: imx-jpeg: Correct some definition according specification (git-fixes).
- media: imx-jpeg: Disable slot interrupt when frame done (git-fixes).
- media: imx-jpeg: Fix potential array out of bounds in queue_setup (git-fixes).
- media: imx-jpeg: Leave a blank space before the configuration data (git-fixes).
- media: imx-jpeg: Refactor function mxc_jpeg_parse (git-fixes).
- media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
- media: platform: mtk-mdp: Fix mdp_ipi_comm structure alignment.
- media: rkvdec: Disable H.264 error detection (git-fixes).
- media: st-delta: Fix PM disable depth imbalance in delta_probe (git-fixes).
- media: vsp1: Fix offset calculation for plane cropping.
- misc: cs35l41: Remove unused pdn variable (bsc#1203699).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mlxsw: i2c: Fix initialization error flow (git-fixes).
- mm: Fix PASID use-after-free issue (bsc#1203908).
- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage switch failure (git-fixes).
- mmc: hsq: Fix data stomping during mmc recovery (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mwifiex: fix sleep in atomic context bugs caused by dev_coredumpv (git-fixes).
- net: axienet: fix RX ring refill allocation failure handling (git-fixes).
- net: axienet: reset core on initialization prior to MDIO access (git-fixes).
- net: bcmgenet: hide status block before TX timestamping (git-fixes).
- net: bcmgenet: Revert 'Use stronger register read/writes to assure ordering' (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list iterator (git-fixes).
- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (git-fixes).
- net: dsa: felix: fix tagging protocol changes with multiple CPU ports (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: introduce helpers for iterating through ports using dp (git-fixes).
- net: dsa: lantiq_gswip: Do not set GSWIP_MII_CFG_RMII_CLK (git-fixes).
- net: dsa: lantiq_gswip: fix use after free in gswip_remove() (git-fixes).
- net: dsa: microchip: fix bridging with more than two member ports (git-fixes).
- net: dsa: mt7530: 1G can also support 1000BASE-X link mode (git-fixes).
- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (git-fixes).
- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (git-fixes).
- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (git-fixes).
- net: dsa: restrict SMSC_LAN9303_I2C kconfig (git-fixes).
- net: emaclite: Add error handling for of_address_to_resource() (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (git-fixes).
- net: ethernet: mv643xx: Fix over zealous checking of_get_mac_address() (git-fixes).
- net: ethernet: stmmac: fix altr_tse_pcs function when using a fixed-link (git-fixes).
- net: ethernet: stmmac: fix write to sgmii_adapter_base (git-fixes).
- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (git-fixes).
- net: ftgmac100: access hardware register after clock ready (git-fixes).
- net: hns3: add netdev reset check for hns3_set_tunable() (git-fixes).
- net: hns3: fix the concurrency between functions reading debugfs (git-fixes).
- net: ipa: get rid of a duplicate initialization (git-fixes).
- net: ipa: kill ipa_cmd_pipeline_clear() (git-fixes).
- net: ipa: record proper RX transaction count (git-fixes).
- net: macb: Fix PTP one step sync support (git-fixes).
- net: macb: Increment rx bd head after allocating skb and buffer (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (git-fixes).
- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (git-fixes).
- net: mscc: ocelot: fix all IP traffic getting trapped to CPU with PTP over IP (git-fixes).
- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (git-fixes).
- net: mscc: ocelot: fix missing unlock on error in ocelot_hwstamp_set() (git-fixes).
- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (git-fixes).
- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (git-fixes).
- net: phy: aquantia: wait for the suspend/resume operations to finish (git-fixes).
- net: phy: at803x: move page selection fix to config_init (git-fixes).
- net: phy: Do not WARN for PHY_UP state in mdio_bus_phy_resume() (git-fixes).
- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
- net: stmmac: dwmac-qcom-ethqos: add platform level clocks management (git-fixes).
- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock on resume (git-fixes).
- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (git-fixes).
- net: stmmac: enhance XDP ZC driver level switching performance (git-fixes).
- net: stmmac: fix out-of-bounds access in a selftest (git-fixes).
- net: stmmac: Fix unset max_speed difference between DT and non-DT platforms (git-fixes).
- net: stmmac: only enable DMA interrupts when ready (git-fixes).
- net: stmmac: perserve TX and RX coalesce value during XDP setup (git-fixes).
- net: stmmac: remove unused get_addr() callback (git-fixes).
- net: stmmac: Use readl_poll_timeout_atomic() in atomic state (git-fixes).
- net: systemport: Fix an error handling path in bcm_sysport_probe() (git-fixes).
- net: thunderbolt: Enable DMA paths only after rings are enabled (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- net: wwan: iosm: Call mutex_init before locking it (git-fixes).
- net: wwan: iosm: remove pointless null check (git-fixes).
- net/mlx5: CT: Fix header-rewrite re-use for tupels (git-fixes).
- net/mlx5: Drain fw_reset when removing device (git-fixes).
- net/mlx5e: Block rx-gro-hw feature in switchdev mode (git-fixes).
- net/mlx5e: Properly block HW GRO when XDP is enabled (git-fixes).
- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
- net/mlx5e: Remove HW-GRO from reported features (git-fixes).
- net/mlx5e: TC NIC mode, fix tc chains miss table (git-fixes).
- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
- net/sunrpc: fix potential memory leaks in rpc_sysfs_xprt_state_change() (git-fixes).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: fix problems with __nfs42_ssc_open (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Fix WARN_ON due to unionization of nfs_inode.nrequests (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFS: Turn off open-by-filehandle and NFS re-export for NFSv4.0 (git-fixes).
- NFS: Update mode bits after ALLOCATE and DEALLOCATE (git-fixes).
- NFSD: Clean up the show_nf_flags() macro (git-fixes).
- NFSD: eliminate the NFSD_FILE_BREAK_* flags (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- NFSD: Report RDMA connection errors to the server (git-fixes).
- NFSD: restore EINVAL error translation in nfsd_commit() (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of/fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- parisc/sticon: fix reverse colors (bsc#1152489)
- parisc/stifb: Fix fb_is_primary_device() only available with (bsc#1152489)
- parisc/stifb: Implement fb_is_primary_device() (bsc#1152489)
- parisc/stifb: Keep track of hardware path of graphics card (bsc#1152489)
- PCI: Correct misspelled words (git-fixes).
- PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited (jsc#PED-387).
- pinctrl: qcom: sc8180x: Fix gpio_wakeirq_map (git-fixes).
- pinctrl: qcom: sc8180x: Fix wrong pin numbers (git-fixes).
- pinctrl: sunxi: Fix name for A100 R_PIO (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 2 (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (bsc#1203699).
- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (bsc#1203699).
- platform/x86: serial-multi-instantiate: Add SPI support (bsc#1203699).
- platform/x86: serial-multi-instantiate: Reorganize I2C functions (bsc#1203699).
- powerpc/pseries/vas: Pass hw_cpu_id to node associativity HCALL (bsc#1194869).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (bsc#1203197 LTC#199895).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- scsi: core: Add BLIST_NO_ASK_VPD_SIZE for some VDASD (bsc#1203039).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Define static symbols (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Enhance driver tracing with separate tunable and more (bsc#1203935).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
- scsi: qla2xxx: Fix spelling mistake 'definiton' 'definition' (bsc#1203935).
- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
- scsi: smartpqi: Add module param to disable managed ints (bsc#1203893).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- selftests: Fix the if conditions of in test_extra_filter() (git-fixes).
- selftests: forwarding: add shebang for sch_red.sh (git-fixes).
- selftests: forwarding: Fix failing tests with old libnet (git-fixes).
- serial: atmel: remove redundant assignment in rs485_config (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: fsl_lpuart: Reset prior to registration (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- spi: Add API to count spi acpi resources (bsc#1203699).
- spi: Create helper API to lookup ACPI info for spi device (bsc#1203699).
- spi: dw: Fix PM disable depth imbalance in dw_spi_bt1_probe (git-fixes).
- spi: meson-spicc: do not rely on busy flag in pow2 clk ops (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: propagate error code to the caller of acpi_spi_device_alloc() (bsc#1203699).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
- spi: Return deferred probe error when controller isn't yet available (bsc#1203699).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- spi: Support selection of the index of the ACPI Spi Resource before alloc (bsc#1203699).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
- struct ehci_hcd: hide new element going into a hole (git-fixes).
- struct xhci_hcd: restore member now dynamically allocated (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix xdr_encode_bool() (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- thunderbolt: Add support for Intel Maple Ridge single port controller (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tty: serial: atmel: Preserve previous USART mode if RS485 disabled (git-fixes).
- USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: add quirks for Lenovo OneLink+ Dock (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: Drop commas after SoC match table sentinels (git-fixes).
- USB: dwc3: core: leave default DMA if the controller does not support 64-bit DMA (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
- USB: dwc3: gadget: Do not modify GEVNTCOUNT in pullup() (git-fixes).
- USB: dwc3: gadget: Refactor pullup() (git-fixes).
- USB: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
- USB: Fix ehci infinite suspend-resume loop issue in zhaoxin (git-fixes).
- USB: Fix memory leak in usbnet_disconnect() (git-fixes).
- USB: host: xhci: fix a comment typo in xhci_mem_init() (git-fixes).
- USB: host: xhci: use ffs() in xhci_mem_init() (git-fixes).
- USB: hub: avoid warm port reset during USB3 disconnect (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS 0x0b05:0x1932 to IGNORE_UAS (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- USB: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake IOM device (git-fixes).
- USB: typec: tipd: Add an additional overflow check (git-fixes).
- USB: typec: tipd: Do not read/write more bytes than required (git-fixes).
- USB: typec: ucsi: Remove incorrect warning (git-fixes).
- USB: xhci-mtk: relax TT periodic bandwidth allocation (git-fixes).
- vfio/type1: Unpin zero pages (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- video: fbdev: i740fb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
- virt: Add SEV-SNP guest driver (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add documentation for SEV-SNP CPUID Enforcement (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add support to derive key (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Add support to get extended report (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Fix bool function returning negative value (jsc#SLE-19924, jsc#SLE-24814).
- virt: sevguest: Fix return value check in alloc_shared_pages() (jsc#SLE-19924, jsc#SLE-24814).
- vrf: fix packet sniffing for traffic originating from ip tunnels (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
- wifi: ath11k: fix number of VHT beamformee spatial streams (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: mac80211_hwsim: check length for virtio packets (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
- wifi: mac80211: fix regression with non-QoS drivers (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mt76: fix reading current per-tid starting sequence number for aggregation (git-fixes).
- wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload (git-fixes).
- wifi: mt76: mt7915: do not check state before configuring implicit beamform (git-fixes).
- wifi: mt76: sdio: fix transmitting packet hangs (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
- wifi: rtlwifi: 8192de: correct checking of IQK reload (git-fixes).
- wifi: rtw88: add missing destroy_workqueue() on error path in rtw_core_init() (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync() (git-fixes).
- x86/boot: Add a pointer to Confidential Computing blob in bootparams (jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Add Confidential Computing type to setup_data (jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Introduce helpers for MSR reads/writes (jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Put globals that are accessed early into the .data section (jsc#SLE-19924, jsc#SLE-24814).
- x86/boot: Use MSR read/write helpers instead of inline assembly (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Add helper for validating pages in the decompression stage (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Export and rename add_identity_map() (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed: Use firmware-validated CPUID leaves for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Add identity mapping for Confidential Computing blob (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Add support for SEV-SNP CPUID table in #VC handlers (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/64: Detect/setup SEV/SME features earlier during boot (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI config table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI detection to helper (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI kexec handling into common code (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI system table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
- x86/compressed/acpi: Move EFI vendor table lookup to helper (jsc#SLE-19924, jsc#SLE-24814).
- x86/head/64: Re-enable stack protection (jsc#SLE-19924, jsc#SLE-24814).
- x86/ibt,ftrace: Make function-graph play nice (bsc#1203969).
- x86/kernel: Mark the .bss..decrypted section as shared in the RMP table (jsc#SLE-19924, jsc#SLE-24814).
- x86/kernel: Validate ROM memory before accessing when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/mm: Extend cc_attr to include AMD SEV-SNP (jsc#SLE-19924, jsc#SLE-24814).
- x86/mm: Validate memory when changing the C-bit (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add a helper for the PVALIDATE instruction (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add a sev= cmdline option (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add helper for validating pages in early enc attribute changes (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Add missing __init annotations to SEV init routines (jsc#SLE-19924 jsc#SLE-24814).
- x86/sev: Add SEV-SNP feature detection/setup (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Check SEV-SNP features support (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Check the VMPL level (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Detect/setup SEV/SME features earlier in boot (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Get the AP jump table address from secrets page (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Move MSR-based VMGEXITs for CPUID to helper (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Provide support for SNP guest request NAEs (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Register GHCB memory when SEV-SNP is active (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Register SEV-SNP guest request platform device (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Use firmware-validated CPUID for SEV-SNP guests (jsc#SLE-19924, jsc#SLE-24814).
- x86/sev: Use SEV-SNP AP creation to start secondary CPUs (jsc#SLE-19924, jsc#SLE-24814).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen-blkback: Advertise feature-persistent as user requested (git-fixes).
- xen-blkback: Apply 'feature_persistent' parameter when connect (git-fixes).
- xen-blkback: fix persistent grants negotiation (git-fixes).
- xen-blkfront: Advertise feature-persistent as user requested (git-fixes).
- xen-blkfront: Apply 'feature_persistent' parameter when connect (git-fixes).
- xen-blkfront: Cache feature_persistent value before advertisement (git-fixes).
- xen-blkfront: Handle NULL gendisk (git-fixes).
- xen-netback: only remove 'hotplug-status' when the vif is actually destroyed (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/grants: prevent integer overflow in gnttab_dma_alloc_pages() (git-fixes).
- xen/usb: do not use arbitrary_virt_to_machine() (git-fixes).
- xhci: Allocate separate command structures for each LPM command (git-fixes).
ImportantSUSE bug 1185032SUSE bug 1190497SUSE bug 1194023SUSE bug 1194869SUSE bug 1195917SUSE bug 1196444SUSE bug 1196869SUSE bug 1197659SUSE bug 1198189SUSE bug 1200288SUSE bug 1200622SUSE bug 1201309SUSE bug 1201310SUSE bug 1201987SUSE bug 1202095SUSE bug 1202960SUSE bug 1203039SUSE bug 1203066SUSE bug 1203101SUSE bug 1203197SUSE bug 1203263SUSE bug 1203338SUSE bug 1203360SUSE bug 1203361SUSE bug 1203389SUSE bug 1203410SUSE bug 1203505SUSE bug 1203552SUSE bug 1203664SUSE bug 1203693SUSE bug 1203699SUSE bug 1203767SUSE bug 1203769SUSE bug 1203770SUSE bug 1203794SUSE bug 1203798SUSE bug 1203893SUSE bug 1203902SUSE bug 1203906SUSE bug 1203908SUSE bug 1203935SUSE bug 1203939SUSE bug 1203987SUSE bug 1203992SUSE bug 1204051SUSE bug 1204059SUSE bug 1204060SUSE bug 1204125CVE-2022-1263 at SUSECVE-2022-1263 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-3202 at SUSECVE-2022-3202 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Important)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:sle-micro:5.3Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.3
This update for protobuf fixes the following issues:
- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)
ImportantSUSE bug 1194530SUSE bug 1203681SUSE bug 1204256CVE-2021-22569 at SUSECVE-2021-22569 at NVDCVE-2022-1941 at SUSECVE-2022-1941 at NVDCVE-2022-3171 at SUSECVE-2022-3171 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-rsa (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-rsa fixes the following issues:
- CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676).
ModerateSUSE bug 1178676CVE-2020-25658 at SUSECVE-2020-25658 at NVDcpe:/o:suse:sle-micro:5.3Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libarchive fixes the following issues:
- CVE-2021-31566: Fixed vulnerability where libarchive modifies file flags of symlink target (bsc#1192426)
- Fixed issue where processing fixup entries may follow symbolic links (bsc#1192427).
ModerateSUSE bug 1192426SUSE bug 1192427CVE-2021-31566 at SUSECVE-2021-31566 at NVDcpe:/o:suse:sle-micro:5.3Security update for kubevirt stack (Important)SUSE Linux Enterprise Micro 5.3
This update provides rebuilds of the kubevirt containers with up to date base images,
fixing various security issues.
Importantcpe:/o:suse:sle-micro:5.3Security update for containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.3
This update rebuilds the current containeried data importer images against
current base images, to fix security issues.
Importantcpe:/o:suse:sle-micro:5.3Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libX11 fixes the following issues:
- CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422).
- CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425).
ModerateSUSE bug 1204422SUSE bug 1204425CVE-2022-3554 at SUSECVE-2022-3554 at NVDCVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:sle-micro:5.3Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for systemd fixes the following issues:
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
- Import commit 0cd50eedcc0692c1f907b24424215f8db7d3b428
* 0469b9f2bc pstore: do not try to load all known pstore modules
* ad05f54439 pstore: Run after modules are loaded
* ccad817445 core: Add trigger limit for path units
* 281d818fe3 core/mount: also add default before dependency for automount mount units
* ffe5b4afa8 logind: fix crash in logind on user-specified message string
- Document udev naming scheme (bsc#1204179)
- Make 'sle15-sp3' net naming scheme still available for backward compatibility
reason
ModerateSUSE bug 1204179SUSE bug 1204968CVE-2022-3821 at SUSECVE-2022-3821 at NVDcpe:/o:suse:sle-micro:5.3Security update for sudo (Important)SUSE Linux Enterprise Micro 5.3
This update for sudo fixes the following issues:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a password of seven characters or fewer and using the crypt() password backend (bsc#1204986).
ImportantSUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923).
ImportantSUSE bug 1027519SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204483SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33747 at SUSECVE-2022-33747 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDCVE-2022-42327 at SUSECVE-2022-42327 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-28748: Fixed a leak of kernel memory over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-1882: Fixed a use-after-free flaw in free_pipe_info() that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1199904).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
- CVE-2022-3169: Fixed an denial of service though request to NVME_IOCTL_RESET and NVME_IOCTL_SUBSYS_RESET (bsc#1203290).
- CVE-2022-33981: Fixed a use-after-free in floppy driver (bnc#1200692).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-3526: Fixed a memory leak in macvlan_handle_frame() from drivers/net/macvlan.c (bnc#1204353).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-40476: Fixed a null pointer dereference in fs/io_uring.c (bnc#1203435).
- CVE-2022-40768: Fixed information disclosure in stex_queuecommand_lck (bnc#1203514).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
- acpi: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
- acpi: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
- acpi: extlog: Handle multiple records (git-fixes).
- acpi: tables: FPDT: Do not call acpi_os_map_memory() on invalid phys address (git-fixes).
- acpi: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
- acpi: video: Make backlight class device registration a separate step (v2) (git-fixes).
- acpi: x86: Add a quirk for Dell Inspiron 14 2-in-1 for StorageD3Enable (git-fixes).
- alsa: Use del_timer_sync() before freeing timer (git-fixes).
- alsa: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
- alsa: aoa: Fix I2S device accounting (git-fixes).
- alsa: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
- alsa: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
- alsa: au88x0: use explicitly signed char (git-fixes).
- alsa: dmaengine: increment buffer pointer atomically (git-fixes).
- alsa: hda/cs_dsp_ctl: Fix mutex inversion when creating controls (bsc#1203699).
- alsa: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
- alsa: hda/hdmi: Fix the converter allocation for the silent stream (git-fixes).
- alsa: hda/hdmi: Fix the converter reuse for the silent stream (git-fixes).
- alsa: hda/hdmi: change type for the 'assigned' variable (git-fixes).
- alsa: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
- alsa: hda/realtek: Add another HP ZBook G9 model quirks (bsc#1203699).
- alsa: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (bsc#1203922).
- alsa: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
- alsa: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
- alsa: hda: Fix position reporting on Poulsbo (git-fixes).
- alsa: hda: cs35l41: Remove suspend/resume hda hooks (bsc#1203699).
- alsa: hda: cs35l41: Support System Suspend (bsc#1203699).
- alsa: hda: hda_cs_dsp_ctl: Ensure pwr_lock is held before reading/writing controls (bsc#1203699).
- alsa: hda: hda_cs_dsp_ctl: Minor clean and redundant code removal (bsc#1203699).
- alsa: hiface: fix repeated words in comments (git-fixes).
- alsa: line6: Replace sprintf() with sysfs_emit() (git-fixes).
- alsa: line6: remove line6_set_raw declaration (git-fixes).
- alsa: oss: Fix potential deadlock at unregistration (git-fixes).
- alsa: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
- alsa: rme9652: use explicitly signed char (git-fixes).
- alsa: scarlett2: Add Focusrite Clarett+ 8Pre support (git-fixes).
- alsa: scarlett2: Add support for the internal 'standalone' switch (git-fixes).
- alsa: scarlett2: Split scarlett2_config_items[] into 3 sections (git-fixes).
- alsa: usb-audio: Add mixer mapping for Gigabyte B450/550 Mobos (git-fixes).
- alsa: usb-audio: Add quirk to enable Avid Mbox 3 support (git-fixes).
- alsa: usb-audio: Add quirks for M-Audio Fast Track C400/600 (git-fixes).
- alsa: usb-audio: Fix NULL dererence at error path (git-fixes).
- alsa: usb-audio: Fix last interface check for registration (git-fixes).
- alsa: usb-audio: Fix potential memory leaks (git-fixes).
- alsa: usb-audio: Fix regression with Dell Dock jack detection (bsc#1204719).
- alsa: usb-audio: Register card at the last interface (git-fixes).
- alsa: usb-audio: make read-only array marker static const (git-fixes).
- alsa: usb-audio: remove redundant assignment to variable c (git-fixes).
- alsa: usb-audio: scarlett2: Use struct_size() helper in scarlett2_usb() (git-fixes).
- alsa: usb/6fire: fix repeated words in comments (git-fixes).
- arm64/bti: Disable in kernel BTI when cross section thunks are broken (git-fixes)
- arm64/mm: Consolidate TCR_EL1 fields (git-fixes).
- arm64: dts: imx8mp: Add snps,gfladj-refclk-lpm-sel quirk to USB nodes (git-fixes).
- arm64: dts: imx8mq-librem5: Add bq25895 as max17055's power supply (git-fixes).
- arm64: dts: qcom: sc7280: Cleanup the lpasscc node (git-fixes).
- arm64: dts: ti: k3-j7200: fix main pinmux range (git-fixes).
- arm64: ftrace: fix module PLTs with mcount (git-fixes).
- arm64: mte: Avoid setting PG_mte_tagged if no tags cleared or restored (git-fixes).
- arm64: topology: move store_cpu_topology() to shared code (git-fixes).
- arm: 9242/1: kasan: Only map modules if CONFIG_KASAN_VMALLOC=n (git-fixes).
- arm: 9244/1: dump: Fix wrong pg_level in walk_pmd() (git-fixes).
- arm: 9247/1: mm: set readonly for MT_MEMORY_RO with ARM_LPAE (git-fixes).
- arm: Drop CMDLINE_* dependency on ATAGS (git-fixes).
- arm: decompressor: Include .data.rel.ro.local (git-fixes).
- arm: defconfig: clean up multi_v4t and multi_v5 configs (git-fixes).
- arm: defconfig: drop CONFIG_PTP_1588_CLOCK=y (git-fixes).
- arm: defconfig: drop CONFIG_SERIAL_OMAP references (git-fixes).
- arm: defconfig: drop CONFIG_USB_FSL_USB2 (git-fixes).
- arm: dts: armada-38x: Add gpio-ranges for pin muxing (git-fixes).
- arm: dts: exynos: correct s5k6a3 reset polarity on Midas family (git-fixes).
- arm: dts: exynos: fix polarity of VBUS GPIO of Origen (git-fixes).
- arm: dts: fix Moxa SDIO 'compatible', remove 'sdhci' misnomer (git-fixes).
- arm: dts: imx6dl: add missing properties for sram (git-fixes).
- arm: dts: imx6q: add missing properties for sram (git-fixes).
- arm: dts: imx6qdl-kontron-samx6i: hook up DDC i2c bus (git-fixes).
- arm: dts: imx6qp: add missing properties for sram (git-fixes).
- arm: dts: imx6sl: add missing properties for sram (git-fixes).
- arm: dts: imx6sll: add missing properties for sram (git-fixes).
- arm: dts: imx6sx: add missing properties for sram (git-fixes).
- arm: dts: imx7d-sdb: config the max pressure for tsc2046 (git-fixes).
- arm: dts: integrator: Tag PCI host with device_type (git-fixes).
- arm: dts: kirkwood: lsxl: fix serial line (git-fixes).
- arm: dts: kirkwood: lsxl: remove first ethernet port (git-fixes).
- arm: dts: turris-omnia: Add label for wan port (git-fixes).
- arm: dts: turris-omnia: Fix mpp26 pin name and comment (git-fixes).
- asoc: SOF: pci: Change DMI match info to support all Chrome platforms (git-fixes).
- asoc: codecs: tx-macro: fix kcontrol put (git-fixes).
- asoc: da7219: Fix an error handling path in da7219_register_dai_clks() (git-fixes).
- asoc: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
- asoc: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- asoc: mt6359: fix tests for platform_get_irq() failure (git-fixes).
- asoc: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
- asoc: qcom: lpass-cpu: Mark HDMI TX parity register as volatile (git-fixes).
- asoc: qcom: lpass-cpu: mark HDMI TX registers as volatile (git-fixes).
- asoc: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- asoc: tas2764: Allow mono streams (git-fixes).
- asoc: tas2764: Drop conflicting set_bias_level power setting (git-fixes).
- asoc: tas2764: Fix mute/unmute (git-fixes).
- asoc: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
- asoc: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
- asoc: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
- asoc: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
- asoc: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
- asoc: wm_adsp: Handle optional legacy support (git-fixes).
- ata: ahci-imx: Fix MODULE_ALIAS (git-fixes).
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- bluetooth: L2CAP: Fix user-after-free (git-fixes).
- bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
- bluetooth: RFCOMM: Fix possible deadlock on socket shutdown/release (git-fixes).
- bluetooth: btintel: Mark Intel controller to support LE_STATES quirk (git-fixes).
- bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
- bluetooth: virtio_bt: Use skb_put to set length (git-fixes).
- bnxt_en: Fix bnxt_refclk_read() (git-fixes).
- bnxt_en: Fix bnxt_reinit_after_abort() code path (git-fixes).
- bnxt_en: fix livepatch query (git-fixes).
- bnxt_en: reclaim max resources if sriov enable fails (git-fixes).
- bonding: 802.3ad: fix no transmission of LACPDUs (git-fixes).
- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
- can: j1939: transport: j1939_session_skb_drop_old(): spin_unlock_irqrestore() before kfree_skb() (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (git-fixes).
- can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
- can: mcp251x: mcp251x_can_probe(): add missing unregister_candev() in error path (git-fixes).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness conversion (git-fixes).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct length to read dev_id (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
- clk: ast2600: BCLK comes from EPLL (git-fixes).
- clk: at91: fix the build with binutils 2.27 (git-fixes).
- clk: baikal-t1: Add SATA internal ref clock buffer (git-fixes).
- clk: baikal-t1: Add shared xGMAC ref/ptp clocks internal parent (git-fixes).
- clk: baikal-t1: Fix invalid xGMAC PTP clock divider (git-fixes).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: bcm2835: Round UART input clock up (bsc#1188238)
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
- clk: bcm: rpi: Add support for VEC clock (bsc#1196632)
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: imx: scu: fix memleak on platform_device_add() fails (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
- clk: meson: Hold reference returned by of_get_parent() (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
- clk: qcom: apss-ipq6018: mark apcs_alias0_core_clk as critical (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
- clk: sprd: Hold reference returned by of_get_parent() (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
- clk: vc5: Fix 5P49V6901 outputs disabling when enabling FOD (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
- cpufreq: qcom: fix memory leak in error path (git-fixes).
- cpufreq: qcom: fix writes in read-only memory region (git-fixes).
- crypto: akcipher - default implementation for setting a private key (git-fixes).
- crypto: cavium - prevent integer overflow loading firmware (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
- crypto: inside-secure - Change swab to swab32 (git-fixes).
- crypto: inside-secure - Replace generic aes with libaes (git-fixes).
- crypto: marvell/octeontx - prevent integer overflows (git-fixes).
- crypto: qat - fix default value of WDT timer (git-fixes).
- crypto: sahara - do not sleep when in softirq (git-fixes).
- device property: Fix documentation for *_match_string() APIs (git-fixes).
- dmaengine: hisilicon: Add multi-thread support for a DMA channel (git-fixes).
- dmaengine: hisilicon: Disable channels when unregister hisi_dma (git-fixes).
- dmaengine: hisilicon: Fix CQ head update (git-fixes).
- dmaengine: idxd: change bandwidth token to read buffers (jsc#PED-679).
- dmaengine: idxd: deprecate token sysfs attributes for read buffers (jsc#PED-679).
- dmaengine: idxd: force wq context cleanup on device disable path (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
- dmaengine: mxs: use platform_driver_register (git-fixes).
- dmaengine: ti: k3-udma: Reset UDMA_CHAN_RT byte counters to prevent overflow (git-fixes).
- dmaengine: xilinx_dma: Fix devm_platform_ioremap_resource error handling (git-fixes).
- dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
- dpaa2-eth: trace the allocated address instead of page struct (git-fixes).
- drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- drm/amd/display: Assume an LTTPR is always present on fixed_vs links (git-fixes).
- drm/amd/display: Changed pipe split policy to allow for multi-display (bsc#1152472) Backporting notes: * remove changes to non-existing 201 and 31 directories
- drm/amd/display: Correct MPC split policy for DCN301 (git-fixes).
- drm/amd/display: Fix build breakage with CONFIG_DEBUG_FS=n (git-fixes).
- drm/amd/display: Fix double cursor on non-video RGB MPO (git-fixes).
- drm/amd/display: Fix vblank refcount in vrr transition (git-fixes).
- drm/amd/display: Remove interface for periodic interrupt 1 (git-fixes).
- drm/amd/display: skip audio setup when audio stream is enabled (git-fixes).
- drm/amd/display: update gamut remap if plane has changed (git-fixes).
- drm/amd/pm: smu7_hwmgr: fix potential off-by-one overflow in 'performance_levels' (git-fixes).
- drm/amdgpu/display: change pipe policy for DCN 2.0 (git-fixes).
- drm/amdgpu/display: change pipe policy for DCN 2.1 (git-fixes).
- drm/amdgpu/gfx10: add wraparound gpu counter check for APUs as well (bsc#1152472) Backporting notes: * also fix default branch
- drm/amdgpu/gfx9: switch to golden tsc registers for renoir+ (bsc#1152472) Backporting notes: * replace IP_VERSION() with CHIP_ constants
- drm/amdgpu: add missing pci_disable_device() in amdgpu_pmops_runtime_resume() (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm/amdgpu: fix sdma doorbell init ordering on APUs (git-fixes).
- drm/amdkfd: Fix memory leak in kfd_mem_dmamap_userptr() (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
- drm/i915/dp: Reset frl trained flag before restarting FRL training (git-fixes).
- drm/i915/ehl: Update MOCS table for EHL (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
- drm/i915/hdmi: convert intel_hdmi_to_dev to intel_hdmi_to_i915 (bsc#1152489)
- drm/i915: Reject unsupported TMDS rates on ICL+ (git-fixes).
- drm/komeda: Fix handling of atomic commits in the atomic_commit_tail hook (git-fixes).
- drm/meson: explicitly remove aggregate driver at module unload time (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/msm/dp: Silence inconsistent indent warning (git-fixes).
- drm/msm/dp: correct 1.62G link rate at dp_catalog_ctrl_config_msa() (git-fixes).
- drm/msm/dp: fix IRQ lifetime (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
- drm/msm: fix use-after-free on probe deferral (git-fixes).
- drm/nouveau/kms/nv140-: Disable interlacing (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
- drm/nouveau: wait for the exclusive fence after the shared ones v2 (bsc#1152472) Backporting notes: * context changes
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/virtio: Check whether transferred 2D BO is shmem (git-fixes).
- drm/virtio: Unlock reservations on virtio_gpu_object_shmem_init() error (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
- drm: bridge: dw_hdmi: only trigger hotplug event on link change (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
- drop Dell Dock regression fix patch again (bsc#1204719)
- drop verbose nvme logging feature (bsc#1200567)
- dt-bindings: crypto: ti,sa2ul: drop dma-coherent property (git-fixes).
- dt-bindings: display/msm: dpu-sc7180: add missing DPU opp-table (git-fixes).
- dt-bindings: display/msm: dpu-sdm845: add missing DPU opp-table (git-fixes).
- dt-bindings: mtd: intel: lgm-nand: Fix compatible string (git-fixes).
- dt-bindings: mtd: intel: lgm-nand: Fix maximum chip select value (git-fixes).
- dt-bindings: pci: microchip,pcie-host: fix missing clocks properties (git-fixes).
- dt-bindings: pci: microchip,pcie-host: fix missing dma-ranges (git-fixes).
- dt-bindings: phy: qcom,qmp-usb3-dp: fix bogus clock-cells property (git-fixes).
- dt-bindings: phy: qcom,qmp: fix bogus clock-cells property (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dyndbg: fix static_branch manipulation (git-fixes).
- dyndbg: let query-modname override actual module name (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- fec: Fix timer capture timing in `fec_ptp_enable_pps()` (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
- firmware: arm_scmi: Harden accesses to the sensor domains (git-fixes).
- firmware: arm_scmi: Improve checks in the info_get operations (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
- fs/binfmt_elf: Fix memory leak in load_elf_binary() (git-fixes).
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- fuse: fix deadlock between atomic O_TRUNC and page invalidation (bsc#1204533).
- gcov: support GCC 12.1 and newer compilers (git-fixes).
- gpu: lontium-lt9611: Fix NULL pointer dereference in lt9611_connector_init() (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
- hid: hidraw: fix memory leak in hidraw_release() (git-fixes).
- hid: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
- hid: multitouch: Add memory barriers (git-fixes).
- hid: roccat: Fix use-after-free in roccat_read() (git-fixes).
- hinic: Avoid some over memory allocation (git-fixes).
- hsi: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- hsi: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- hwmon: (sht4x) do not overflow clamping operation on 32-bit platforms (git-fixes).
- i2c: designware: Fix handling of real but unexpected device interrupts (git-fixes).
- i2c: i801: Add support for Intel Ice Lake PCH-N (jsc#PED-634).
- i2c: i801: Add support for Intel Meteor Lake-P (jsc#PED-732).
- i2c: i801: Add support for Intel Raptor Lake PCH-S (jsc#PED-634).
- i2c: i801: Improve handling of chip-specific feature definitions (jsc#PED-634).
- i2c: qcom-cci: Fix ordering of pm_runtime_xx and i2c_add_adapter (git-fixes).
- i40e: Fix call trace in setup_tx_descriptors (git-fixes).
- i40e: Fix dropped jumbo frames statistics (git-fixes).
- i40e: Fix to stop tx_timeout recovery if GLOBR fails (git-fixes).
- iavf: Fix adminq error handling (git-fixes).
- iavf: Fix handling of dummy receive descriptors (git-fixes).
- iavf: Fix reset error handling (git-fixes).
- ib/core: Fix a nested dead lock as part of ODP flow (git-fixes)
- ib/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- ice: Fix switchdev rules book keeping (git-fixes).
- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (git-fixes).
- ice: do not setup vlan for loopback VSI (git-fixes).
- igb: Make DMA faster when CPU is active on the PCIe link (git-fixes).
- igb: fix a use-after-free issue in igb_clean_tx_ring (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: disable/prepare buffer on suspend/resume (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: adxl372: Fix unsafe buffer attributes (git-fixes).
- iio: bmc150-accel-core: Fix unsafe buffer attributes (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
- iio: inkern: fix return value in devm_of_iio_channel_get_by_name() (git-fixes).
- iio: inkern: only release the device node when done with it (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- iio: ltc2497: Fix reading conversion results (git-fixes).
- iio: magnetometer: yas530: Change data type of hard_offsets to signed (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- iio: temperature: ltc2983: allocate iio channels once (git-fixes).
- ima: fix blocking of security.ima xattrs of unsupported algorithms (git-fixes).
- input: i8042 - fix refount leak on sparc (git-fixes).
- input: synaptics-rmi4 - fix firmware update operations with bootloader v8 (git-fixes).
- input: xpad - add supported devices as contributed on github (git-fixes).
- input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
- iommu/vt-d: Do not falsely log intel_iommu is unsupported kernel option (bsc#1204947).
- ip: Fix data-races around sysctl_ip_fwd_update_priority (git-fixes).
- ipv4: Fix data-races around sysctl_fib_multipath_hash_policy (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (git-fixes).
- ixgbe: fix bcast packets Rx on VF after promisc removal (git-fixes).
- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- kABI: Fix kABI after backport Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes).
- kABI: Fix kABI after backport Always set kvm_run->if_flag (git-fixes).
- kABI: Fix kABI after backport Forcibly leave nested virt when SMM state is toggled (git-fixes).
- kABI: Fix kABI after backport Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes).
- kABI: Fix kABI after backport Update vPMCs when retiring branch instructions (git-fixes).
- kabi/severities: ignore CS35L41-specific exports (bsc#1203699)
- kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
- kbuild: remove the target in signal traps when interrupted (git-fixes).
- kbuild: rpm-pkg: fix breakage when V=1 is used (git-fixes).
- kernfs: fix use-after-free in __kernfs_remove (git-fixes).
- kselftest/arm64: Fix validatation termination record after EXTRA_CONTEXT (git-fixes).
- kvm: SVM: Exit to userspace on ENOMEM/EFAULT GHCB errors (git-fixes).
- kvm: VMX: Inject #PF on ENCLS as 'emulated' #PF (git-fixes).
- kvm: fix avic_set_running for preemptable kernels (git-fixes).
- kvm: nVMX: Ignore SIPI that arrives in L2 when vCPU is not in WFS (git-fixes).
- kvm: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
- kvm: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- kvm: s390: pv: do not present the ecall interrupt twice (bsc#1203229 LTC#199905).
- kvm: s390x: fix SCK locking (git-fixes).
- kvm: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
- kvm: x86/mmu: Do not advance iterator after restart due to yielding (git-fixes).
- kvm: x86/mmu: Retry page fault if root is invalidated by memslot update (git-fixes).
- kvm: x86/pmu: Add pmc->intr to refactor kvm_perf_overflow{_intr}() (git-fixes).
- kvm: x86/pmu: Do not truncate the PerfEvtSeln MSR when creating a perf event (git-fixes).
- kvm: x86/pmu: Fix available_event_types check for REF_CPU_CYCLES event (git-fixes).
- kvm: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id() (git-fixes).
- kvm: x86: Add KVM_CAP_ENABLE_CAP to x86 (git-fixes).
- kvm: x86: Add compat handler for KVM_X86_SET_MSR_FILTER (git-fixes).
- kvm: x86: Always set kvm_run->if_flag (git-fixes).
- kvm: x86: Forcibly leave nested virt when SMM state is toggled (git-fixes).
- kvm: x86: Inject #UD on emulated XSETBV if XSAVES isn't enabled (git-fixes).
- kvm: x86: Keep MSR_IA32_XSS unchanged for INIT (git-fixes).
- kvm: x86: Register perf callbacks after calling vendor's hardware_setup() (git-fixes).
- kvm: x86: Sync the states size with the XCR0/IA32_XSS at, any time (git-fixes).
- kvm: x86: Update vPMCs when retiring branch instructions (git-fixes).
- kvm: x86: Update vPMCs when retiring instructions (git-fixes).
- kvm: x86: do not report preemption if the steal time cache is stale (git-fixes).
- kvm: x86: nSVM/nVMX: set nested_run_pending on VM entry which is a result of RSM (git-fixes).
- kvm: x86: nSVM: fix potential NULL derefernce on nested migration (git-fixes).
- kvm: x86: nSVM: mark vmcb01 as dirty when restoring SMM saved state (git-fixes).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
- livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995).
- livepatch: fix race between fork and KLP transition (bsc#1071995).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- macvlan: enforce a consistent minimal mtu (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
- mailbox: mpfs: account for mbox offsets while sending (git-fixes).
- mailbox: mpfs: fix handling of the reg property (git-fixes).
- media: atomisp: prevent integer overflow in sh_css_set_black_frame() (git-fixes).
- media: cedrus: Fix endless loop in cedrus_h265_skip_bits() (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
- media: ipu3-imgu: Fix NULL pointer dereference in active selection access (git-fixes).
- media: mceusb: set timeout to at least timeout provided (git-fixes).
- media: meson: vdec: add missing clk_disable_unprepare on error in vdec_hevc_start() (git-fixes).
- media: uvcvideo: Fix memory leak in uvc_gpio_parse (git-fixes).
- media: uvcvideo: Use entity get_cur in uvc_ctrl_set (git-fixes).
- media: v4l2-compat-ioctl32.c: zero buffer passed to v4l2_compat_get_array_args() (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
- media: vivid: dev->bitmap_cap wasn't freed in all cases (git-fixes).
- media: vivid: s_fbuf: add more sanity checks (git-fixes).
- media: vivid: set num_in/outputs to 0 if not supported (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
- memory: of: Fix refcount leak bug in of_lpddr3_get_ddr_timings() (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
- mfd: fsl-imx25: Fix check for platform_get_irq() errors (git-fixes).
- mfd: intel-lpss: Add Intel Raptor Lake PCH-S PCI IDs (jsc#PED-634).
- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
- mfd: sm501: Add check for platform_driver_register() (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
- misc: pci_endpoint_test: Aggregate params checking for xfer (git-fixes).
- misc: pci_endpoint_test: Fix pci_endpoint_test_{copy,write,read}() panic (git-fixes).
- mlxsw: spectrum: Clear PTP configuration after unregistering the netdevice (git-fixes).
- mlxsw: spectrum_cnt: Reorder counter pools (git-fixes).
- mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication (git-fixes).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
- mmc: core: Replace with already defined values for readability (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
- mmc: sdhci-esdhc-imx: Propagate ESDHC_FLAG_HS400* only on 8bit bus (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
- mmc: sdhci-pci-core: Disable ES for ASUS BIOS on Jasper Lake (git-fixes).
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- mmc: sdhci_am654: 'select', not 'depends' REGMAP_MMIO (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
- move upstreamed BT fixes into sorted section
- move upstreamed patches into sorted section
- move upstreamed sound patches into sorted section
- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: fsl_elbc: Fix none ECC mode (git-fixes).
- mtd: rawnand: intel: Do not re-define NAND_DATA_IFACE_CHECK_ONLY (git-fixes).
- mtd: rawnand: intel: Read the chip-select line from the correct OF node (git-fixes).
- mtd: rawnand: intel: Remove undocumented compatible string (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
- net/dsa/hirschmann: Add missing of_node_get() in hellcreek_led_setup() (git-fixes).
- net/ice: fix initializing the bitmap in the switch code (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (git-fixes).
- net/mlx5e: Fix enabling sriov while tc nic rules are offloaded (git-fixes).
- net/mlx5e: Properly disable vlan strip on non-UL reps (git-fixes).
- net/mlx5e: Remove WARN_ON when trying to offload an unsupported TLS cipher/version (git-fixes).
- net/mlx5e: Ring the TX doorbell on DMA errors (git-fixes).
- net/mlx5e: TC, fix decap fallback to uplink when int port not supported (git-fixes).
- net/mlx5e: Update netdev features after changing XDP state (git-fixes).
- net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ size (git-fixes).
- net: altera: Fix refcount leak in altera_tse_mdio_create (git-fixes).
- net: atlantic: fix aq_vec index out of range error (git-fixes).
- net: bcmgenet: Indicate MAC is in charge of PHY PM (git-fixes).
- net: bgmac: Fix a BUG triggered by wrong bytes_compl (git-fixes).
- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (git-fixes).
- net: bgmac: support MDIO described in DT (git-fixes).
- net: bonding: fix possible NULL deref in rlb code (git-fixes).
- net: bonding: fix use-after-free after 802.3ad slave unbind (git-fixes).
- net: chelsio: cxgb4: Avoid potential negative array offset (git-fixes).
- net: dp83822: disable false carrier interrupt (git-fixes).
- net: dp83822: disable rx error interrupt (git-fixes).
- net: dsa: bcm_sf2: force pause link settings (git-fixes).
- net: dsa: ksz9477: port mirror sniffing limited to one port (git-fixes).
- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (git-fixes).
- net: dsa: microchip: ksz9477: fix fdb_dump last invalid entry (git-fixes).
- net: dsa: microchip: ksz_common: Fix refcount leak bug (git-fixes).
- net: dsa: mv88e6060: prevent crash on an unused port (git-fixes).
- net: dsa: mv88e6xxx: use BMSR_ANEGCOMPLETE bit for filling an_complete (git-fixes).
- net: dsa: sja1105: fix buffer overflow in sja1105_setup_devlink_regions() (git-fixes).
- net: dsa: sja1105: silent spi_device_id warnings (git-fixes).
- net: dsa: vitesse-vsc73xx: silent spi_device_id warnings (git-fixes).
- net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register (git-fixes).
- net: ethernet: ti: am65-cpsw: Fix devlink port register sequence (git-fixes).
- net: ethernet: ti: davinci_mdio: Add workaround for errata i2329 (git-fixes).
- net: ethernet: ti: davinci_mdio: fix build for mdio bitbang uses (git-fixes).
- net: fix IFF_TX_SKB_NO_LINEAR definition (git-fixes).
- net: ftgmac100: Hold reference returned by of_get_child_by_name() (git-fixes).
- net: hns3: do not push link state to VF if unalive (git-fixes).
- net: hns3: set port base vlan tbl_sta to false before removing old vlan (git-fixes).
- net: huawei: hinic: Use devm_kcalloc() instead of devm_kzalloc() (git-fixes).
- net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
- net: ipa: do not assume SMEM is page-aligned (git-fixes).
- net: ipvtap - add __init/__exit annotations to module init/exit funcs (git-fixes).
- net: moxa: get rid of asymmetry in DMA mapping/unmapping (git-fixes).
- net: moxa: pass pdev instead of ndev to DMA functions (git-fixes).
- net: mscc: ocelot: fix address of SYS_COUNT_TX_AGING counter (git-fixes).
- net: pcs: xpcs: propagate xpcs_read error to xpcs_get_state_c37_sgmii (git-fixes).
- net: phy: dp83822: disable MDI crossover status change interrupt (git-fixes).
- net: phy: dp83867: Extend RX strap quirk for SGMII mode (git-fixes).
- net: stmmac: fix dma queue left shift overflow issue (git-fixes).
- net: stmmac: fix leaks in probe (git-fixes).
- net: stmmac: fix pm runtime issue in stmmac_dvr_remove() (git-fixes).
- net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow (git-fixes).
- net: stmmac: remove redunctant disable xPCS EEE call (git-fixes).
- net: sungem_phy: Add of_node_put() for reference returned by of_get_parent() (git-fixes).
- net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: r8152: Add in new Devices that are supported for Mac-Passthru (git-fixes).
- netdevsim: fib: Fix reference count leak on route deletion failure (git-fixes).
- nfc: fdp: Fix potential memory leak in fdp_nci_send() (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfp: ethtool: fix the display error of `ethtool -m DEVNAME` (git-fixes).
- nfs: Fix another fsync() issue after a server reboot (git-fixes).
- nfsv4: Fixes for nfs4_inode_return_delegation() (git-fixes).
- nvme: do not print verbose errors for internal passthrough requests (bsc#1202187).
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- octeontx2-af: Apply tx nibble fixup always (git-fixes).
- octeontx2-af: Fix key checking for source mac (git-fixes).
- octeontx2-af: Fix mcam entry resource leak (git-fixes).
- octeontx2-af: suppress external profile loading warning (git-fixes).
- octeontx2-pf: Fix NIX_AF_TL3_TL2X_LINKX_CFG register configuration (git-fixes).
- octeontx2-pf: Fix UDP/TCP src and dst port tc filters (git-fixes).
- octeontx2-pf: cn10k: Fix egress ratelimit configuration (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
- openvswitch: add nf_ct_is_confirmed check before assigning the helper (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- overflow.h: restore __ab_c_size (git-fixes).
- overflow: Implement size_t saturating arithmetic helpers (jsc#PED-1211).
- pci/aspm: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
- pci/aspm: Ignore L1 PM Substates if device lacks capability (git-fixes).
- pci: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
- pci: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
- pci: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- pci: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- pci: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- pci: mediatek-gen3: Change driver name to mtk-pcie-gen3 (git-fixes).
- phy: amlogic: phy-meson-axg-mipi-pcie-analog: Hold reference returned by of_get_parent() (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
- pinctrl: Ingenic: JZ4755 bug fixes (git-fixes).
- pinctrl: alderlake: Add Intel Alder Lake-N pin controller support (jsc#PED-676).
- pinctrl: alderlake: Add Raptor Lake-S ACPI ID (jsc#PED-634).
- pinctrl: alderlake: Fix register offsets for ADL-N variant (jsc#PED-676).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
- pinctrl: microchip-sgpio: Correct the fwnode_irq_get() return value check (git-fixes).
- platform/chrome: cros_ec: Notify the PM of wake events during resume (git-fixes).
- platform/chrome: cros_ec_proto: Update version on GET_NEXT_EVENT failure (git-fixes).
- platform/chrome: cros_ec_typec: Correct alt mode index (git-fixes).
- platform/chrome: fix double-free in chromeos_laptop_prepare() (git-fixes).
- platform/chrome: fix memory corruption in ioctl (git-fixes).
- platform/x86: asus-wmi: Document the dgpu_disable sysfs attribute (git-fixes).
- platform/x86: asus-wmi: Document the egpu_enable sysfs attribute (git-fixes).
- platform/x86: asus-wmi: Document the panel_od sysfs attribute (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- plip: avoid rcu debug splat (git-fixes).
- pm: domains: Fix handling of unavailable/disabled idle states (git-fixes).
- pm: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
- powerpc/64: pcpu setup avoid reading mmu_linear_psize on 64e or radix (bsc#1204413 ltc#200176).
- powerpc/64s: Fix build failure when CONFIG_PPC_64S_HASH_MMU is not set (bsc#1204413 ltc#200176).
- powerpc/64s: Make flush_and_reload_slb a no-op when radix is enabled (bsc#1204413 ltc#200176).
- powerpc/64s: Make hash MMU support configurable (bsc#1204413 ltc#200176).
- powerpc/64s: Move and rename do_bad_slb_fault as it is not hash specific (bsc#1204413 ltc#200176).
- powerpc/64s: Move hash MMU support code under CONFIG_PPC_64S_HASH_MMU (bsc#1204413 ltc#200176).
- powerpc/64s: Rename hash_hugetlbpage.c to hugetlbpage.c (bsc#1204413 ltc#200176).
- powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
- powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
- powerpc/pseries/vas: Add VAS IRQ primary handler (bsc#1204413 ltc#200176).
- powerpc/pseries: Stop selecting PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176).
- powerpc/pseries: lparcfg do not include slb_size line in radix mode (bsc#1204413 ltc#200176).
- powerpc: Ignore DSI error caused by the copy/paste instruction (bsc#1204413 ltc#200176).
- powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE (bsc#1204413 ltc#200176). Update config files.
- powerpc: make memremap_compat_align 64s-only (bsc#1204413 ltc#200176).
- printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
- printk: use atomic updates for klogd work (bsc#1204934).
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- rdma/cma: Fix arguments order in net device validation (git-fixes)
- rdma/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- rdma/hns: Add the detection for CMDQ status in the device initialization process (git-fixes)
- rdma/irdma: Add support for address handle re-use (git-fixes)
- rdma/irdma: Align AE id codes to correct flush code and event (git-fixes)
- rdma/irdma: Do not advertise 1GB page size for x722 (git-fixes)
- rdma/irdma: Fix VLAN connection with wildcard address (git-fixes)
- rdma/irdma: Fix a window for use-after-free (git-fixes)
- rdma/irdma: Fix setting of QP context err_rq_idx_valid field (git-fixes)
- rdma/irdma: Fix sleep from invalid context BUG (git-fixes)
- rdma/irdma: Move union irdma_sockaddr to header file (git-fixes)
- rdma/irdma: Remove the unnecessary variable saddr (git-fixes)
- rdma/irdma: Report RNR NAK generation in device caps (git-fixes)
- rdma/irdma: Report the correct max cqes from query device (git-fixes)
- rdma/irdma: Return correct WC error for bind operation failure (git-fixes)
- rdma/irdma: Return error on MR deregister CQP failure (git-fixes)
- rdma/irdma: Use net_type to check network type (git-fixes)
- rdma/irdma: Validate udata inlen and outlen (git-fixes)
- rdma/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- rdma/mlx5: Do not compare mkey tags in DEVX indirect mkey (git-fixes)
- rdma/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- rdma/qedr: Fix reporting QP timeout attribute (git-fixes)
- rdma/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
- rdma/rxe: Fix deadlock in rxe_do_local_ops() (git-fixes)
- rdma/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- rdma/rxe: Fix mw bind to allow any consumer key portion (git-fixes)
- rdma/rxe: Fix resize_finish() in rxe_queue.c (git-fixes)
- rdma/rxe: Fix rnr retry behavior (git-fixes)
- rdma/rxe: Fix the error caused by qp->sk (git-fixes)
- rdma/rxe: For invalidate compare according to set keys in mr (git-fixes)
- rdma/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- rdma/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- rdma/siw: Fix QP destroy to wait for all references dropped. (git-fixes)
- rdma/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- rdma/siw: Pass a pointer to virt_to_page() (git-fixes)
- rdma/srp: Fix srp_abort() (git-fixes)
- rdma/srp: Handle dev_set_name() failure (git-fixes)
- rdma/srp: Rework the srp_add_port() error path (git-fixes)
- rdma/srp: Set scmnd->result only when scmnd is not NULL (git-fixes)
- rdma/srp: Support more than 255 rdma ports (git-fixes)
- rdma/srp: Use the attribute group mechanism for sysfs attributes (git-fixes)
- rdma/srpt: Duplicate port name members (git-fixes)
- rdma/srpt: Fix a use-after-free (git-fixes)
- rdma/srpt: Introduce a reference count in struct srpt_device (git-fixes)
- rdma/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- rdma: remove useless condition in siw_create_cq() (git-fixes)
- regulator: core: Prevent integer underflow (git-fixes).
- remoteproc: imx_rproc: Simplify some error message (git-fixes).
- revert 'SUNRPC: Remove unreachable error condition' (git-fixes).
- revert 'crypto: qat - reduce size of mapped region' (git-fixes).
- revert 'drm/amdgpu: use dirty framebuffer helper' (git-fixes).
- revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- revert 'workqueue: remove unused cancel_work()' (bsc#1204933).
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Allow splice to read previous partially read pages (git-fixes).
- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (bsc#1204705).
- ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
- ring-buffer: Fix race between reset page and reading page (git-fixes).
- ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
- rose: Fix NULL pointer dereference in rose_send_frame() (git-fixes).
- rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
- s390/smp: enforce lowcore protection on CPU restart (git-fixes).
- sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (bnc#1204498).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
- scsi: scsi_transport_fc: Use %u for dev_loss_tmo (bsc#1202914).
- scsi: ufs: ufs-pci: Add support for Intel ADL (jsc#PED-707).
- scsi: ufs: ufs-pci: Add support for Intel MTL (jsc#PED-732).
- selftest: tpm2: Add Client.__del__() to close /dev/tpm* handle (git-fixes).
- selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995).
- selftests/pidfd_test: Remove the erroneous ',' (git-fixes).
- selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
- selftests: netfilter: Fix nft_fib.sh for all.rp_filter=1 (git-fixes).
- selinux: allow FIOCLEX and FIONCLEX with policy capability (git-fixes).
- selinux: enable use of both GFP_KERNEL and GFP_ATOMIC in convert_context() (git-fixes).
- selinux: use 'grep -E' instead of 'egrep' (git-fixes).
- serial: 8250: Fix restoring termios speed after suspend (git-fixes).
- serial: core: move RS485 configuration tasks from drivers into core (git-fixes).
- sfc: disable softirqs for ptp TX (git-fixes).
- sfc: fix kernel panic when creating VF (git-fixes).
- sfc: fix use after free when disabling sriov (git-fixes).
- signal: break out of wait loops on kthread_stop() (bsc#1204926).
- slimbus: qcom-ngd: cleanup in probe error path (git-fixes).
- slimbus: qcom-ngd: use correct error in message of pdr_add_lookup() failure (git-fixes).
- soc/tegra: fuse: Drop Kconfig dependency on TEGRA20_APB_DMA (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
- soc: sunxi: sram: Fix probe function ordering issues (git-fixes).
- soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- soundwire: cadence: Do not overwrite msg->buf during write commands (git-fixes).
- soundwire: intel: fix error handling on dai registration issues (git-fixes).
- spi: Ensure that sg_table won't be used after being freed (git-fixes).
- spi: pxa2xx: Add support for Intel Meteor Lake-P (jsc#PED-732).
- spi: pxa2xx: Add support for Intel Raptor Lake PCH-S (jsc#PED-634).
- spmi: pmic-arb: correct duplicate APID to PPID mapping logic (git-fixes).
- spmi: pmic-arb: do not ack and clear peripheral interrupts in cleanup_irq (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
- staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
- stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove() (git-fixes).
- stmmac: intel: Fix an error handling path in intel_eth_pci_probe() (git-fixes).
- thermal/drivers/qcom/tsens-v0_1: Fix MSM8939 fourth sensor hw_id (git-fixes).
- thermal: cpufreq_cooling: Check the policy first in cpufreq_cooling_register() (git-fixes).
- thermal: int340x: Mode setting with new OS handshake (jsc#PED-678).
- thermal: int340x: Update OS policy capability handshake (jsc#PED-678).
- thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
- thunderbolt: Add back Intel Falcon Ridge end-to-end flow control workaround (git-fixes).
- thunderbolt: Add missing device ID to tb_switch_is_alpine_ridge() (git-fixes).
- thunderbolt: Add support for Intel Raptor Lake (jsc#PED-634).
- thunderbolt: Disable LTTPR on Intel Titan Ridge (git-fixes).
- thunderbolt: Explicitly enable lane adapter hotplug events at startup (git-fixes).
- thunderbolt: Explicitly reset plug events delay back to USB4 spec value (git-fixes).
- thunderbolt: Fix buffer allocation of devices with no DisplayPort adapters (git-fixes).
- tracing/osnoise: Fix possible recursive locking in stop_per_cpu_kthreads (git-fixes).
- tracing: Add '(fault)' name injection to kernel probes (git-fixes).
- tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
- tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
- tracing: Fix reading strings from synthetic events (git-fixes).
- tracing: Move duplicate code of trace_kprobe/eprobe.c into header (git-fixes).
- tracing: Replace deprecated CPU-hotplug functions (git-fixes).
- tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
- tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- tracing: kprobe: Fix kprobe event gen test module on exit (git-fixes).++ kernel-source.spec (revision 4)Release: <RELEASE>.g76cfe60Provides: %name-srchash-76cfe60e3ab724313d9fba4cf5ebaf12ad49ea0e
- tracing: kprobe: Make gen test module work in arm and riscv (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- udmabuf: Set ubuf->sg = NULL if the creation of sg table fails (git-fixes).
- update kabi files. Refresh from Nov 2022 MU - 5.14.21-150400.24.28.1
- update patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch (bsc#1204693).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- usb/hcd: Fix dma_map_sg error check (git-fixes).
- usb: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- usb: cdc-wdm: Use skb_put_data() instead of skb_put/memcpy pair (git-fixes).
- usb: common: debug: Check non-standard control requests (git-fixes).
- usb: dwc3: core: Enable GUCTL1 bit 10 for fixing termination error after resume bug (git-fixes).
- usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
- usb: ehci: Fix a function name in comments (git-fixes).
- usb: gadget: bdc: fix typo in comment (git-fixes).
- usb: gadget: f_fs: stricter integer overflow checks (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
- usb: host: xhci-plat: suspend and resume clocks (git-fixes).
- usb: host: xhci-plat: suspend/resume clks for brcm (git-fixes).
- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: mtu3: fix failed runtime suspend in host only mode (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
- usb: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- usb: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- usb: typec: tcpm: fix typo in comment (git-fixes).
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
- virt: vbox: convert to use dev_groups (git-fixes).
- vsock: fix possible infinite sleep in vsock_connectible_wait_data() (git-fixes).
- vsock: remove the unused 'wait' in vsock_connectible_recvmsg() (git-fixes).
- watchdog/hpwdt: Include nmi.h only if CONFIG_HPWDT_NMI_DECODING (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
- wifi: cfg80211/mac80211: reject bad MBSSID elements (git-fixes).
- wifi: cfg80211: fix ieee80211_data_to_8023_exthdr handling of small packets (git-fixes).
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
- wifi: mac80211: fix decap offload for stations on AP_VLAN interfaces (git-fixes).
- wifi: mac80211: fix probe req HE capabilities access (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
- wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
- wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
- wwan_hwsim: fix possible memory leak in wwan_hwsim_dev_new() (git-fixes).
- x86/boot: Do not propagate uninitialized boot_params->cc_blob_address (bsc#1204970).
- x86/boot: Fix the setup data types max limit (bsc#1204970).
- x86/compressed/64: Add identity mappings for setup_data entries (bsc#1204970).
- x86/sev: Annotate stack change in the #VC handler (bsc#1204970).
- x86/sev: Do not use cc_platform_has() for early SEV-SNP calls (bsc#1204970).
- x86/sev: Remove duplicated assignment to variable info (bsc#1204970).
- xen/gntdev: Prevent leaking grants (git-fixes).
- xhci-pci: Set runtime PM as default policy on all xHC 1.2 or later devices (git-fixes).
- xhci: Add quirk to reset host back to default state at shutdown (git-fixes).
- xhci: Do not show warning for reinit on known broken suspend (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
- xhci: dbc: Fix memory leak in xhci_alloc_dbc() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1152472SUSE bug 1152489SUSE bug 1188238SUSE bug 1194869SUSE bug 1196018SUSE bug 1196632SUSE bug 1199904SUSE bug 1200567SUSE bug 1200692SUSE bug 1200788SUSE bug 1202187SUSE bug 1202686SUSE bug 1202700SUSE bug 1202914SUSE bug 1203098SUSE bug 1203229SUSE bug 1203290SUSE bug 1203435SUSE bug 1203514SUSE bug 1203699SUSE bug 1203767SUSE bug 1203802SUSE bug 1203922SUSE bug 1204017SUSE bug 1204142SUSE bug 1204166SUSE bug 1204168SUSE bug 1204171SUSE bug 1204241SUSE bug 1204353SUSE bug 1204354SUSE bug 1204355SUSE bug 1204402SUSE bug 1204413SUSE bug 1204415SUSE bug 1204417SUSE bug 1204428SUSE bug 1204431SUSE bug 1204439SUSE bug 1204470SUSE bug 1204479SUSE bug 1204498SUSE bug 1204533SUSE bug 1204569SUSE bug 1204574SUSE bug 1204575SUSE bug 1204619SUSE bug 1204635SUSE bug 1204637SUSE bug 1204646SUSE bug 1204647SUSE bug 1204650SUSE bug 1204653SUSE bug 1204693SUSE bug 1204705SUSE bug 1204719SUSE bug 1204728SUSE bug 1204753SUSE bug 1204868SUSE bug 1204926SUSE bug 1204933SUSE bug 1204934SUSE bug 1204947SUSE bug 1204957SUSE bug 1204963SUSE bug 1204970CVE-2022-1882 at SUSECVE-2022-1882 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3526 at SUSECVE-2022-3526 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3633 at SUSECVE-2022-3633 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-40476 at SUSECVE-2022-40476 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDcpe:/o:suse:sle-micro:5.3Security update for dpkg (Low)SUSE Linux Enterprise Micro 5.3
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
LowSUSE bug 1199944CVE-2022-1664 at SUSECVE-2022-1664 at NVDcpe:/o:suse:sle-micro:5.3Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.3
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
ImportantSUSE bug 1205178SUSE bug 1205182CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:sle-micro:5.3Security update for kubevirt stack (Important)SUSE Linux Enterprise Micro 5.3
This update provides rebuilds of the kubevirt containers with up to date base images,
fixing various security issues.
Importantcpe:/o:suse:sle-micro:5.3Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.3
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.3
This update rebuilds the current containeried data importer images against
current base images, to fix security issues.
Importantcpe:/o:suse:sle-micro:5.3Security update for net-snmp (Moderate)SUSE Linux Enterprise Micro 5.3
This update for net-snmp fixes the following issues:
Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):
- CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.
- CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.
- CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.
- CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
- CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.
- CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
ModerateSUSE bug 1201103CVE-2022-24805 at SUSECVE-2022-24805 at NVDCVE-2022-24806 at SUSECVE-2022-24806 at NVDCVE-2022-24807 at SUSECVE-2022-24807 at NVDCVE-2022-24808 at SUSECVE-2022-24808 at NVDCVE-2022-24809 at SUSECVE-2022-24809 at NVDCVE-2022-24810 at SUSECVE-2022-24810 at NVDcpe:/o:suse:sle-micro:5.3Security update for pixman (Important)SUSE Linux Enterprise Micro 5.3
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:sle-micro:5.3Security update for libarchive (Low)SUSE Linux Enterprise Micro 5.3
This update for libarchive fixes the following issues:
- CVE-2022-36227: Fixed potential NULL pointer dereference in __archive_write_allocate_filter() (bsc#1205629).
LowSUSE bug 1205629CVE-2022-36227 at SUSECVE-2022-36227 at NVDcpe:/o:suse:sle-micro:5.3Security update for libdb-4_8 (Low)SUSE Linux Enterprise Micro 5.3
This update for libdb-4_8 fixes the following issues:
- CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414).
LowSUSE bug 1174414CVE-2019-2708 at SUSECVE-2019-2708 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).
ImportantSUSE bug 1204641SUSE bug 1204643SUSE bug 1204644SUSE bug 1204645SUSE bug 1205392CVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDcpe:/o:suse:sle-micro:5.3Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
Bug fixes:
- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)
ModerateSUSE bug 1184689SUSE bug 1188086SUSE bug 1192252SUSE bug 1192648SUSE bug 1197428SUSE bug 1200330SUSE bug 1202269SUSE bug 1202337SUSE bug 1202417SUSE bug 1203818cpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
The following non-security bug was fixed:
- Fixed a crash in the garbage collection (bsc#1188607).
ImportantSUSE bug 1188607SUSE bug 1203125SUSE bug 1204577CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2022-37454 at SUSECVE-2022-37454 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0814:
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).
ImportantSUSE bug 1192478SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
- CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]
ImportantSUSE bug 1204642SUSE bug 1205422CVE-2022-3570 at SUSECVE-2022-3570 at NVDCVE-2022-3598 at SUSECVE-2022-3598 at NVDcpe:/o:suse:sle-micro:5.3Security update for libtpms (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libtpms fixes the following issues:
- CVE-2021-3623: Fixed out-of-bounds access when trying to resume the
state of the vTPM (bsc#1187767)
ModerateSUSE bug 1187767SUSE bug 1204556CVE-2021-3623 at SUSECVE-2021-3623 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).
Also includes the following fix:
- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).
ImportantSUSE bug 1197284SUSE bug 1206065SUSE bug 1206235CVE-2022-23471 at SUSECVE-2022-23471 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:sle-micro:5.3Security update for cni (Important)SUSE Linux Enterprise Micro 5.3
This update for cni fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
ImportantSUSE bug 1181961CVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.3Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.3
This update for cni-plugins fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
ImportantSUSE bug 1181961CVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
- CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).
ImportantSUSE bug 1206308SUSE bug 1206309CVE-2022-43551 at SUSECVE-2022-43551 at NVDCVE-2022-43552 at SUSECVE-2022-43552 at NVDcpe:/o:suse:sle-micro:5.3Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:sle-micro:5.3Security update for systemd (Important)SUSE Linux Enterprise Micro 5.3
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
ImportantSUSE bug 1200723SUSE bug 1205000CVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Updated to version 9.0.1040:
- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDcpe:/o:suse:sle-micro:5.3Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.3
This update for conmon fixes the following issues:
conmon was updated to version 2.1.5:
* don't leak syslog_identifier
* logging: do not read more that the buf size
* logging: fix error handling
* Makefile: Fix install for FreeBSD
* signal: Track changes to get_signal_descriptor in the FreeBSD version
* Packit: initial enablement
Update to version 2.1.4:
* Fix a bug where conmon crashed when it got a SIGCHLD
update to 2.1.3:
* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max
Update to version 2.1.2:
* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level
Update to version 2.1.0
* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Update to version 2.0.32
* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command
Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
ModerateSUSE bug 1200285CVE-2022-1708 at SUSECVE-2022-1708 at NVDcpe:/o:suse:sle-micro:5.3Security update for sudo (Important)SUSE Linux Enterprise Micro 5.3
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:sle-micro:5.3Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.3
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-certifi (Important)SUSE Linux Enterprise Micro 5.3
This update for python-certifi fixes the following issues:
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
ImportantSUSE bug 1206212CVE-2022-23491 at SUSECVE-2022-23491 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652)
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
- CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
- CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
- CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
- CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2022-3104: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396)
- CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390)
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)
The following non-security bugs were fixed:
- acct: fix potential integer overflow in encode_comp_t() (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes).
- ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes).
- ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
- ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
- ALSA: control-led: use strscpy in set_led_id() (git-fixes).
- ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes).
- ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes).
- ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes).
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes).
- ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes).
- ALSA: hda/realtek - Turn on power early (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes).
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes).
- ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes).
- ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes).
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
- ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes).
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes).
- ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes).
- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes).
- ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
- ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
- ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes).
- ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes).
- amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes).
- apparmor: fix a memleak in multi_transaction_new() (git-fixes).
- apparmor: Fix abi check to include v8 abi (git-fixes).
- apparmor: fix lockdep warning when removing a namespace (git-fixes).
- apparmor: Fix memleak in alloc_ns() (git-fixes).
- apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes).
- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes).
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes).
- ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes).
- ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes).
- ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes).
- ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes).
- ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
- ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
- ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes).
- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes).
- ARM: dts: spear600: Fix clcd interrupt (git-fixes).
- ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes).
- ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes).
- ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
- ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
- ARM: mmp: fix timer_read delay (git-fixes).
- ARM: ux500: do not directly dereference __iomem (git-fixes).
- arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219).
- arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes).
- arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes).
- arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes).
- arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes).
- arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes).
- arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes).
- arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes).
- arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
- arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes).
- arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
- arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
- arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
- arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes).
- arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
- arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
- arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes).
- arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
- arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes).
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes).
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes).
- arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes).
- arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes).
- arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
- arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
- arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes).
- arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes).
- arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes).
- ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes).
- ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes).
- ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
- ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes).
- ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
- ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes).
- ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes).
- ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes).
- ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes).
- ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes).
- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes).
- ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes).
- ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes).
- ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
- ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
- ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes).
- ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes).
- ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes).
- ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
- ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes).
- ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
- ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes).
- ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes).
- ASoC: wm8994: Fix potential deadlock (git-fixes).
- ata: ahci: Fix PCS quirk application for suspend (git-fixes).
- binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes).
- binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes).
- binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes).
- Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes).
- Bluetooth: btusb: Add debug message for CSR controllers (git-fixes).
- Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes).
- Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes).
- caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
- can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
- can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes).
- can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes).
- can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes).
- can: mcba_usb: Fix termination command argument (git-fixes).
- can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
- can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes).
- chardev: fix error handling in cdev_device_add() (git-fixes).
- cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629).
- cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1193629).
- cifs: fix confusing debug message (bsc#1193629).
- cifs: Fix kmap_local_page() unmapping (git-fixes).
- cifs: fix missing display of three mount options (bsc#1193629).
- cifs: fix oops during encryption (bsc#1199294).
- cifs: fix refresh of cached referrals (bsc#1193629).
- cifs: fix source pathname comparison of dfs supers (bsc#1193629).
- cifs: fix various whitespace errors in headers (bsc#1193629).
- cifs: get rid of mount options string parsing (bsc#1193629).
- cifs: minor cleanup of some headers (bsc#1193629).
- cifs: optimize reconnect of nested links (bsc#1193629).
- cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629).
- cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629).
- cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
- cifs: refresh root referrals (bsc#1193629).
- cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1193629).
- cifs: set correct ipc status after initial tree connect (bsc#1193629).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1193629).
- cifs: set correct tcon status after initial tree connect (bsc#1193629).
- cifs: set resolved ip in sockaddr (bsc#1193629).
- cifs: share dfs connections and supers (bsc#1193629).
- cifs: skip alloc when request has no pages (bsc#1193629).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629).
- cifs: update internal module number (bsc#1193629).
- cifs: use fs_context for automounts (bsc#1193629).
- cifs: use origin fullpath for automounts (bsc#1193629).
- class: fix possible memory leak in __class_register() (git-fixes).
- clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes).
- clk: generalize devm_clk_get() a bit (git-fixes).
- clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes).
- clk: imx: replace osc_hdmi with dummy (git-fixes).
- clk: nomadik: correct struct name kernel-doc warning (git-fixes).
- clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes).
- clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
- clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes).
- clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
- clk: renesas: r9a06g032: Repair grave increment error (git-fixes).
- clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes).
- clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes).
- clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes).
- clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
- clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes).
- clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes).
- clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes).
- cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
- cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485).
- cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485).
- cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068).
- crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes).
- crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes).
- crypto: cryptd - Use request context instead of stack for sub-request (git-fixes).
- crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
- crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes).
- crypto: n2 - add missing hash statesize (git-fixes).
- crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes).
- crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes).
- crypto: rockchip - add fallback for ahash (git-fixes).
- crypto: rockchip - add fallback for cipher (git-fixes).
- crypto: rockchip - better handle cipher key (git-fixes).
- crypto: rockchip - do not do custom power management (git-fixes).
- crypto: rockchip - do not store mode globally (git-fixes).
- crypto: rockchip - remove non-aligned handling (git-fixes).
- crypto: rockchip - rework by using crypto_engine (git-fixes).
- crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
- crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes).
- device property: Fix documentation for fwnode_get_next_parent() (git-fixes).
- dmaengine: idxd: Fix crc_val field for completion record (git-fixes).
- docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove call to memset before free device/resource/connection (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes).
- drivers: dio: fix possible memory leak in dio_init() (git-fixes).
- drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes).
- drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes).
- drm/amd/display: fix array index out of bound error in bios parser (git-fixes).
- drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
- drm/amd/display: prevent memory leak (git-fixes).
- drm/amd/display: Use the largest vready_offset in pipe group (git-fixes).
- drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes).
- drm/amdgpu: fix pci device refcount leak (git-fixes).
- drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes).
- drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes).
- drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes).
- drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
- drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
- drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes).
- drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes).
- drm/amdkfd: Fix memory leakage (git-fixes).
- drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes).
- drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes).
- drm/connector: send hotplug uevent on connector cleanup (git-fixes).
- drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes).
- drm/etnaviv: add missing quirks for GC300 (git-fixes).
- drm/etnaviv: do not truncate physical page address (git-fixes).
- drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
- drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
- drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes).
- drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes).
- drm/i915: remove circ_buf.h includes (git-fixes).
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes).
- drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes).
- drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes).
- drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
- drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
- drm/i915/migrate: do not check the scratch page (git-fixes).
- drm/i915/migrate: fix length calculation (git-fixes).
- drm/i915/migrate: fix offset calculation (git-fixes).
- drm/i915/ttm: never purge busy objects (git-fixes).
- drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
- drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes).
- drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes).
- drm/mediatek: Modify dpi power on/off sequence (git-fixes).
- drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes).
- drm/msm: another fix for the headless Adreno GPU (git-fixes).
- drm/msm: Use drm_mode_copy() (git-fixes).
- drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes).
- drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes).
- drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes).
- drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
- drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes).
- drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes).
- drm/rockchip: Use drm_mode_copy() (git-fixes).
- drm/shmem-helper: Avoid vm_open error paths (git-fixes).
- drm/shmem-helper: Remove errant put in error path (git-fixes).
- drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
- drm/sti: Use drm_mode_copy() (git-fixes).
- drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes).
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes).
- drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
- drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes).
- Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
- dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes).
- dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes).
- dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes).
- dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes).
- dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes).
- dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes).
- dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes).
- EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes).
- extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes).
- extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
- extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes).
- fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
- fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes).
- fbdev: geode: do not build on UML (git-fixes).
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes).
- fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
- fbdev: ssd1307fb: Drop optional dependency (git-fixes).
- fbdev: uvesafb: do not build on UML (git-fixes).
- fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes).
- fbdev: vermilion: decrease reference count in error path (git-fixes).
- fbdev: via: Fix error in via_core_init() (git-fixes).
- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
- floppy: Fix memory leak in do_floppy_init() (git-fixes).
- gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes).
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
- gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes).
- gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
- gpiolib: Get rid of redundant 'else' (git-fixes).
- gpiolib: improve coding style for local variables (git-fixes).
- gpiolib: make struct comments into real kernel docs (git-fixes).
- hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes).
- hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes).
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes).
- HID: mcp2221: do not connect hidraw (git-fixes).
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes).
- HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes).
- HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
- HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes).
- HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes).
- HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes).
- HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes).
- hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes).
- hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes).
- hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes).
- hwrng: amd - Fix PCI device refcount leak (git-fixes).
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes).
- i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes).
- i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes).
- IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
- ibmveth: Always stop tx queues during close (bsc#1065729).
- iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes).
- iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes).
- iio: fix memory leak in iio_device_register_eventset() (git-fixes).
- iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes).
- ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes).
- Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes).
- Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes).
- Input: wistron_btns - disable on UML (git-fixes).
- integrity: Fix memory leakage in keyring allocation error path (git-fixes).
- ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
- ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes).
- lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes).
- lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes).
- mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes).
- mailbox: mpfs: read the system controller's status (git-fixes).
- mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes).
- media: adv748x: afe: Select input port when initializing AFE (git-fixes).
- media: camss: Clean up received buffers on failed start of streaming (git-fixes).
- media: dvb-core: Fix double free in dvb_register_device() (git-fixes).
- media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes).
- media: dvb-frontends: fix leak of memory fw (git-fixes).
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes).
- media: i2c: ad5820: Fix error path (git-fixes).
- media: imon: fix a race condition in send_packet() (git-fixes).
- media: saa7164: fix missing pci_disable_device() (git-fixes).
- media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes).
- media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes).
- media: stv0288: use explicitly signed char (git-fixes).
- media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes).
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes).
- media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
- media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes).
- media: vimc: Fix wrong function called when vimc_init() fails (git-fixes).
- media: vivid: fix compose size exceed boundary (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes).
- mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes).
- mfd: pm8008: Remove driver data structure pm8008_data (git-fixes).
- mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes).
- mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes).
- misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes).
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes).
- mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468).
- mmc: alcor: fix return value check of mmc_add_host() (git-fixes).
- mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes).
- mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes).
- mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes).
- mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes).
- mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
- mmc: moxart: fix return value check of mmc_add_host() (git-fixes).
- mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes).
- mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: pxamci: fix return value check of mmc_add_host() (git-fixes).
- mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
- mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
- mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes).
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes).
- mmc: toshsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: vub300: fix return value check of mmc_add_host() (git-fixes).
- mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes).
- mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mt76: stop the radar detector after leaving dfs channel (git-fixes).
- mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes).
- mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
- mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
- mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes).
- mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes).
- mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- net: usb: smsc95xx: fix external PHY reset (git-fixes).
- net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536).
- net/mlx5: Lag, filter non compatible devices (bsc#1206536).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- nfc: Fix potential resource leaks (git-fixes).
- nfc: pn533: Clear nfc_target before being used (git-fixes).
- nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes).
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes).
- nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes).
- octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682).
- octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682).
- octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682).
- octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682).
- octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682).
- octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682).
- octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682).
- octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682).
- octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682).
- octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
- octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682).
- octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
- octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682).
- octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
- octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682).
- octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
- octeontx2: Modify mbox request and response structures (jsc#SLE-24682).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: dwc: Fix n_fts[] array overrun (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes).
- PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes).
- PCI: vmd: Disable MSI remapping after suspend (git-fixes).
- PCI/sysfs: Fix double free in error path (git-fixes).
- phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes).
- pinctrl: k210: call of_node_put() (git-fixes).
- pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
- pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
- platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes).
- platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
- platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes).
- platform/surface: aggregator: Ignore command messages not intended for us (git-fixes).
- platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes).
- platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes).
- platform/x86: huawei-wmi: fix return value calculation (git-fixes).
- platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes).
- platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes).
- platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes).
- PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
- PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes).
- PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
- power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes).
- power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes).
- power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes).
- power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes).
- powerpc: export the CPU node count (bsc#1207016 ltc#201108).
- powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- proc: fixup uptime selftest (git-fixes).
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
- pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes).
- pstore: Properly assign mem_type property (git-fixes).
- pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes).
- pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
- pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
- pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes).
- pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes).
- pwm: tegra: Improve required rate calculation (git-fixes).
- r6040: Fix kmemleak in probe and remove (git-fixes).
- random: allow partial reads if later user copies fail (bsc#1204911).
- random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911).
- random: convert to using fops->read_iter() (bsc#1204911).
- random: convert to using fops->write_iter() (bsc#1204911).
- random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911).
- random: zero buffer after reading entropy from userspace (bsc#1204911).
- RDMA: Disable IB HW for UML (git-fixes)
- RDMA/core: Fix order of nldev_exit call (git-fixes)
- RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes)
- RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
- RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
- RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
- RDMA/hns: Fix error code of CMD (git-fixes)
- RDMA/hns: Fix ext_sge num error when post send (git-fixes)
- RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
- RDMA/hns: Fix page size cap from firmware (git-fixes)
- RDMA/hns: Fix PBL page MTR find (git-fixes)
- RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
- RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
- RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
- RDMA/irdma: Initialize net_type before checking it (git-fixes)
- RDMA/irdma: Report the correct link speed (git-fixes)
- RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
- RDMA/nldev: Fix failure to send large messages (git-fixes)
- RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes)
- RDMA/restrack: Release MR restrack when delete (git-fixes)
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
- RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
- RDMA/siw: Fix pointer cast warning (git-fixes)
- RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
- RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
- regulator: bd718x7: Drop unnecessary info print (git-fixes).
- regulator: core: fix deadlock on regulator enable (git-fixes).
- regulator: core: fix module refcount leak in set_supply() (git-fixes).
- regulator: core: fix resource leak in regulator_register() (git-fixes).
- regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes).
- regulator: core: fix use_count leakage when handling boot-on (git-fixes).
- regulator: core: use kfree_const() to free space conditionally (git-fixes).
- regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes).
- regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
- regulator: slg51000: Wait after asserting CS pin (git-fixes).
- regulator: twl6030: fix get status of twl6032 regulators (git-fixes).
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes).
- remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes).
- remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes).
- remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes).
- remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes).
- remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes).
- remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes).
- rtc: cmos: fix build on non-ACPI platforms (git-fixes).
- rtc: cmos: Fix event handler registration ordering issue (git-fixes).
- rtc: cmos: Fix wake alarm breakage (git-fixes).
- rtc: ds1347: fix value written to century register (git-fixes).
- rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
- rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes).
- rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
- rtc: snvs: Allow a time difference on clock register read (git-fixes).
- rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
- sched/core: Fix the bug that task won't enqueue into core (git-fixes)
- sched/topology: Remove redundant variable and fix incorrect (git-fixes)
- sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
- sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes).
- scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes).
- scsi: core: Reallocate device's budget map on queue depth change (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
- scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
- scsi: hisi_sas: Use managed PCI functions (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add recv workqueue helpers (git-fixes).
- scsi: iscsi: Fix harmless double shift bug (git-fixes).
- scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes).
- scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
- scsi: iscsi: kabi: fix libiscsi new field (git-fixes).
- scsi: iscsi: Merge suspend fields (git-fixes).
- scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
- scsi: iscsi: Run recv path from workqueue (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: mpi3mr: Fix memory leaks (git-fixes).
- scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes).
- scsi: mpi3mr: Fixes around reply request queues (git-fixes).
- scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes).
- scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
- scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes).
- scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
- scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
- scsi: pm8001: Fix tag leaks on error (git-fixes).
- scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes).
- scsi: pm80xx: Fix double completion for SATA devices (git-fixes).
- scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add stag_work to all the vports (git-fixes).
- scsi: qedf: Change context reset messages to ratelimited (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes).
- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes).
- scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes).
- scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
- scsi: ufs: Treat link loss as fatal error (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes).
- scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes).
- scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes).
- selftests: set the BUILD variable to absolute path (git-fixes).
- selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
- selftests/efivarfs: Add checking of the test return value (git-fixes).
- selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes).
- selftests/powerpc: Fix resource leaks (git-fixes).
- serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes).
- serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes).
- serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes).
- serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes).
- serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
- serial: tegra: Read DMA status before terminating (git-fixes).
- soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes).
- soc: qcom: llcc: make irq truly optional (git-fixes).
- soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
- soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes).
- soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes).
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes).
- spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes).
- spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
- spi: Update reference to struct spi_controller (git-fixes).
- staging: media: tegra-video: fix chan->mipi value on error (git-fixes).
- staging: media: tegra-video: fix device_node use after free (git-fixes).
- staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes).
- staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- test_firmware: fix memory leak in test_firmware_init() (git-fixes).
- thermal: core: fix some possible name leaks in error paths (git-fixes).
- thermal: int340x: Add missing attribute for data rate base (git-fixes).
- thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes).
- thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes).
- tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes).
- tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes).
- tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes).
- tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes).
- tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes).
- uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes).
- uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes).
- usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
- usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
- usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes).
- usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
- usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes).
- usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes).
- usb: rndis_host: Secure rndis_query check against int overflow (git-fixes).
- usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes).
- usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- usb: serial: f81232: fix division by zero on line-speed change (git-fixes).
- usb: serial: f81534: fix division by zero on line-speed change (git-fixes).
- usb: serial: option: add Quectel EM05-G modem (git-fixes).
- usb: storage: Add check for kcalloc (git-fixes).
- usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes).
- usb: typec: Factor out non-PD fwnode properties (git-fixes).
- usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes).
- usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes).
- usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes).
- usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes).
- usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes).
- vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes).
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes).
- vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
- vmxnet3: correctly report csum_level for encapsulated packet (git-fixes).
- vringh: fix range used in iotlb_translate() (git-fixes).
- vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
- vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes).
- wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
- wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes).
- wifi: ath9k: verify the expected usb_endpoints are present (git-fixes).
- wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes).
- wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes).
- wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes).
- wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
- wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes).
- wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes).
- wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes).
- wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes).
- wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes).
- wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
- wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
- wifi: rtw89: fix physts IE page check (git-fixes).
- wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes).
- wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes).
- wifi: wilc1000: sdio: fix module autoloading (git-fixes).
- xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1187428SUSE bug 1188605SUSE bug 1191259SUSE bug 1193629SUSE bug 1199294SUSE bug 1201068SUSE bug 1203219SUSE bug 1203740SUSE bug 1204614SUSE bug 1204652SUSE bug 1204760SUSE bug 1204911SUSE bug 1204989SUSE bug 1205263SUSE bug 1205485SUSE bug 1205601SUSE bug 1205695SUSE bug 1206073SUSE bug 1206098SUSE bug 1206101SUSE bug 1206188SUSE bug 1206209SUSE bug 1206344SUSE bug 1206389SUSE bug 1206390SUSE bug 1206393SUSE bug 1206394SUSE bug 1206395SUSE bug 1206396SUSE bug 1206397SUSE bug 1206398SUSE bug 1206399SUSE bug 1206456SUSE bug 1206468SUSE bug 1206515SUSE bug 1206536SUSE bug 1206554SUSE bug 1206602SUSE bug 1206619SUSE bug 1206664SUSE bug 1206703SUSE bug 1206794SUSE bug 1206896SUSE bug 1206912SUSE bug 1207016CVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652)
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
- CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
- CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
- CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396)
- CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390)
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)
The following non-security bugs were fixed:
- acct: fix potential integer overflow in encode_comp_t() (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes).
- ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes).
- ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
- ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
- ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes).
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes).
- ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes).
- ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes).
- ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes).
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
- ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes).
- ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes).
- ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes).
- ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
- ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
- amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes).
- apparmor: fix a memleak in multi_transaction_new() (git-fixes).
- apparmor: Fix abi check to include v8 abi (git-fixes).
- apparmor: fix lockdep warning when removing a namespace (git-fixes).
- apparmor: Fix memleak in alloc_ns() (git-fixes).
- apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes).
- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes).
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes).
- ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes).
- ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes).
- ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes).
- ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes).
- ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
- ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes).
- ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
- ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
- ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes).
- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes).
- ARM: dts: spear600: Fix clcd interrupt (git-fixes).
- ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes).
- ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes).
- ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
- ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
- ARM: mmp: fix timer_read delay (git-fixes).
- ARM: ux500: do not directly dereference __iomem (git-fixes).
- arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219).
- arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes).
- arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes).
- arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes).
- arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes).
- arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes).
- arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes).
- arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes).
- arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
- arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes).
- arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
- arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
- arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
- arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes).
- arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
- arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
- arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes).
- arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
- arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes).
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes).
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes).
- arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes).
- arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes).
- arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
- arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
- arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes).
- arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes).
- arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes).
- ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes).
- ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes).
- ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
- ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes).
- ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
- ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes).
- ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes).
- ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes).
- ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes).
- ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes).
- ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes).
- ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes).
- ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes).
- ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
- ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
- ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes).
- ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes).
- ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
- ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes).
- ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
- ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes).
- ASoC: wm8994: Fix potential deadlock (git-fixes).
- ata: ahci: Fix PCS quirk application for suspend (git-fixes).
- binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes).
- binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes).
- binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes).
- block: Do not reread partition table on exclusively open device (bsc#1190969).
- Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes).
- Bluetooth: btusb: Add debug message for CSR controllers (git-fixes).
- Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes).
- Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes).
- caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
- can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes).
- can: do not increase rx_bytes statistics for RTR frames (git-fixes).
- can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
- can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes).
- can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes).
- can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes).
- can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes).
- can: m_can: fix typo prescalar -> prescaler (git-fixes).
- can: m_can: is_lec_err(): clean up LEC error handling (git-fixes).
- can: mcba_usb: Fix termination command argument (git-fixes).
- can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
- can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes).
- chardev: fix error handling in cdev_device_add() (git-fixes).
- cifs: Add 'extbuf' and 'extbuflen' args to smb2_compound_op() (bsc#1193629).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629).
- cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1193629).
- cifs: fix confusing debug message (bsc#1193629).
- cifs: Fix kmap_local_page() unmapping (git-fixes).
- cifs: fix missing display of three mount options (bsc#1193629).
- cifs: fix oops during encryption (bsc#1199294).
- cifs: fix refresh of cached referrals (bsc#1193629).
- cifs: fix source pathname comparison of dfs supers (bsc#1193629).
- cifs: fix various whitespace errors in headers (bsc#1193629).
- cifs: get rid of mount options string parsing (bsc#1193629).
- cifs: minor cleanup of some headers (bsc#1193629).
- cifs: optimize reconnect of nested links (bsc#1193629).
- cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629).
- cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629).
- cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
- cifs: refresh root referrals (bsc#1193629).
- cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1193629).
- cifs: set correct ipc status after initial tree connect (bsc#1193629).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1193629).
- cifs: set correct tcon status after initial tree connect (bsc#1193629).
- cifs: set resolved ip in sockaddr (bsc#1193629).
- cifs: share dfs connections and supers (bsc#1193629).
- cifs: skip alloc when request has no pages (bsc#1193629).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629).
- cifs: update internal module number (bsc#1193629).
- cifs: use fs_context for automounts (bsc#1193629).
- cifs: use origin fullpath for automounts (bsc#1193629).
- class: fix possible memory leak in __class_register() (git-fixes).
- clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes).
- clk: generalize devm_clk_get() a bit (git-fixes).
- clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes).
- clk: imx: replace osc_hdmi with dummy (git-fixes).
- clk: nomadik: correct struct name kernel-doc warning (git-fixes).
- clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes).
- clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
- clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes).
- clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
- clk: renesas: r9a06g032: Repair grave increment error (git-fixes).
- clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes).
- clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes).
- clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes).
- clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
- clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes).
- clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes).
- clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes).
- cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
- cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485).
- cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485).
- cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068).
- crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes).
- crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes).
- crypto: cryptd - Use request context instead of stack for sub-request (git-fixes).
- crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
- crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes).
- crypto: n2 - add missing hash statesize (git-fixes).
- crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes).
- crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes).
- crypto: rockchip - add fallback for ahash (git-fixes).
- crypto: rockchip - add fallback for cipher (git-fixes).
- crypto: rockchip - better handle cipher key (git-fixes).
- crypto: rockchip - do not do custom power management (git-fixes).
- crypto: rockchip - do not store mode globally (git-fixes).
- crypto: rockchip - remove non-aligned handling (git-fixes).
- crypto: rockchip - rework by using crypto_engine (git-fixes).
- crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
- crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes).
- device property: Fix documentation for fwnode_get_next_parent() (git-fixes).
- dmaengine: idxd: Fix crc_val field for completion record (git-fixes).
- docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
- Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes).
- Documentation: devres: add missing MEM helper (git-fixes).
- Documentation: devres: add missing PHY helpers (git-fixes).
- Documentation: devres: add missing PWM helper (git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove call to memset before free device/resource/connection (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes).
- drivers: dio: fix possible memory leak in dio_init() (git-fixes).
- drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes).
- drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes).
- drm/amd/display: fix array index out of bound error in bios parser (git-fixes).
- drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
- drm/amd/display: prevent memory leak (git-fixes).
- drm/amd/display: Use the largest vready_offset in pipe group (git-fixes).
- drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes).
- drm/amdgpu: fix pci device refcount leak (git-fixes).
- drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes).
- drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes).
- drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes).
- drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
- drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
- drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes).
- drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes).
- drm/amdkfd: Fix memory leakage (git-fixes).
- drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes).
- drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes).
- drm/connector: send hotplug uevent on connector cleanup (git-fixes).
- drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes).
- drm/etnaviv: add missing quirks for GC300 (git-fixes).
- drm/etnaviv: do not truncate physical page address (git-fixes).
- drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
- drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
- drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes).
- drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes).
- drm/i915: remove circ_buf.h includes (git-fixes).
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes).
- drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes).
- drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes).
- drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
- drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
- drm/i915/migrate: do not check the scratch page (git-fixes).
- drm/i915/migrate: fix length calculation (git-fixes).
- drm/i915/migrate: fix offset calculation (git-fixes).
- drm/i915/ttm: never purge busy objects (git-fixes).
- drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
- drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes).
- drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes).
- drm/mediatek: Modify dpi power on/off sequence (git-fixes).
- drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes).
- drm/msm: Use drm_mode_copy() (git-fixes).
- drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes).
- drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
- drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes).
- drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes).
- drm/rockchip: Use drm_mode_copy() (git-fixes).
- drm/shmem-helper: Avoid vm_open error paths (git-fixes).
- drm/shmem-helper: Remove errant put in error path (git-fixes).
- drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
- drm/sti: Use drm_mode_copy() (git-fixes).
- drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes).
- drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes).
- drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
- drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes).
- Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
- dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes).
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
- dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes).
- dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes).
- dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes).
- EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes).
- extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
- extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes).
- fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
- fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes).
- fbdev: geode: do not build on UML (git-fixes).
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes).
- fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- fbdev: ssd1307fb: Drop optional dependency (git-fixes).
- fbdev: uvesafb: do not build on UML (git-fixes).
- fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes).
- fbdev: vermilion: decrease reference count in error path (git-fixes).
- fbdev: via: Fix error in via_core_init() (git-fixes).
- firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes).
- floppy: Fix memory leak in do_floppy_init() (git-fixes).
- fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273).
- gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes).
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
- gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes).
- gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
- gpiolib: Get rid of redundant 'else' (git-fixes).
- gpiolib: improve coding style for local variables (git-fixes).
- gpiolib: make struct comments into real kernel docs (git-fixes).
- hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes).
- hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes).
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes).
- HID: mcp2221: do not connect hidraw (git-fixes).
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes).
- HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes).
- HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
- HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes).
- HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes).
- HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes).
- HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes).
- HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes).
- hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes).
- hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes).
- hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes).
- hwrng: amd - Fix PCI device refcount leak (git-fixes).
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes).
- i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes).
- i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes).
- IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
- ibmveth: Always stop tx queues during close (bsc#1065729).
- iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes).
- iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes).
- iio: fix memory leak in iio_device_register_eventset() (git-fixes).
- iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes).
- ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes).
- Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes).
- Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes).
- Input: wistron_btns - disable on UML (git-fixes).
- integrity: Fix memory leakage in keyring allocation error path (git-fixes).
- ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
- ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes).
- kABI: reintroduce a non-inline usleep_range (git-fixes).
- lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes).
- lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes).
- mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes).
- mailbox: mpfs: read the system controller's status (git-fixes).
- mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes).
- media: adv748x: afe: Select input port when initializing AFE (git-fixes).
- media: camss: Clean up received buffers on failed start of streaming (git-fixes).
- media: dvb-core: Fix double free in dvb_register_device() (git-fixes).
- media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes).
- media: dvb-frontends: fix leak of memory fw (git-fixes).
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes).
- media: i2c: ad5820: Fix error path (git-fixes).
- media: imon: fix a race condition in send_packet() (git-fixes).
- media: saa7164: fix missing pci_disable_device() (git-fixes).
- media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes).
- media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes).
- media: stv0288: use explicitly signed char (git-fixes).
- media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes).
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes).
- media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
- media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes).
- media: vimc: Fix wrong function called when vimc_init() fails (git-fixes).
- media: vivid: fix compose size exceed boundary (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes).
- mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes).
- mfd: pm8008: Remove driver data structure pm8008_data (git-fixes).
- mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes).
- mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes).
- misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes).
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes).
- mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468).
- mmc: alcor: fix return value check of mmc_add_host() (git-fixes).
- mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes).
- mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes).
- mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes).
- mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes).
- mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
- mmc: moxart: fix return value check of mmc_add_host() (git-fixes).
- mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes).
- mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: pxamci: fix return value check of mmc_add_host() (git-fixes).
- mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
- mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
- mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes).
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes).
- mmc: toshsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes).
- mmc: vub300: fix return value check of mmc_add_host() (git-fixes).
- mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes).
- mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes).
- module: change to print useful messages from elf_validity_check() (git-fixes).
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- mt76: stop the radar detector after leaving dfs channel (git-fixes).
- mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes).
- mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
- mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
- mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes).
- mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes).
- mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619).
- net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- net: usb: smsc95xx: fix external PHY reset (git-fixes).
- net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536).
- net/mlx5: Lag, filter non compatible devices (bsc#1206536).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- nfc: Fix potential resource leaks (git-fixes).
- nfc: pn533: Clear nfc_target before being used (git-fixes).
- nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes).
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes).
- nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes).
- octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682).
- octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682).
- octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682).
- octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682).
- octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682).
- octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682).
- octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682).
- octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682).
- octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682).
- octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
- octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682).
- octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
- octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682).
- octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
- octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682).
- octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
- octeontx2: Modify mbox request and response structures (jsc#SLE-24682).
- padata: Fix list iterator in padata_do_serial() (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: dwc: Fix n_fts[] array overrun (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes).
- PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes).
- PCI: vmd: Disable MSI remapping after suspend (git-fixes).
- PCI/sysfs: Fix double free in error path (git-fixes).
- phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes).
- pinctrl: k210: call of_node_put() (git-fixes).
- pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
- pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
- platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes).
- platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
- platform/x86: huawei-wmi: fix return value calculation (git-fixes).
- platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes).
- platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes).
- PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
- PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes).
- PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
- power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes).
- power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes).
- power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes).
- power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes).
- powerpc: export the CPU node count (bsc#1207016 ltc#201108).
- powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- proc: fixup uptime selftest (git-fixes).
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes).
- pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes).
- pstore: Properly assign mem_type property (git-fixes).
- pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes).
- pstore/ram: Fix error return code in ramoops_probe() (git-fixes).
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
- pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
- pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes).
- pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes).
- pwm: tegra: Improve required rate calculation (git-fixes).
- r6040: Fix kmemleak in probe and remove (git-fixes).
- random: allow partial reads if later user copies fail (bsc#1204911).
- random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911).
- random: convert to using fops->read_iter() (bsc#1204911).
- random: convert to using fops->write_iter() (bsc#1204911).
- random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911).
- random: zero buffer after reading entropy from userspace (bsc#1204911).
- RDMA: Disable IB HW for UML (git-fixes)
- RDMA/core: Fix order of nldev_exit call (git-fixes)
- RDMA/core: Make sure 'ib_port' is valid when access sysfs node (git-fixes)
- RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
- RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
- RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
- RDMA/hns: Fix error code of CMD (git-fixes)
- RDMA/hns: Fix ext_sge num error when post send (git-fixes)
- RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
- RDMA/hns: Fix page size cap from firmware (git-fixes)
- RDMA/hns: Fix PBL page MTR find (git-fixes)
- RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
- RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
- RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
- RDMA/irdma: Initialize net_type before checking it (git-fixes)
- RDMA/irdma: Report the correct link speed (git-fixes)
- RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
- RDMA/nldev: Fix failure to send large messages (git-fixes)
- RDMA/nldev: Return '-EAGAIN' if the cm_id isn't from expected port (git-fixes)
- RDMA/restrack: Release MR restrack when delete (git-fixes)
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
- RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
- RDMA/siw: Fix pointer cast warning (git-fixes)
- RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
- RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
- regulator: bd718x7: Drop unnecessary info print (git-fixes).
- regulator: core: fix deadlock on regulator enable (git-fixes).
- regulator: core: fix module refcount leak in set_supply() (git-fixes).
- regulator: core: fix resource leak in regulator_register() (git-fixes).
- regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes).
- regulator: core: fix use_count leakage when handling boot-on (git-fixes).
- regulator: core: use kfree_const() to free space conditionally (git-fixes).
- regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes).
- regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
- regulator: slg51000: Wait after asserting CS pin (git-fixes).
- regulator: twl6030: fix get status of twl6032 regulators (git-fixes).
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes).
- remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes).
- remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes).
- remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes).
- remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes).
- remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes).
- remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes).
- rtc: cmos: fix build on non-ACPI platforms (git-fixes).
- rtc: cmos: Fix event handler registration ordering issue (git-fixes).
- rtc: cmos: Fix wake alarm breakage (git-fixes).
- rtc: ds1347: fix value written to century register (git-fixes).
- rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
- rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes).
- rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
- rtc: snvs: Allow a time difference on clock register read (git-fixes).
- rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes).
- rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829).
- s390/boot: add secure boot trailer (bsc#1205257 LTC#200451).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
- sched/core: Fix the bug that task won't enqueue into core (git-fixes)
- sched/topology: Remove redundant variable and fix incorrect (git-fixes)
- sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
- sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes).
- scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes).
- scsi: core: Reallocate device's budget map on queue depth change (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
- scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
- scsi: hisi_sas: Use managed PCI functions (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add recv workqueue helpers (git-fixes).
- scsi: iscsi: Fix harmless double shift bug (git-fixes).
- scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes).
- scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
- scsi: iscsi: kabi: fix libiscsi new field (git-fixes).
- scsi: iscsi: Merge suspend fields (git-fixes).
- scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
- scsi: iscsi: Run recv path from workqueue (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: mpi3mr: Fix memory leaks (git-fixes).
- scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes).
- scsi: mpi3mr: Fixes around reply request queues (git-fixes).
- scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes).
- scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
- scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes).
- scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
- scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
- scsi: pm8001: Fix tag leaks on error (git-fixes).
- scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes).
- scsi: pm80xx: Fix double completion for SATA devices (git-fixes).
- scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add stag_work to all the vports (git-fixes).
- scsi: qedf: Change context reset messages to ratelimited (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes).
- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes).
- scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes).
- scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
- scsi: ufs: Treat link loss as fatal error (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes).
- scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes).
- scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes).
- selftests: set the BUILD variable to absolute path (git-fixes).
- selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
- selftests/efivarfs: Add checking of the test return value (git-fixes).
- selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes).
- selftests/powerpc: Fix resource leaks (git-fixes).
- serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes).
- serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes).
- serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes).
- serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes).
- serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
- serial: tegra: Read DMA status before terminating (git-fixes).
- soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes).
- soc: qcom: llcc: make irq truly optional (git-fixes).
- soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
- soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes).
- soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes).
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes).
- spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes).
- spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
- spi: Update reference to struct spi_controller (git-fixes).
- staging: media: tegra-video: fix chan->mipi value on error (git-fixes).
- staging: media: tegra-video: fix device_node use after free (git-fixes).
- staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes).
- staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- test_firmware: fix memory leak in test_firmware_init() (git-fixes).
- thermal: core: fix some possible name leaks in error paths (git-fixes).
- thermal: int340x: Add missing attribute for data rate base (git-fixes).
- thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes).
- thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes).
- timers: implement usleep_idle_range() (git-fixes).
- tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes).
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes).
- tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes).
- tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
- tracing: Free buffers when a used dynamic event is removed (git-fixes).
- tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes).
- tracing/osnoise: Fix duration type (git-fixes).
- tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes).
- tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes).
- uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes).
- uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes).
- units: Add SI metric prefix definitions (git-fixes).
- units: add the HZ macros (git-fixes).
- usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
- usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes).
- usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes).
- usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
- usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes).
- usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes).
- usb: rndis_host: Secure rndis_query check against int overflow (git-fixes).
- usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes).
- usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- usb: serial: f81232: fix division by zero on line-speed change (git-fixes).
- usb: serial: f81534: fix division by zero on line-speed change (git-fixes).
- usb: serial: option: add Quectel EM05-G modem (git-fixes).
- usb: storage: Add check for kcalloc (git-fixes).
- usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes).
- usb: typec: Factor out non-PD fwnode properties (git-fixes).
- usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes).
- usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes).
- usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes).
- usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes).
- usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes).
- vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes).
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes).
- vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes).
- vmxnet3: correctly report csum_level for encapsulated packet (git-fixes).
- vringh: fix range used in iotlb_translate() (git-fixes).
- vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
- vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes).
- wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
- wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes).
- wifi: ath9k: verify the expected usb_endpoints are present (git-fixes).
- wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes).
- wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes).
- wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes).
- wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
- wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes).
- wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes).
- wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes).
- wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes).
- wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes).
- wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
- wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
- wifi: rtw89: fix physts IE page check (git-fixes).
- wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes).
- wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes).
- wifi: wilc1000: sdio: fix module autoloading (git-fixes).
- xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1187428SUSE bug 1188605SUSE bug 1190969SUSE bug 1191259SUSE bug 1193629SUSE bug 1199294SUSE bug 1201068SUSE bug 1203219SUSE bug 1203740SUSE bug 1203829SUSE bug 1204614SUSE bug 1204652SUSE bug 1204760SUSE bug 1204911SUSE bug 1204989SUSE bug 1205257SUSE bug 1205263SUSE bug 1205485SUSE bug 1205496SUSE bug 1205601SUSE bug 1205695SUSE bug 1206073SUSE bug 1206098SUSE bug 1206101SUSE bug 1206188SUSE bug 1206209SUSE bug 1206273SUSE bug 1206344SUSE bug 1206389SUSE bug 1206390SUSE bug 1206391SUSE bug 1206393SUSE bug 1206394SUSE bug 1206395SUSE bug 1206396SUSE bug 1206397SUSE bug 1206398SUSE bug 1206399SUSE bug 1206456SUSE bug 1206468SUSE bug 1206515SUSE bug 1206536SUSE bug 1206554SUSE bug 1206602SUSE bug 1206619SUSE bug 1206664SUSE bug 1206703SUSE bug 1206794SUSE bug 1206896SUSE bug 1206912SUSE bug 1207016CVE-2022-3104 at SUSECVE-2022-3104 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3113 at SUSECVE-2022-3113 at NVDCVE-2022-3114 at SUSECVE-2022-3114 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3344 at SUSECVE-2022-3344 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-4379 at SUSECVE-2022-4379 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDcpe:/o:suse:sle-micro:5.3Security update for haproxy (Important)SUSE Linux Enterprise Micro 5.3
This update for haproxy fixes the following issues:
- CVE-2023-0056: Fixed a server crash that could be triggered via a
malformed HTTP/2 frame (bsc#1207181).
ImportantSUSE bug 1207181CVE-2023-0056 at SUSECVE-2023-0056 at NVDcpe:/o:suse:sle-micro:5.3Security update for ceph (Important)SUSE Linux Enterprise Micro 5.3
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).
Bug fixes:
- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).
Fix in previous release:
- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
ImportantSUSE bug 1187748SUSE bug 1188911SUSE bug 1192838SUSE bug 1192840SUSE bug 1196046SUSE bug 1199183SUSE bug 1200262SUSE bug 1200317SUSE bug 1200501SUSE bug 1200978SUSE bug 1201604SUSE bug 1201797SUSE bug 1201837SUSE bug 1201976SUSE bug 1202077SUSE bug 1202292SUSE bug 1203375SUSE bug 1204430SUSE bug 1205025SUSE bug 1205436SUSE bug 1206158CVE-2022-0670 at SUSECVE-2022-0670 at NVDCVE-2022-3650 at SUSECVE-2022-3650 at NVDCVE-2022-3854 at SUSECVE-2022-3854 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
ModerateSUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214CVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-setuptools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
by fetching a malicious HTML document (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.3Security update for samba (Important)SUSE Linux Enterprise Micro 5.3
This update for samba fixes the following issues:
- CVE-2021-20251: Fixed an issue where the bad password count would
not be properly incremented, which could allow attackers to brute
force a user's password (bsc#1206546).
- Updated to version 4.15.13:
- CVE-2022-37966: Fixed an issue where a weak cipher would be
selected to encrypt session keys, which could lead to privilege
escalation (bsc#1205385).
- CVE-2022-37967: Fixed a potential privilege escalation issue via
constrained delegation due to weak a cryptographic algorithm
being selected (bsc#1205386).
- CVE-2022-38023: Disabled weak ciphers by default in the Netlogon
Secure channel (bsc#1206504).
- Updated to version 4.15.12:
- CVE-2022-42898: Fixed several buffer overflow vulnerabilities on
32-bit systems (bsc#1205126).
- Updated to version 4.15.11:
- CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3()
(bsc#1204254).
- Updated to version 4.15.10:
- Fixed a potential crash due to a concurrency issue (bsc#1200102).
- Updated to version 4.15.9:
- CVE-2022-32742: Fixed an information leak that could be triggered
via SMB1 (bsc#1201496).
- CVE-2022-32746: Fixed a memory corruption issue in database
audit logging (bsc#1201490).
- CVE-2022-2031: Fixed AD restrictions bypass associated with
changing passwords (bsc#1201495).
- CVE-2022-32745: Fixed a remote server crash that could be
triggered with certain LDAP requests (bsc#1201492).
- CVE-2022-32744: Fixed an issue where AD users could have forged
password change requests on behalf of other users (bsc#1201493).
Other fixes:
- Fixed a problem when using bind as samba-ad-dc backend related to
the named service (bsc#1201689).
ImportantSUSE bug 1200102SUSE bug 1201490SUSE bug 1201492SUSE bug 1201493SUSE bug 1201495SUSE bug 1201496SUSE bug 1201689SUSE bug 1204254SUSE bug 1205126SUSE bug 1205385SUSE bug 1205386SUSE bug 1206504SUSE bug 1206546CVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2022-3437 at SUSECVE-2022-3437 at NVDCVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-37967 at SUSECVE-2022-37967 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
- CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
The following non-security bugs were fixed:
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- ascpi / x86: Add support for LPS0 callback handler (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too.
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfs4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv3: handle out-of-order write replies (bsc#1205544).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- refresh suse/NFSv3-handle-out-of-order-write-replies. Careless typo - might cause bsc#1209457
- refresh suse/ice-clear-stale-Tx-queue-settings-before-configuring. Fix bug introduced by broken backport (bsc#1208628).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605). Added bugzilla reference to fix already applied
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
ImportantSUSE bug 1177529SUSE bug 1193629SUSE bug 1197534SUSE bug 1197617SUSE bug 1198438SUSE bug 1200054SUSE bug 1202353SUSE bug 1202633SUSE bug 1203200SUSE bug 1203331SUSE bug 1204363SUSE bug 1204993SUSE bug 1205544SUSE bug 1205846SUSE bug 1206103SUSE bug 1206232SUSE bug 1206492SUSE bug 1206493SUSE bug 1206824SUSE bug 1206935SUSE bug 1207051SUSE bug 1207270SUSE bug 1207529SUSE bug 1207560SUSE bug 1207845SUSE bug 1207846SUSE bug 1208179SUSE bug 1208212SUSE bug 1208420SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208542SUSE bug 1208570SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208605SUSE bug 1208607SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208816SUSE bug 1208837SUSE bug 1208843SUSE bug 1208848SUSE bug 1209008SUSE bug 1209159SUSE bug 1209188SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209291SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504CVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-py (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-py fixes the following issues:
- CVE-2022-42969: Fixed an excessive resource consumption that could
be triggered when interacting with a Subversion repository
containing crated data (bsc#1204364).
ModerateSUSE bug 1204364CVE-2022-42969 at SUSECVE-2022-42969 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
- CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- Re-build containerd to use updated golang-packaging (jsc#1342).
- Update to containerd v1.6.16 for Docker v23.0.0-ce.
* https://github.com/containerd/containerd/releases/tag/v1.6.16
ImportantSUSE bug 1206235CVE-2022-23471 at SUSECVE-2022-23471 at NVDcpe:/o:suse:sle-micro:5.3Security update for sudo (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sudo fixes the following issue:
Security issues:
- CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362)
- CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361)
- CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595).
Bug fixes:
- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483)
- If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
ModerateSUSE bug 1203201SUSE bug 1206483SUSE bug 1206772SUSE bug 1208595SUSE bug 1209361SUSE bug 1209362CVE-2023-27320 at SUSECVE-2023-27320 at NVDCVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:sle-micro:5.3Security update for libmicrohttpd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libmicrohttpd fixes the following issues:
- CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745).
ModerateSUSE bug 1208745CVE-2023-27371 at SUSECVE-2023-27371 at NVDcpe:/o:suse:sle-micro:5.3Security update for zstd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
ModerateSUSE bug 1209533CVE-2022-4899 at SUSECVE-2022-4899 at NVDcpe:/o:suse:sle-micro:5.3Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.3
This update for ldb, samba fixes the following issues:
ldb:
- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
samba:
- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
The following non-security bug were fixed:
- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
- Ship missing samba-winbind-libs-32bit package (bsc#1207996)
- Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723)
ImportantSUSE bug 1201490SUSE bug 1207416SUSE bug 1207723SUSE bug 1207996SUSE bug 1209481SUSE bug 1209483SUSE bug 1209485CVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2023-0225 at SUSECVE-2023-0225 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDCVE-2023-0922 at SUSECVE-2023-0922 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209).
Non-security fixes:
- Updated to version 4.16.3 (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:sle-micro:5.3Security update for shim (Important)SUSE Linux Enterprise Micro 5.3
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
- CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
The following non-security bugs were fixed:
- [infiniband] READ is 'data destination', not source... (git-fixes)
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi/x86: Add support for LPS0 callback handler (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- add cherry-picked id for nouveau patch
- alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- alsa: pci: lx6464es: fix a debug loop (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- asoc: Intel: boards: fix spelling in comments (git-fixes).
- asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fix page corruption caused by racy check in __free_pages (bsc#1208149).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Restore allocated resources on failed copyout (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfcv3: handle out-of-order write replies (bsc#1205544).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- pci/iov: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output.
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605).
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration.
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: hoist refcount record merge predicates (bsc#1208183).
ImportantSUSE bug 1166486SUSE bug 1177529SUSE bug 1193629SUSE bug 1197534SUSE bug 1197617SUSE bug 1198438SUSE bug 1202353SUSE bug 1202633SUSE bug 1203200SUSE bug 1203331SUSE bug 1203332SUSE bug 1204363SUSE bug 1204993SUSE bug 1205544SUSE bug 1205846SUSE bug 1206103SUSE bug 1206224SUSE bug 1206232SUSE bug 1206459SUSE bug 1206492SUSE bug 1206493SUSE bug 1206640SUSE bug 1206824SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206889SUSE bug 1206894SUSE bug 1206935SUSE bug 1207051SUSE bug 1207270SUSE bug 1207328SUSE bug 1207529SUSE bug 1207560SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207613SUSE bug 1207615SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207628SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207638SUSE bug 1207639SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207651SUSE bug 1207653SUSE bug 1207770SUSE bug 1207773SUSE bug 1207845SUSE bug 1207875SUSE bug 1208149SUSE bug 1208153SUSE bug 1208179SUSE bug 1208183SUSE bug 1208212SUSE bug 1208290SUSE bug 1208420SUSE bug 1208428SUSE bug 1208429SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208570SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208603SUSE bug 1208605SUSE bug 1208607SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208816SUSE bug 1208837SUSE bug 1208843SUSE bug 1208848SUSE bug 1209008SUSE bug 1209159SUSE bug 1209188SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209291SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504CVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDcpe:/o:suse:sle-micro:5.3Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update of grub2 fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sle-micro:5.3Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
ModerateSUSE bug 1207571SUSE bug 1207957SUSE bug 1207975SUSE bug 1208358CVE-2023-0687 at SUSECVE-2023-0687 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sle-micro:5.3Security update for drbd (Moderate)SUSE Linux Enterprise Micro 5.3
This update of drbd fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sle-micro:5.3Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.3
This update for conmon fixes the following issues:
- rebuild against supported go 1.19 (bsc#1209307)
- no functional changes.
ModerateSUSE bug 1209307cpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
Update to version 4.4.4:
* libpod: always use direct mapping
* macos pkginstaller: do not fail when podman-mac-helper fails
* podman-mac-helper: install: do not error if already installed
- podman.spec: Bump required version for libcontainers-common (bsc#1209495)
Update to version 4.4.3:
* compat: /auth: parse server address correctly
* vendor github.com/containers/common@v0.51.1
* pkginstaller: bump Qemu to version 7.2.0
* podman machine: Adjust Chrony makestep config
* [v4.4] fix --health-on-failure=restart in transient unit
* podman logs passthrough driver support --cgroups=split
* journald logs: simplify entry parsing
* podman logs: read journald with passthrough
* journald: remove initializeJournal()
* netavark: only use aardvark ip as nameserver
* compat API: network create return 409 for duplicate
* fix 'podman logs --since --follow' flake
* system service --log-level=trace: support hijack
* podman-mac-helper: exit 1 on error
* bump golang.org/x/net to v0.8.0
* Fix package restore
* Quadlet - use the default runtime
Update to version 4.4.2:
* Revert 'CI: Temporarily disable all AWS EC2-based tasks'
* kube play: only enforce passthrough in Quadlet
* Emergency fix for man pages: check for broken includes
* CI: Temporarily disable all AWS EC2-based tasks
* quadlet system tests: add useful defaults, logging
* volume,container: chroot to source before exporting content
* install sigproxy before start/attach
* Update to c/image 5.24.1
* events + container inspect test: RHEL fixes
- podman.spec: add `crun` requirement for quadlet
- podman.spec: set PREFIX at build stage (bsc#1208510)
- CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364)
Update to version 4.4.1:
* kube play: do not teardown unconditionally on error
* Resolve symlink path for qemu directory if possible
* events: document journald identifiers
* Quadlet: exit 0 when there are no files to process
* Cleanup podman-systemd.unit file
* Install podman-systemd.unit man page, make quadlet discoverable
* Add missing return after errors
* oci: bind mount /sys with --userns=(auto|pod:)
* docs: specify order preference for FROM
* Cirrus: Fix & remove GraphQL API tests
* test: adapt test to work on cgroupv1
* make hack/markdown-preprocess parallel-safe
* Fix default handling of pids-limit
* system tests: fix volume exec/noexec test
Update to version 4.4.0:
* Emergency fix for RHEL8 gating tests
* Do not mount /dev/tty into rootless containers
* Fixes port collision issue on use of --publish-all
* Fix usage of absolute windows paths with --image-path
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
* podman-events: document verbose create events
* Making gvproxy.exe optional for building Windows installer
* Add gvproxy to Windows packages
* Match VT device paths to be blocked from mounting exactly
* Clean up more language for inclusiveness
* Set runAsNonRoot=true in gen kube
* quadlet: Add device support for .volume files
* fix: running check error when podman is default in wsl
* fix: don't output 'ago' when container is currently up and running
* journald: podman logs only show logs for current user
* journald: podman events only show events for current user
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
* DB: make loading container states optional
* ps: do not sync container
* Allow --device-cgroup-rule to be passed in by docker API
* Create release notes for v4.4.0
* Cirrus: Update operating branch
* fix APIv2 python attach test flake
* ps: query health check in batch mode
* make example volume import, not import volume
* Correct output when inspecting containers created with --ipc
* Vendor containers/(storage, image, common, buildah)
* Get correct username in pod when using --userns=keep-id
* ps: get network data in batch mode
* build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
* add hack/perf for comparing two container engines
* systems: retrofit dns options test to honor other search domains
* ps: do not create copy of container config
* libpod: set search domain independently of nameservers
* libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
* podman: relay custom DNS servers to network stack
* (fix) mount_program is in storage.options.overlay
* Change example target to default in doc
* network create: do not allow `default` as name
* kube-play: add support for HostPID in podSpec
* build(deps): bump github.com/docker/docker
* Let's see if #14653 is fixed or not
* Add support for podman build --group-add
* vendor in latests containers/(storage, common, build, image)
* unskip network update test
* do not install swagger by default
* pasta: skip 'Local forwarder, IPv4' test
* add testbindings Makefile target
* update CI images to include pasta
* [CI:DOCS] Add CNI deprecation notices to documentation
* Cirrus: preserve podman-server logs
* waitPidStop: reduce sleep time to 10ms
* StopContainer: return if cleanup process changed state
* StopSignal: add a comment
* StopContainer: small refactor
* waitPidStop: simplify code
* e2e tests: reenable long-skipped build test
* Add openssh-clients to podmanimage
* Reworks Windows smoke test to tunnel through interactive session.
* fix bud-multiple-platform-with-base-as-default-arg flake
* Remove ReservedAnnotations from kube generate specification
* e2e: update test/README.md
* e2e: use isRootless() instead of rootless.IsRootless()
* Cleanup documentation on --userns=auto
* Vendor in latest c/common
* sig-proxy system test: bump timeout
* build(deps): bump github.com/containernetworking/plugins
* rootless: rename auth-scripts to preexec-hooks
* Docs: version-check updates
* commit: use libimage code to parse changes
* [CI:DOCS] Remove experimental mac tutorial
* man: Document the interaction between --systemd and --privileged
* Make rootless privileged containers share the same tty devices as rootfull ones
* container kill: handle stopped/exited container
* Vendor in latest containers/(image,ocicrypt)
* add a comment to container removal
* Vendor in latest containers/storage
* Cirrus: Run machine tests on PR merge
* fix flake in kube system test
* kube play: complete container spec
* E2E Tests: Use inspect instead of actual data to avoid UDP flake
* Use containers/storage/pkg/regexp in place of regexp
* Vendor in latest containers/storage
* Cirrus: Support using updated/latest NV/AV in PRs
* Limit replica count to 1 when deploying from kubernetes YAML
* Set StoppedByUser earlier in the process of stopping
* podman-play system test: refactor
* network: add support for podman network update and --network-dns-server
* service container: less verbose error logs
* Quadlet Kube - add support for PublishPort key
* e2e: fix systemd_activate_test
* Compile regex on demand not in init
* [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
* E2E Test: Play Kube set deadline to connection to avoid hangs
* Only prevent VTs to be mounted inside privileged systemd containers
* e2e: fix play_kube_test
* Updated error message for supported VolumeSource types
* Introduce pkg retry logic in win installer task
* logformatter: include base SHA, with history link
* Network tests: ping redhat.com, not podman.io
* cobra: move engine shutdown to Execute
* Updated options for QEMU on Windows hosts
* Update Mac installer to use gvproxy v0.5.0
* podman: podman rm -f doesn't leave processes
* oci: check for valid PID before kill(pid, 0)
* linux: add /sys/fs/cgroup if /sys is a bind mount
* Quadlet: Add support for ConfigMap key in Kube section
* remove service container _after_ pods
* Kube Play - allow setting and overriding published host ports
* oci: terminate all container processes on cleanup
* Update win-sshproxy to 0.5.0 gvisor tag
* Vendor in latest containers/common
* Fix a potential defer logic error around locking
* logformatter: nicer formatting for bats failures
* logformatter: refactor verbose line-print
* e2e tests: stop using UBI images
* k8s-file: podman logs --until --follow exit after time
* journald: podman logs --until --follow exit after time
* journald: seek to time when --since is used
* podman logs: journald fix --since and --follow
* Preprocess files in UTF-8 mode
* Vendor in latest containers/(common, image, storage)
* Switch to C based msi hooks for win installer
* hack/bats: improve usage message
* hack/bats: add --remote option
* hack/bats: fix root/rootless logic
* Describe copy volume options
* Support sig-proxy for podman-remote attach and start
* libpod: fix race condition rm'ing stopping containers
* e2e: fix run_volume_test
* Add support for Windows ARM64
* Add shared --compress to man pages
* Add container error message to ContainerState
* Man page checker: require canonical name in SEE ALSO
* system df: improve json output code
* kube play: fix the error logic with --quiet
* System tests: quadlet network test
* Fix: List container with volume filter
* adding -dryrun flag
* Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
* Kube Play: use passthrough as the default log-driver if service-container is set
* System tests: add missing cleanup
* System tests: fix unquoted question marks
* Build and use a newer systemd image
* Quadlet Network - Fix the name of the required network service
* System Test Quadlet - Volume dependency test did not test the dependency
* fix `podman system connection - tcp` flake
* vendor: bump c/storage to a747b27
* Fix instructions about setting storage driver on command-line
* Test README - point users to hack/bats
* System test: quadlet kube basic test
* Fixed `podman update --pids-limit`
* podman-remote,bindings: trim context path correctly when its emptydir
* Quadlet Doc: Add section for .kube files
* e2e: fix containers_conf_test
* Allow '/' to prefix container names to match Docker
* Remove references to qcow2
* Fix typos in man page regarding transient storage mode.
* make: Use PYTHON var for .install.pre-commit
* Add containers.conf read-only flag support
* Explain that relabeling/chowning of volumes can take along time
* events: support 'die' filter
* infra/abi: refactor ContainerRm
* When in transient store mode, use rundir for bundlepath
* quadlet: Support Type=oneshot container files
* hacks/bats: keep QUADLET env var in test env
* New system tests for conflicting options
* Vendor in latest containers/(buildah, image, common)
* Output Size and Reclaimable in human form for json output
* podman service: close duplicated /dev/null fd
* ginkgo tests: apply ginkgolinter fixes
* Add support for hostPath and configMap subpath usage
* export: use io.Writer instead of file
* rootless: always create userns with euid != 0
* rootless: inhibit copy mapping for euid != 0
* pkg/domain/infra/abi: introduce `type containerWrapper`
* vendor: bump to buildah ca578b290144 and use new cache API
* quadlet: Handle booleans that have defaults better
* quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
* Add podman-clean-transient.service service
* Stop recording annotations set to false
* Unify --noheading and -n to be consistent on all commands
* pkg/domain/infra/abi: add `getContainers`
* Update vendor of containters/(common, image)
* specfile: Drop user-add depedency from quadlet subpackage.
* quadlet: Default BINDIR to /usr/bin if tag not specified
* Quadlet: add network support
* Add comment for jsonMarshal command
* Always allow pushing from containers-storage
* libpod: move NetNS into state db instead of extra bucket
* Add initial system tests for quadlets
* quadlet: Add --user option
* libpod: remove CNI word were no longer applicable
* libpod: fix header length in http attach with logs
* podman-kube@ template: use `podman kube`
* build(deps): bump github.com/docker/docker
* wait: add --ignore option
* qudlet: Respect $PODMAN env var for podman binary
* e2e: Add assert-key-is-regex check to quadlet e2e testsuite
* e2e: Add some assert to quadlet test to make sure testcases are sane
* remove unmapped ports from inspect port bindings
* update podman-network-create for clarity
* Vendor in latest containers/common with default capabilities
* pkg/rootless: Change error text ...
* rootless: add cli validator
* rootless: define LIBEXECPODMAN
* doc: fix documentation for idmapped mounts
* bump golangci-lint to v1.50.1
* build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
* [CI:DOCS] podman-mount: s/umount/unmount/
* create/pull --help: list pull policies
* Network Create: Add --ignore flag to support idempotent script
* Make qemu security model none
* libpod: use OCI idmappings for mounts
* stop reporting errors removing containers that don't exist
* test: added test from wait endpoint with to long label
* quadlet: Default VolatileTmp to off
* build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
* docs/options/ipc: fix list syntax
* Docs: Add dedicated DOWNLOAD doc w/ links to bins
* Make a consistently-named windows installer
* checkpoint restore: fix --ignore-static-ip/mac
* add support for subpath in play kube for named volumes
* build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
* golangci-lint: remove three deprecated linters
* parse-localbenchmarks: separate standard deviation
* build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
* podman play kube support container startup probe
* Add podman buildx version support
* Cirrus: Collect benchmarks on machine instances
* Cirrus: Remove escape codes from log files
* [CI:DOCS] Clarify secret target behavior
* Fix typo on network docs
* podman-remote build add --volume support
* remote: allow --http-proxy for remote clients
* Cleanup kube play workloads if error happens
* health check: ignore dependencies of transient systemd units/timers
* fix: event read from syslog
* Fixes secret (un)marshaling for kube play.
* Remove 'you' from man pages
* build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
* [CI:DOCS] test/README.md: run tests with podman-remote
* e2e: keeps the http_proxy value
* Makefile: Add podman-mac-helper to darwin client zip
* test/e2e: enable 'podman run with ipam none driver' for nv
* [skip-ci] GHA/Cirrus-cron: Fix execution order
* kube sdnotify: run proxies for the lifespan of the service
* Update containers common package
* podman manpage: Use man-page links instead of file names
* e2e: fix e2e tests in proxy environment
* Fix test
* disable healthchecks automatically on non systemd systems
* Quadlet Kube: Add support for userns flag
* [CI:DOCS] Add warning about --opts,o with mount's -o
* Add podman system prune --external
* Add some tests for transient store
* runtime: In transient_store mode, move bolt_state.db to rundir
* runtime: Handle the transient store options
* libpod: Move the creation of TmpDir to an earlier time
* network create: support '-o parent=XXX' for ipvlan
* compat API: allow MacAddress on container config
* Quadlet Kube: Add support for relative path for YAML file
* notify k8s system test: move sending message into exec
* runtime: do not chown idmapped volumes
* quadlet: Drop ExecStartPre=rm %t/%N.cid
* Quadlet Kube: Set SyslogIdentifier if was not set
* Add a FreeBSD cross build to the cirrus alt build task
* Add completion for --init-ctr
* Fix handling of readonly containers when defined in kube.yaml
* Build cross-compilation fixes
* libpod: Track healthcheck API changes in healthcheck_unsupported.go
* quadlet: Use same default capability set as podman run
* quadlet: Drop --pull=never
* quadlet: Change default of ReadOnly to no
* quadlet: Change RunInit default to no
* quadlet: Change NoNewPrivileges default to false
* test: podman run with checkpoint image
* Enable 'podman run' for checkpoint images
* test: Add tests for checkpoint images
* CI setup: simplify environment passthrough code
* Init containers should not be restarted
* Update c/storage after https://github.com/containers/storage/pull/1436
* Set the latest release explicitly
* add friendly comment
* fix an overriding logic and load config problem
* Update the issue templates
* Update vendor of containers/(image, buildah)
* [CI:DOCS] Skip windows-smoke when not useful
* [CI:DOCS] Remove broken gate-container docs
* OWNERS: add Jason T. Greene
* hack/podmansnoop: print arguments
* Improve atomicity of VM state persistence on Windows
* [CI:BUILD] copr: enable podman-restart.service on rpm installation
* macos: pkg: Use -arm64 suffix instead of -aarch64
* linux: Add -linux suffix to podman-remote-static binaries
* linux: Build amd64 and arm64 podman-remote-static binaries
* container create: add inspect data to event
* Allow manual override of install location
* Run codespell on code
* Add missing parameters for checkpoint/restore endpoint
* Add support for startup healthchecks
* Add information on metrics to the `network create` docs
* Introduce podman machine os commands
* Document that ignoreRootFS depends on export/import
* Document ignoreVolumes in checkpoint/restore endpoint
* Remove leaveRunning from swagger restore endpoint
* libpod: Add checks to avoid nil pointer dereference if network setup fails
* Address golangci-lint issues
* Documenting Hyper-V QEMU acceleration settings
* Kube Play: fix the handling of the optional field of SecretVolumeSource
* Update Vendor of containers/(common, image, buildah)
* Fix swapped NetInput/-Output stats
* libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
* chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
* test/tools: rebuild when files are changed
* ginkgo tests: apply ginkgolinter fixes
* ginkgo: restructure install work flow
* Fix manpage emphasis
* specgen: support CDI devices from containers.conf
* vendor: update containers/common
* pkg/trust: Take the default policy path from c/common/pkg/config
* Add validate-in-container target
* Adding encryption decryption feature
* container restart: clean up healthcheck state
* Add support for podman-remote manifest annotate
* Quadlet: Add support for .kube files
* Update vendor of containers/(buildah, common, storage, image)
* specgen: honor user namespace value
* [CI:DOCS] Migrate OSX Cross to M1
* quadlet: Rework uid/gid remapping
* GHA: Fix cirrus re-run workflow for other repos.
* ssh system test: skip until it becomes a test
* shell completion: fix hard coded network drivers
* libpod: Report network setup errors properly on FreeBSD
* E2E Tests: change the registry for the search test to avoid authentication
* pkginstaller: install podman-mac-helper by default
* Fix language. Mostly spelling a -> an
* podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
* [CI:DOCS] Fix spelling and typos
* Modify man page of '--pids-limit' option to correct a default value.
* Update docs/source/markdown/podman-remote.1.md
* Update pkg/bindings/connection.go
* Add more documentation on UID/GID Mappings with --userns=keep-id
* support podman-remote to connect tcpURL with proxy
* Removing the RawInput from the API output
* fix port issues for CONTAINER_HOST
* CI: Package versions: run in the 'main' step
* build(deps): bump github.com/rootless-containers/rootlesskit
* pkg/domain: Make checkExecPreserveFDs platform-specific
* e2e tests: fix restart race
* Fix podman --noout to suppress all output
* remove pod if creation has failed
* pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
* Fix more podman-logs flakes
* healthcheck system tests: try to fix flake
* libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
* GHA: Configure workflows for reuse
* compat,build: handle docker's preconfigured cacheTo,cacheFrom
* docs: deprecate pasta network name
* utils: Enable cgroup utils for FreeBSD
* pkg/specgen: Disable kube play tests on FreeBSD
* libpod/lock: Fix build and tests for SHM locks on FreeBSD
* podman cp: fix copying with '.' suffix
* pkginstaller: bump Qemu to version 7.1.0
* specgen,wasm: switch to crun-wasm wherever applicable
* vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
* libpod: Make unit test for statToPercent Linux only
* Update vendor of containers/storage
* fix connection usage with containers.conf
* Add --quiet and --no-info flags to podman machine start
* Add hidden podman manifest inspect -v option
* Add podman volume create -d short option for driver
* Vendor in latest containers/(common,image,storage)
* Add podman system events alias to podman events
* Fix search_test to return correct version of alpine
* GHA: Fix undefined secret env. var.
* Release notes for 4.3.1
* GHA: Fix make_email-body script reference
* Add release keys to README
* GHA: Fix typo setting output parameter
* GHA: Fix typo.
* New tool, docs/version-check
* Formalize our compare-against-docker mechanism
* Add restart-sec for container service files
* test/tools: bump module to go 1.17
* contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
* build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
* libpod: Add FreeBSD support in packageVersion
* Allow podman manigest push --purge|-p as alias for --rm
* [CI:DOCS] Add performance tutorial
* [CI:DOCS] Fix build targets in build_osx.md.
* fix --format {{json .}} output to match docker
* remote: fix manifest add --annotation
* Skip test if `--events-backend` is necessary with podman-remote
* kube play: update the handling of PersistentVolumeClaim
* system tests: fix a system test in proxy environment
* Use single unqualified search registry on Windows
* test/system: Add, use tcp_port_probe() to check for listeners rather than binds
* test/system: Add tests for pasta(1) connectivity
* test/system: Move network-related helpers to helpers.network.bash
* test/system: Use procfs to find bound ports, with optional address and protocol
* test/system: Use port_is_free() from wait_for_port()
* libpod: Add pasta networking mode
* More log-flake work
* Fix test flakes caused by improper podman-logs
* fix incorrect systemd booted check
* Cirrus: Add tests for GHA scripts
* GHA: Update scripts to pass shellcheck
* Cirrus: Shellcheck github-action scripts
* Cirrus: shellcheck support for github-action scripts
* GHA: Fix cirrus-cron scripts
* Makefile: don't install to tmpfiles.d on FreeBSD
* Make sure we can build and read each line of docker py's api client
* Docker compat build api - make sure only one line appears per flush
* Run codespell on code
* Update vendor of containers/(image, storage, common)
* Allow namespace path network option for pods.
* Cirrus: Never skip running Windows Cross task
* GHA: Auto. re-run failed cirrus-cron builds once
* GHA: Migrate inline script to file
* GHA: Simplify script reference
* test/e2e: do not use apk in builds
* remove container/pod id file along with container/pod
* Cirrus: Synchronize windows image
* Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
* runtime: add check for valid pod systemd cgroup
* CI: set and verify DESIRED_NETWORK (netavark, cni)
* [CI:DOCS] troubleshooting: document keep-id options
* Man pages: refactor common options: --security-opt
* Cirrus: Guarantee CNI testing w/o nv/av present
* Cirrus: temp. disable all Ubuntu testing
* Cirrus: Update to F37beta
* buildah bud tests: better handling of remote
* quadlet: Warn in generator if using short names
* Add Windows Smoke Testing
* Add podman kube apply command
* docs: offer advice on installing test dependencies
* Fix documentation on read-only-tmpfs
* version bump to 4.4.0-dev
* deps: bump go-criu to v6
* Makefile: Add cross build targets for freebsd
* pkg/machine: Make this build on FreeBSD/arm64
* pkg/rctl: Remove unused cgo dependency
* man pages: assorted underscore fixes
* Upgrade GitHub actions packages from v2 to v3
* vendor github.com/godbus/dbus/v5@4b691ce
* [CI:DOCS] fix --tmpdir typos
* Do not report that /usr/share/containers/storage.conf has been edited.
* Eval symlinks on XDG_RUNTIME_DIR
* hack/podmansnoop
* rootless: support keep-id with one mapping
* rootless: add argument to GetConfiguredMappings
* Update vendor containers/(common,storage,buildah,image)
* Fix deadlock between 'podman ps' and 'container inspect' commands
* Add information about where the libpod/boltdb database lives
* Consolidate the dependencies for the IsTerminal() API
* Ensure that StartAndAttach locks while sending signals
* ginkgo testing: fix podman usernamespace join
* Test runners: nuke podman from $PATH before tests
* volumes: Fix idmap not working for volumes
* FIXME: Temporary workaround for ubi8 CI breakage
* System tests: teardown: clean up volumes
* update api versions on docs.podman.io
* system tests: runlabel: use podman-under-test
* system tests: podman network create: use random port
* sig-proxy test: bump timeout
* play kube: Allow the user to import the contents of a tar file into a volume
* Clarify the docs on DropCapability
* quadlet tests: Disable kmsg logging while testing
* quadlet: Support multiple Network=
* quadlet: Add support for Network=...
* Fix manpage for podman run --network option
* quadlet: Add support for AddDevice=
* quadlet: Add support for setting seccomp profile
* quadlet: Allow multiple elements on each Add/DropCaps line
* quadlet: Embed the correct binary name in the generated comment
* quadlet: Drop the SocketActivated key
* quadlet: Switch log-driver to passthrough
* quadlet: Change ReadOnly to default to enabled
* quadlet tests: Run the tests even for (exected) failed tests
* quadlet tests: Fix handling of stderr checks
* Remove unused script file
* notifyproxy: fix container watcher
* container/pod id file: truncate instead of throwing an error
* quadlet: Use the new podman create volume --ignore
* Add podman volume create --ignore
* logcollector: include aardvark-dns
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
* build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
* docs: generate systemd: point to kube template
* docs: kube play: mention restart policy
* Fixes: 15858 (podman system reset --force destroy machine)
* fix search flake
* use cached containers.conf
* adding regex support to the ancestor ps filter function
* Fix `system df` issues with `-f` and `-v`
* markdown-preprocess: cross-reference where opts are used
* Default qemu flags for Windows amd64
* build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
* Update main to reflect v4.3.0 release
* build(deps): bump github.com/docker/docker
* move quadlet packages into pkg/systemd
* system df: fix image-size calculations
* Add man page for quadlet
* Fix small typo
* testimage: add iproute2 & socat, for pasta networking
* Set up minikube for k8s testing
* Makefile: don't install systemd generator binaries on FreeBSD
* [CI:BUILD] copr: podman rpm should depend on containers-common-extra
* Podman image: Set default_sysctls to empty for rootless containers
* Don't use github.com/docker/distribution
* libpod: Add support for 'podman top' on FreeBSD
* libpod: Factor out jail name construction from stats_freebsd.go
* pkg/util: Add pid information descriptors for FreeBSD
* Initial quadlet version integrated in golang
* bump golangci-lint to v1.49.0
* Update vendor containers/(common,image,storage)
* Allow volume mount dups, iff source and dest dirs
* rootless: fix return value handling
* Change to correct break statements
* vendor containers/psgo@v1.8.0
* Clarify that MacOSX docs are client specific
* libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
* Add swagger install + allow version updates in CI
* Cirrus: Fix windows clone race
* build(deps): bump github.com/docker/docker
* kill: wait for the container
* generate systemd: set --stop-timeout for stopping containers
* hack/tree_status.sh: print diff at the end
* Fix markdown header typo
* markdown-preprocess: add generic include mechanism
* markdown-preprocess: almost complete OO rewrite
* Update tests for changed error messages
* Update c/image after https://github.com/containers/image/pull/1299
* Man pages: refactor common options (misc)
* Man pages: Refactor common options: --detach-keys
* vendor containers/storage@main
* Man pages: refactor common options: --attach
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
* KillContainer: improve error message
* docs: add missing options
* Man pages: refactor common options: --annotation (manifest)
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
* system tests: health-on-failure: fix broken logic
* build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
* build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
* ContainerEngine.SetupRootless(): Avoid calling container.Config()
* Container filters: Avoid use of ctr.Config()
* Avoid unnecessary calls to Container.Spec()
* Add and use Container.LinuxResource() helper
* play kube: notifyproxy: listen before starting the pod
* play kube: add support for configmap binaryData
* Add and use libpod/Container.Terminal() helper
* Revert 'Add checkpoint image tests'
* Revert 'cmd/podman: add support for checkpoint images'
* healthcheck: fix --on-failure=stop
* Man pages: Add mention of behavior due to XDG_CONFIG_HOME
* build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
* Avoid unnecessary timeout of 250msec when waiting on container shutdown
* health checks: make on-failure action retry aware
* libpod: Remove 100msec delay during shutdown
* libpod: Add support for 'podman pod' on FreeBSD
* libpod: Factor out cgroup validation from (*Runtime).NewPod
* libpod: Move runtime_pod_linux.go to runtime_pod_common.go
* specgen/generate: Avoid a nil dereference in MakePod
* libpod: Factor out cgroups handling from (*Pod).refresh
* Adds a link to OSX docs in CONTRIBUTING.md
* Man pages: refactor common options: --os-version
* Create full path to a directory when DirectoryOrCreate is used with play kube
* Return error in podman system service if URI scheme is not unix/tcp
* Man pages: refactor common options: --time
* man pages: document some --format options: images
* Clean up when stopping pods
* Update vendor of containers/buildah v1.28.0
* Proof of concept: nightly dependency treadmill
- Make the priority for picking the storage driver configurable (bsc#1197093)
ImportantSUSE bug 1197093SUSE bug 1208364SUSE bug 1208510SUSE bug 1209495CVE-2023-0778 at SUSECVE-2023-0778 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
Update to containerd v1.6.19:
Security fixes:
- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).
- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).
ModerateSUSE bug 1208423SUSE bug 1208426CVE-2023-25153 at SUSECVE-2023-25153 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:suse:sle-micro:5.3Security update for harfbuzz (Important)SUSE Linux Enterprise Micro 5.3
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:sle-micro:5.3Security update for wayland (Important)SUSE Linux Enterprise Micro 5.3
This update for wayland fixes the following issues:
- CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486)
ImportantSUSE bug 1190486CVE-2021-3782 at SUSECVE-2021-3782 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:
* Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
* Misc
- Updated the containers/image library to v5.23.1
4.3.0:
* Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`
- The `podman kube play` command now supports the `emptyDir` volume type
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`)
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set
### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
Update to version 4.2.0:
* Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
- The remote Podman client now supports the podman image scp command.
- The podman image scp command now supports tagging the transferred image with a new name.
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
- The podman events command now includes the -f short option for the --filter option.
- The podman pull command now includes the -a short option for the --all-tags option.
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
- The Podman global option --url now has two aliases: -H and --host.
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in podman push and podman manifest push.
- Added an option to read image signing passphrase from a file.
* Changes
- Paused containers can now be killed with the podman kill command.
- The podman system prune command now removes unused networks.
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with podman play kube now default to the once type (#14877).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
- The libpod/common package has been removed as it's not used anywhere.
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
* Misc
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The podman machine ssh command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
* Fix CVE-2022-27191 / bsc#1197284
- Require catatonit >= 0.1.7 for pause functionality needed by pods
Update to version 4.0.3:
* Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
* Changes
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
- Updated the containers/common library to v0.47.5
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
ImportantSUSE bug 1181640SUSE bug 1181961SUSE bug 1193166SUSE bug 1193273SUSE bug 1197672SUSE bug 1199790SUSE bug 1202809CVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-27649 at SUSECVE-2022-27649 at NVDCVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
The following non-security bugs were fixed:
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFS4trace: fix state manager flag printing (git-fixes).
- NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix race to check ls_layouts (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- NFSv4: provide mount option to toggle trunking discovery (git-fixes).
- NFSv4: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4: Fail client initialisation if state manager thread can't run (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5.
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86: Annotate call_on_stack() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1189998SUSE bug 1193629SUSE bug 1194869SUSE bug 1203200SUSE bug 1206552SUSE bug 1207168SUSE bug 1207185SUSE bug 1207574SUSE bug 1208602SUSE bug 1208815SUSE bug 1208829SUSE bug 1208902SUSE bug 1209052SUSE bug 1209118SUSE bug 1209256SUSE bug 1209290SUSE bug 1209292SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209556SUSE bug 1209572SUSE bug 1209600SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209681SUSE bug 1209684SUSE bug 1209687SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1210050SUSE bug 1210203CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sle-micro:5.3Security update for dmidecode (Moderate)SUSE Linux Enterprise Micro 5.3
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:sle-micro:5.3Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- build the containerized-data-importer with a supported golang compiler (bsc#1208916)
ModerateSUSE bug 1208916cpe:/o:suse:sle-micro:5.3Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.3
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
- CVE-2023-26484: Limit operator secrets permission. (bsc#1209359)
kubevirt is also rebuilt with a supported GO compiler (bsc#1208916)
ImportantSUSE bug 1208916SUSE bug 1209359CVE-2023-26484 at SUSECVE-2023-26484 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
The following non-security bugs were fixed:
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Fix error path in pci-hyperv to unlock the mutex state_lock
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSd: fix race to check ls_layouts (git-fixes).
- NFSd: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: fix state manager flag printing (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1189998SUSE bug 1193629SUSE bug 1194869SUSE bug 1198400SUSE bug 1203200SUSE bug 1206552SUSE bug 1207168SUSE bug 1207185SUSE bug 1207574SUSE bug 1208602SUSE bug 1208815SUSE bug 1208829SUSE bug 1208902SUSE bug 1209052SUSE bug 1209118SUSE bug 1209256SUSE bug 1209290SUSE bug 1209292SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209556SUSE bug 1209572SUSE bug 1209600SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209681SUSE bug 1209684SUSE bug 1209687SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1210050SUSE bug 1210203CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328).
ModerateSUSE bug 1210328CVE-2023-1981 at SUSECVE-2023-1981 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
Update to runc v1.1.5:
Security fixes:
- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).
Other fixes:
- Fix the inability to use `/dev/null` when inside a container.
- Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
- Fix rare runc exec/enter unshare error on older kernels.
- nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
ImportantSUSE bug 1168481SUSE bug 1208962SUSE bug 1209884SUSE bug 1209888CVE-2023-25809 at SUSECVE-2023-25809 at NVDCVE-2023-27561 at SUSECVE-2023-27561 at NVDCVE-2023-28642 at SUSECVE-2023-28642 at NVDcpe:/o:suse:sle-micro:5.3Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed an issue where users could access coredumps
with changed uid, gid or capabilities (bsc#1205000).
Non-security fixes:
- Enabled the pstore service (jsc#PED-2663).
- Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944).
- Fixed an issue where a pamd file could get accidentally overwritten
after an update (bsc#1207264).
ModerateSUSE bug 1204944SUSE bug 1205000SUSE bug 1207264CVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:sle-micro:5.3Security update for libtpms (Important)SUSE Linux Enterprise Micro 5.3
This update for libtpms fixes the following issues:
- CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022).
- CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023).
ImportantSUSE bug 1206022SUSE bug 1206023CVE-2023-1017 at SUSECVE-2023-1017 at NVDCVE-2023-1018 at SUSECVE-2023-1018 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
The following non-security bug was fixed:
- Remove unneeded dependency (bsc#1209918).
ModerateSUSE bug 1209918SUSE bug 1210411SUSE bug 1210412CVE-2023-28484 at SUSECVE-2023-28484 at NVDCVE-2023-29469 at SUSECVE-2023-29469 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).
The following non-security bug was fixed:
- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).
ModerateSUSE bug 1209713SUSE bug 1209714SUSE bug 1210135CVE-2023-24593 at SUSECVE-2023-24593 at NVDCVE-2023-25180 at SUSECVE-2023-25180 at NVDcpe:/o:suse:sle-micro:5.3Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.3
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:sle-micro:5.3Security update for shim (Important)SUSE Linux Enterprise Micro 5.3
This update for shim fixes the following issues:
- CVE-2022-28737 was missing as reference previously.
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
Logic was added that is using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
ImportantSUSE bug 1210382CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1443, fixes the following security problems
- CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042).
- CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
ModerateSUSE bug 1208828SUSE bug 1209042SUSE bug 1209187CVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1264 at SUSECVE-2023-1264 at NVDCVE-2023-1355 at SUSECVE-2023-1355 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
ModerateSUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:sle-micro:5.3Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
ModerateSUSE bug 1210434CVE-2023-29491 at SUSECVE-2023-29491 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
The following non-security bugs were fixed:
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798).
- sched/fair: Limit sched slice duration (bsc#1189999).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
kernel-default-base changed:
- Do not ship on s390x (bsc#1210729)
- Add exfat (bsc#1208822)
- Add _diag modules for included socket types (bsc#1204042)
ImportantSUSE bug 1142685SUSE bug 1155798SUSE bug 1174777SUSE bug 1189999SUSE bug 1194869SUSE bug 1203039SUSE bug 1203325SUSE bug 1204042SUSE bug 1206649SUSE bug 1206891SUSE bug 1206992SUSE bug 1207088SUSE bug 1208076SUSE bug 1208822SUSE bug 1208845SUSE bug 1209615SUSE bug 1209693SUSE bug 1209739SUSE bug 1209871SUSE bug 1209927SUSE bug 1209999SUSE bug 1210034SUSE bug 1210158SUSE bug 1210202SUSE bug 1210206SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210439SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210499SUSE bug 1210506SUSE bug 1210629SUSE bug 1210630SUSE bug 1210725SUSE bug 1210729SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210793SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210943SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sle-micro:5.3Security update for conmon (Important)SUSE Linux Enterprise Micro 5.3
This update of conmon fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
ImportantSUSE bug 1211230SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233CVE-2023-28319 at SUSECVE-2023-28319 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
The following non-security bugs were fixed:
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- arm64: enable jump-label jump-label was disabled on arm64 by a backport error.
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users.
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759)
- supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759)
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
ImportantSUSE bug 1142685SUSE bug 1155798SUSE bug 1174777SUSE bug 1189999SUSE bug 1194869SUSE bug 1203039SUSE bug 1203325SUSE bug 1206649SUSE bug 1206891SUSE bug 1206992SUSE bug 1207088SUSE bug 1208076SUSE bug 1208845SUSE bug 1209615SUSE bug 1209693SUSE bug 1209739SUSE bug 1209871SUSE bug 1209927SUSE bug 1209999SUSE bug 1210034SUSE bug 1210158SUSE bug 1210202SUSE bug 1210206SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210439SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210506SUSE bug 1210629SUSE bug 1210725SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210793SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210943SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sle-micro:5.3Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.3
This update for ovmf fixes the following issues:
- CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741).
- CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246).
- revert a patch to fix xen boot problems (bsc#1205613)
ImportantSUSE bug 1174246SUSE bug 1196741SUSE bug 1205613CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382).
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)
ImportantSUSE bug 1210298cpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update of runc fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.3Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.3
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:sle-micro:5.3Security update for installation-images (Moderate)SUSE Linux Enterprise Micro 5.3
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sle-micro:5.3Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.3
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.3Security update for cni (Important)SUSE Linux Enterprise Micro 5.3
This update of cni fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.3Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
Fixed multiple out of bounds read/write security issues:
CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228),
CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231),
CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234),
CVE-2023-0804 (bsc#1208236).
ModerateSUSE bug 1208226SUSE bug 1208227SUSE bug 1208228SUSE bug 1208229SUSE bug 1208230SUSE bug 1208231SUSE bug 1208232SUSE bug 1208233SUSE bug 1208234SUSE bug 1208236CVE-2023-0795 at SUSECVE-2023-0795 at NVDCVE-2023-0796 at SUSECVE-2023-0796 at NVDCVE-2023-0797 at SUSECVE-2023-0797 at NVDCVE-2023-0798 at SUSECVE-2023-0798 at NVDCVE-2023-0799 at SUSECVE-2023-0799 at NVDCVE-2023-0800 at SUSECVE-2023-0800 at NVDCVE-2023-0801 at SUSECVE-2023-0801 at NVDCVE-2023-0802 at SUSECVE-2023-0802 at NVDCVE-2023-0803 at SUSECVE-2023-0803 at NVDCVE-2023-0804 at SUSECVE-2023-0804 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Important)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:sle-micro:5.3Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libvirt fixes the following issues:
- CVE-2023-2700: Fixed a memory leak that could be triggered by
repeatedly querying an SR-IOV PCI device's capabilities
(bsc#1211390).
Non-security fixes:
- Fixed a potential crash during driver cleanup (bsc#1209861).
- Added Apparmor support for SUSE edk2 firmware paths (boo#1208567).
- Fixed lxc container initialization with systemd and hybrid groups
(boo#1183247).
- Added the option to specify the virtual CPU address size in bits for
qemu (bsc#1199583).
ModerateSUSE bug 1183247SUSE bug 1199583SUSE bug 1208567SUSE bug 1209861SUSE bug 1211390CVE-2023-2700 at SUSECVE-2023-2700 at NVDcpe:/o:suse:sle-micro:5.3Security update for openldap2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
ModerateSUSE bug 1211795CVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:suse:sle-micro:5.3Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.3
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
ModerateSUSE bug 1211894CVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:suse:sle-micro:5.3Security update for Salt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:sle-micro:5.3Security update for salt and python-pyzmq (Moderate)SUSE Linux Enterprise Micro 5.3
This update for salt and python-pyzmq fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-pyzmq:
- Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945)
ModerateSUSE bug 1186945SUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:sle-micro:5.3Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for open-vm-tools fixes the following issues:
- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).
Bug fixes:
- Fixed build problem with grpc 1.54 (bsc#1210695).
ModerateSUSE bug 1210695SUSE bug 1212143CVE-2023-20867 at SUSECVE-2023-20867 at NVDcpe:/o:suse:sle-micro:5.3Security update for bluez (Important)SUSE Linux Enterprise Micro 5.3
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:sle-micro:5.3Security update for libX11 (Important)SUSE Linux Enterprise Micro 5.3
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Important)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
ImportantSUSE bug 1212230CVE-2023-34241 at SUSECVE-2023-34241 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).
ImportantSUSE bug 1210996SUSE bug 1211256SUSE bug 1211257CVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect the testsuite (bsc#1201627).
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm-hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1172073SUSE bug 1191731SUSE bug 1193629SUSE bug 1195655SUSE bug 1195921SUSE bug 1203906SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1206578SUSE bug 1207553SUSE bug 1208604SUSE bug 1208758SUSE bug 1209287SUSE bug 1209288SUSE bug 1209856SUSE bug 1209982SUSE bug 1210165SUSE bug 1210294SUSE bug 1210449SUSE bug 1210450SUSE bug 1210498SUSE bug 1210533SUSE bug 1210551SUSE bug 1210647SUSE bug 1210741SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210806SUSE bug 1210940SUSE bug 1210947SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211847SUSE bug 1211855SUSE bug 1211960CVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:sle-micro:5.3Security update for libcap (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
ModerateSUSE bug 1211418SUSE bug 1211419CVE-2023-2602 at SUSECVE-2023-2602 at NVDCVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes).
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions (git-fixes).
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- Input: fix open count when closing inhibited device (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not hypercall before EL2 init (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- jfs: Fix fortify moan in symlink (git-fixes).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414).
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qede: Fix scheduling while atomic (git-fixes).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1152489SUSE bug 1160435SUSE bug 1172073SUSE bug 1189998SUSE bug 1191731SUSE bug 1193629SUSE bug 1194869SUSE bug 1195655SUSE bug 1195921SUSE bug 1203906SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1206578SUSE bug 1207553SUSE bug 1208050SUSE bug 1208410SUSE bug 1208600SUSE bug 1208604SUSE bug 1208758SUSE bug 1209039SUSE bug 1209287SUSE bug 1209288SUSE bug 1209367SUSE bug 1209856SUSE bug 1209982SUSE bug 1210165SUSE bug 1210294SUSE bug 1210449SUSE bug 1210450SUSE bug 1210498SUSE bug 1210533SUSE bug 1210551SUSE bug 1210647SUSE bug 1210741SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210806SUSE bug 1210940SUSE bug 1210947SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211410SUSE bug 1211414SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211847SUSE bug 1211852SUSE bug 1211855SUSE bug 1211960SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212350SUSE bug 1212448SUSE bug 1212494SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592CVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
The following non-security bugs were fixed:
- Get module prefix from kmod (bsc#1212835).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- elf: correct note name comment (git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- pstore/ram: Add check for kstrdup (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
ImportantSUSE bug 1187829SUSE bug 1194869SUSE bug 1210335SUSE bug 1212051SUSE bug 1212265SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drop dvb-core fix patch due to a bug (bsc#1205758).
- Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796).
- Generalize kernel-doc build requirements.
- Get module prefix from kmod (bsc#1212835).
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- elf: correct note name comment (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: google: add jewel USB id (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- jfs: Fix fortify moan in symlink (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore/ram: Add check for kstrdup (git-fixes).
- qed/qede: Fix scheduling while atomic (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regmap: Account for register length when chunking (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: octeon: delete my name from TODO contact (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1152489SUSE bug 1160435SUSE bug 1187829SUSE bug 1189998SUSE bug 1194869SUSE bug 1205758SUSE bug 1208410SUSE bug 1208600SUSE bug 1209039SUSE bug 1209367SUSE bug 1210335SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211410SUSE bug 1211449SUSE bug 1211796SUSE bug 1211852SUSE bug 1212051SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212265SUSE bug 1212350SUSE bug 1212448SUSE bug 1212494SUSE bug 1212495SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
ModerateSUSE bug 1211674CVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:suse:sle-micro:5.3Security update for cni (Important)SUSE Linux Enterprise Micro 5.3
This update of cni fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:sle-micro:5.3Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.3
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:sle-micro:5.3Security update for dbus-1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
ModerateSUSE bug 1212126CVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:suse:sle-micro:5.3Security update for perl (Important)SUSE Linux Enterprise Micro 5.3
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
ModerateSUSE bug 1213237CVE-2023-32001 at SUSECVE-2023-32001 at NVDcpe:/o:suse:sle-micro:5.3Security update for samba (Important)SUSE Linux Enterprise Micro 5.3
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ImportantSUSE bug 1213171SUSE bug 1213172SUSE bug 1213173SUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDCVE-2023-34966 at SUSECVE-2023-34966 at NVDCVE-2023-34967 at SUSECVE-2023-34967 at NVDCVE-2023-34968 at SUSECVE-2023-34968 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssh (Important)SUSE Linux Enterprise Micro 5.3
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
ImportantSUSE bug 1186673SUSE bug 1209536SUSE bug 1213004SUSE bug 1213008SUSE bug 1213504CVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
ModerateSUSE bug 1213487CVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:suse:sle-micro:5.3Security update for conmon (Important)SUSE Linux Enterprise Micro 5.3
This update for conmon fixes the following issues:
conmon was updated to version 2.1.7:
- Bumped go version to 1.19 (bsc#1209307).
Bugfixes:
- Fixed leaking symbolic links in the opt_socket_path directory.
- Fixed cgroup oom issues (bsc#1208737).
- Fixed OOM watcher for cgroupv2 `oom_kill` events.
ImportantSUSE bug 1208737SUSE bug 1209307cpe:/o:suse:sle-micro:5.3Security update for tcl (Important)SUSE Linux Enterprise Micro 5.3
This update for tcl fixes the following issues:
- Fixed a race condition in test socket-13.1.
- Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773).
ImportantSUSE bug 1195773cpe:/o:suse:sle-micro:5.3Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
This update rebuilds containerized-data-importer against the current GO security release.
Moderatecpe:/o:suse:sle-micro:5.3Security update for librsvg (Important)SUSE Linux Enterprise Micro 5.3
This update for librsvg fixes the following issues:
librsvg was updated to version 2.52.10:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
ImportantSUSE bug 1213502CVE-2023-38633 at SUSECVE-2023-38633 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware fixes the following issues:
- CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).
ModerateSUSE bug 1213286CVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.3Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Moderate)SUSE Linux Enterprise Micro 5.3
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
This update rebuilds the kubevirt stack with the current GO release.
Moderatecpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
ImportantSUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:sle-micro:5.3Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Micro 5.3
This update fixes the following issues:
python-tornado:
- Security fixes:
* CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
* Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
spacecmd:
- Version 4.3.22-1
* Bypass traditional systems check on older SUMA instances (bsc#1208612)
ModerateSUSE bug 1208612SUSE bug 1211741SUSE bug 1212279CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
ModerateSUSE bug 1210994SUSE bug 1211591SUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- Fix documentation of panic_on_warn (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- Update config and supported.conf files due to renaming.
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- security: keys: Modify mismatched function name (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1207894SUSE bug 1208788SUSE bug 1210565SUSE bug 1210584SUSE bug 1210853SUSE bug 1211243SUSE bug 1211811SUSE bug 1211867SUSE bug 1212301SUSE bug 1212846SUSE bug 1212905SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213134SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213286SUSE bug 1213523SUSE bug 1213524SUSE bug 1213543SUSE bug 1213705CVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:sle-micro:5.3Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.3
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128).
- CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131).
ImportantSUSE bug 1213128SUSE bug 1213131CVE-2023-37327 at SUSECVE-2023-37327 at NVDCVE-2023-37328 at SUSECVE-2023-37328 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968).
- CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
ImportantSUSE bug 1212968SUSE bug 1213001SUSE bug 1213414CVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2023-3255 at SUSECVE-2023-3255 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDcpe:/o:suse:sle-micro:5.3Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.3
This update for bluez fixes the following issues:
- CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760)
ModerateSUSE bug 1192760CVE-2021-41229 at SUSECVE-2021-41229 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.3Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
ModerateSUSE bug 1212928CVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- afs: Fix access after dec in put functions (git-fixes).
- afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: Fix dynamic root getattr (git-fixes).
- afs: Fix fileserver probe RTT handling (git-fixes).
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: Fix lost servers_outstanding count (git-fixes).
- afs: Fix server->active leak in afs_put_server (git-fixes).
- afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: Fix updating of i_size with dv jump from server (git-fixes).
- afs: Fix vlserver probe RTT handling (git-fixes).
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
- afs: Use refcount_t rather than atomic_t (git-fixes).
- afs: Use the operation issue time instead of the reply time for callbacks (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
- block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Handle PPS start time programming for past time values (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901).
- net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes).
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- regmap: Account for register length in SMBus I/O limits (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes (git-fixes).
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: Count reschedule IPIs (git-fixes).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: Prevent page release when nothing was received (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: Fix build errors as symbol undefined (git-fixes).
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: Fix memory leak in do_rename (git-fixes).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: Fix to add refcount once page is set private (git-fixes).
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: Free memory for tmpfile name (git-fixes).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: Rename whiteout atomically (git-fixes).
- ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost: support PACKED when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: Maintain reverse cleanup order (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
ImportantSUSE bug 1206418SUSE bug 1207129SUSE bug 1210627SUSE bug 1210780SUSE bug 1211131SUSE bug 1211738SUSE bug 1212502SUSE bug 1212604SUSE bug 1212901SUSE bug 1213167SUSE bug 1213272SUSE bug 1213287SUSE bug 1213304SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213620SUSE bug 1213653SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213842SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- add module_firmware() for firmware_tg357766 (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- afs: fix access after dec in put functions (git-fixes).
- afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: fix dynamic root getattr (git-fixes).
- afs: fix fileserver probe rtt handling (git-fixes).
- afs: fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: fix lost servers_outstanding count (git-fixes).
- afs: fix server->active leak in afs_put_server (git-fixes).
- afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: fix updating of i_size with dv jump from server (git-fixes).
- afs: fix vlserver probe rtt handling (git-fixes).
- afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
- afs: use refcount_t rather than atomic_t (git-fixes).
- afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: fireface: make read-only const array for model names static (git-fixes).
- alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
- alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
- alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
- alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
- alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
- alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
- alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
- alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/realtek: whitespace fix (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- alsa: oxfw: make read-only const array models static (git-fixes).
- alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)
- arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
- asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
- asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: tegra: fix adx byte map (git-fixes).
- asoc: tegra: fix amx byte map (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- can: bcm: fix uaf in bcm_proc_show() (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in debugdata (bsc#1193629).
- cifs: print client_guid in debugdata (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes).
- clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
- coda: avoid partial allocation of sig_inputargs (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - add helper to set reqsize (git-fixes).
- crypto: qat - use helper to set reqsize (git-fixes).
- delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705.
- devlink: fix kernel-doc notation warnings (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- docs: networking: update codeaurora references for rmnet (git-fixes).
- documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- documentation: timers: hrtimers: make hybrid union historical (git-fixes).
- drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
- drm/amd/display: disable mpc split by default on special asic (git-fixes).
- drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes).
- drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: validate vm ioctl flags (git-fixes).
- drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
- drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: fix one wrong caching mode enum usage (git-fixes).
- drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
- drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes).
- drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
- drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes).
- drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/ttm: do not leak a resource on swapout move error (git-fixes).
- drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
- dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes).
- enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758)
- ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling mmp (bsc#1213100).
- ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: fix warning in ext4_update_inline_data (bsc#1213012).
- ext4: fix warning in mb_find_extent (bsc#1213099).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the may_inline_data flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- file: always lock position for fmode_atomic_pos (bsc#1213759).
- fix documentation of panic_on_warn (git-fixes).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -eagain or error returns (git-fixes).
- fs: dlm: return positive pid value for f_getlk (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
- fuse: ioctl: translate enosys in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- gve: set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) allow setting sample averaging (git-fixes).
- hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes).
- hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes).
- i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: do not try to handle more interrupt events after error (git-fixes).
- iavf: fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix use-after-free in free_netdev (git-fixes).
- iavf: use internal state to free traffic irqs (git-fixes).
- ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
- igc: check if hardware tx timestamping is enabled earlier (git-fixes).
- igc: enable and fix rx hash usage by netstack (git-fixes).
- igc: fix inserting of empty frame for launchtime (git-fixes).
- igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
- igc: fix launchtime before start of cycle (git-fixes).
- igc: fix race condition in ptp tx code (git-fixes).
- igc: handle pps start time programming for past time values (git-fixes).
- igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
- igc: remove delay during tx ring configuration (git-fixes).
- igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: work around hw bug causing missing timestamps (git-fixes).
- inotify: avoid reporting event with invalid wd (bsc#1213025).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
- kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select regmap (git-fixes).
- media: i2c: correct format propagation for st-mipid02 (git-fixes).
- media: staging: atomisp: select v4l2_fwnode (git-fixes).
- media: usb: check az6007_read() return value (git-fixes).
- media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: fix align() of non power of two (git-fixes).
- media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
- mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: add support for vlan tagging (bsc#1212301).
- net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901).
- net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- ocfs2: switch to security_inode_init_security() (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: add additional check for mcam rules (git-fixes).
- opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
- pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
- phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
- pinctrl: amd: do not show `invalid config param` errors (git-fixes).
- pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
- pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes).
- powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: fix vas mm use after free (bsc#1194869).
- powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
- regmap: account for register length in smbus i/o limits (git-fixes).
- regmap: drop initial version of maximum transfer length fixes (git-fixes).
- revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes)
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rpm: update dependency to match current kmod.
- rsi: remove kernel-doc comment marker (git-fixes).
- rxrpc, afs: fix selection of abort codes (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715).
- s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: count reschedule ipis (git-fixes).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: fix debug && !schedstats warn (git-fixes)
- scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756).
- scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756).
- scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
- scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756).
- scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756).
- scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
- scsi: qla2xxx: array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: correct the index of array (bsc#1213747).
- scsi: qla2xxx: drop useless list_head (bsc#1213747).
- scsi: qla2xxx: fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
- scsi: qla2xxx: fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: fix end of loop test (bsc#1213747).
- scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
- scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
- scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: fix tmf leak through (bsc#1213747).
- scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
- scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747).
- scsi: qla2xxx: silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
- security: keys: modify mismatched function name (git-fixes).
- selftests: mptcp: depend on syn_cookies (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add conntrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
- signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
- signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in smb2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in cifsfindfirst() (bsc#1193629).
- smb: client: fix warning in cifsfindnext() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve dfs mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: prevent page release when nothing was received (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tpm_tis: explicitly check for error code (git-fixes).
- tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: fix build errors as symbol undefined (git-fixes).
- ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: fix memory leak in do_rename (git-fixes).
- ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: fix to add refcount once page is set private (git-fixes).
- ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: free memory for tmpfile name (git-fixes).
- ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
- ubifs: reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes).
- udf: avoid double brelse() in udf_rename() (bsc#1213032).
- udf: define efscorrupted error code (bsc#1213038).
- udf: detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: discard preallocation before extending file with a hole (bsc#1213036).
- udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035).
- udf: do not bother merging very long extents (bsc#1213040).
- udf: do not update file length for failed writes to inline files (bsc#1213041).
- udf: fix error handling in udf_new_inode() (bsc#1213112).
- udf: fix extending file within last block (bsc#1213037).
- udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: preserve link count of system files (bsc#1213113).
- udf: truncate added extents on failed expansion (bsc#1213039).
- update config and supported.conf files due to renaming.
- update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference.
- usb: dwc2: fix some error handling paths (git-fixes).
- usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: serial: option: add lara-r6 01b pids (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost: support packed when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: maintain reverse cleanup order (git-fixes).
- virtio_net: fix error unwinding of xdp initialization (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86/pvh: obtain vga console info in dom0 (git-fixes).
- x86: fix .brk attribute in linker script (git-fixes).
- xen/blkfront: only check req_fua for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: ail needs asynchronous cil forcing (bsc#1211811).
- xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: cil work is serialised, not pipelined (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk ail insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from cil commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the cil workqueue to the cil (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order cil checkpoint start records (bsc#1211811).
- xfs: pass a cil context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down ail (bsc#1211811).
- xfs: xlog_state_ioerror must die (bsc#1211811).
- xhci: fix resume issue of some zhaoxin hosts (git-fixes).
- xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
- xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1206418SUSE bug 1207129SUSE bug 1207894SUSE bug 1208788SUSE bug 1210565SUSE bug 1210584SUSE bug 1210627SUSE bug 1210780SUSE bug 1210853SUSE bug 1211131SUSE bug 1211243SUSE bug 1211738SUSE bug 1211811SUSE bug 1211867SUSE bug 1212301SUSE bug 1212502SUSE bug 1212604SUSE bug 1212846SUSE bug 1212901SUSE bug 1212905SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213134SUSE bug 1213167SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213272SUSE bug 1213286SUSE bug 1213287SUSE bug 1213304SUSE bug 1213523SUSE bug 1213524SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213620SUSE bug 1213653SUSE bug 1213705SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.3Security update for pcre2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
ModerateSUSE bug 1213514CVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware fixes the following issues:
- CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287)
ModerateSUSE bug 1213287CVE-2023-20569 at SUSECVE-2023-20569 at NVDcpe:/o:suse:sle-micro:5.3Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.3
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
ImportantSUSE bug 1214054CVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
- CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure.
- CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure.
- CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege.
ImportantSUSE bug 1206418SUSE bug 1214099CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
ModerateSUSE bug 1027519SUSE bug 1213616SUSE bug 1214082SUSE bug 1214083CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
- Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517)
ModerateSUSE bug 1213517SUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.3Feature update for LibreOffice and xmlsec1 (Important)SUSE Linux Enterprise Micro 5.3
This update for LibreOffice and xmlsec1 fixes the following issue:
libreoffice:
- Version update from 7.4.3.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#3549):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintained and will be removed in the future (boo#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* gpgme version update from 1.16.0 to 1.18.0
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2022-48281: Fixed a buffer overflow that could be triggered via
a crafted image (bsc#1207413).
ImportantSUSE bug 1207413CVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:sle-micro:5.3Security update for gawk (Low)SUSE Linux Enterprise Micro 5.3
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
LowSUSE bug 1214025CVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:suse:sle-micro:5.3Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.3
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
ImportantSUSE bug 1214248cpe:/o:suse:sle-micro:5.3Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
ModerateSUSE bug 1210419CVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:suse:sle-micro:5.3Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.3
This update for haproxy fixes the following issues:
- CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102).
ModerateSUSE bug 1214102CVE-2023-40225 at SUSECVE-2023-40225 at NVDcpe:/o:suse:sle-micro:5.3Security update for procps (Low)SUSE Linux Enterprise Micro 5.3
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
LowSUSE bug 1214290CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.3Security update for less (Moderate)SUSE Linux Enterprise Micro 5.3
This update for less fixes the following issues:
- CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815).
ModerateSUSE bug 1207815CVE-2022-46663 at SUSECVE-2022-46663 at NVDcpe:/o:suse:sle-micro:5.3Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.3
This update for open-vm-tools fixes the following issues:
- CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).
This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421)
ImportantSUSE bug 1214566CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
ModerateSUSE bug 1210797SUSE bug 1212368SUSE bug 1213120SUSE bug 1213229SUSE bug 1213500SUSE bug 1214107SUSE bug 1214108SUSE bug 1214109CVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:suse:sle-micro:5.3Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.3
This update for libssh2_org fixes the following issues:
- CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527)
ImportantSUSE bug 1214527CVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:suse:sle-micro:5.3Security update for icu73_2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for icu73_2 fixes the following issues:
- Update to release 73.2
* CLDR extends the support for “short” Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine
- Update to release 73.1
* Improved Japanese and Korean short-text line breaking
* Reduction of C++ memory use in date formatting
- Update to release 72.1
* Support for Unicode 15, including new characters, scripts,
emoji, and corresponding API constants.
* Support for CLDR 42 locale data with various additions and
corrections.
* Shift to tzdb 2022e. Pre-1970 data for a number of timezones
has been removed.
- bump library packagename to libicu71 to match the version.
- update to 71.1:
* updates to CLDR 41 locale data with various additions and corrections.
* phrase-based line breaking for Japanese. Existing line breaking methods
follow standards and conventions for body text but do not work well for
short Japanese text, such as in titles and headings. This new feature is
optimized for these use cases.
* support for Hindi written in Latin letters (hi_Latn). The CLDR data for
this increasingly popular locale has been significantly revised and
expanded. Note that based on user expectations, hi_Latn incorporates a
large amount of English, and can also be referred to as “Hinglish”.
* time zone data updated to version 2022a. Note that pre-1970 data for a
number of time zones has been removed, as has been the case in the upstream
tzdata release since 2021b.
- ICU-21793 Fix ucptrietest golden diff [bsc#1192935]
- Update to release 70.1:
* Unicode 14 (new characters, scripts, emoji, and API constants)
* CLDR 40 (many additions and corrections)
* Fixes for measurement unit formatting
* Can now be built with up to C++20 compilers
- ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder
- Update to release 69.1
* CLDR 39
* For Norwegian, 'no' is back to being the canonical code, with
'nb' treated as equivalent. This aligns handling of Norwegian
with other macro language codes.
* Binary prefixes in measurement units (KiB, MiB, etc.)
* Time zone offsets from local time: New APIs
BasicTimeZone::getOffsetFromLocal() (C++) and
ucal_getTimeZoneOffsetFromLocal()
- Backport ICU-21366 (bsc#1182645)
- Update to release 68.2
* Fix memory problem in FormattedStringBuilder
* Fix assertion when setKeywordValue w/ long value.
* Fix UBSan breakage on 8bit of rbbi
* fix int32_t overflow in listFormat
* Fix memory handling in MemoryPool::operator=()
* Fix memory leak in AliasReplacer
- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
Update to release 68.1:
* CLDR 38
* Measurement unit preferences
* PluralRules selection for ranges of numbers
* Locale ID canonicalization now conforms to the CLDR spec
including edge cases
* DateIntervalFormat supports output options such as capitalization
* Measurement units are normalized in skeleton string output
* Time zone data (tzdata) version 2020d
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
Update to version 67.1:
* Unicode 13 (ICU-20893, same as in ICU 66)
+ Total of 5930 new characters
+ 4 new scripts
+ 55 new emoji characters, plus additional new sequences
+ New CJK extension, first characters in plane 3: U+30000..U+3134A
* CLDR 37
+ New language at Modern coverage: Nigerian Pidgin
+ New languages at Basic coverage: Fulah (Adlam), Maithili,
Manipuri, Santali, Sindhi (Devanagari), Sundanese
+ Region containment: EU no longer includes GB
+ Unicode 13 root collation data and Chinese data for collation and transliteration
* DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442)
* Various other improvements for ECMA-402 conformance
* Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418)
* Currency formatting options for formal and other currency display name variants (ICU-20854)
* ListFormatter: new public API to select the style & type (ICU-12863)
* ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
* Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
* LocaleMatcher: New option to ignore one-way matches (ICU-20936),
and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
* acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
* Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073)
* Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
* and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
* Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
* Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531).
Update to version 66.1:
* Unicode 13 support
* Fix uses of u8'literals' broken by C++20 introduction of
incompatible char8_t type. (ICU-20972)
* use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- Remove /usr/lib(64)/icu/current [bsc#1158955].
Update to release 65.1 (jsc#SLE-11118):
* Updated to CLDR 36 locale data with many additions and
corrections, and some new measurement units.
* The Java LocaleMatcher API is improved, and ported to C++.
ModerateSUSE bug 1030253SUSE bug 1095425SUSE bug 1103893SUSE bug 1112183SUSE bug 1146907SUSE bug 1158955SUSE bug 1159131SUSE bug 1161007SUSE bug 1162882SUSE bug 1166844SUSE bug 1167603SUSE bug 1182252SUSE bug 1182645SUSE bug 1192935SUSE bug 1193951SUSE bug 354372SUSE bug 437293SUSE bug 824262CVE-2020-10531 at SUSECVE-2020-10531 at NVDCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:sle-micro:5.3Security update for gcc12 (Important)SUSE Linux Enterprise Micro 5.3
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
ImportantSUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:suse:sle-micro:5.3Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.3
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:sle-micro:5.3Security update for cups (Important)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:sle-micro:5.3Security update for cni (Important)SUSE Linux Enterprise Micro 5.3
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.3Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.3
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.3Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
ImportantSUSE bug 1215026CVE-2023-38039 at SUSECVE-2023-38039 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
ImportantSUSE bug 1215145SUSE bug 1215474CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDcpe:/o:suse:sle-micro:5.3Securitys update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.3
This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
ImportantSUSE bug 1205927SUSE bug 1214850CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base
name. (bsc#1214797, bsc#1193948)
Bugs fixed:
- Create minion_id with reproducible mtime
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'salt_version' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses
(bsc#1213960, bsc#1213630, bsc#1213257)
ModerateSUSE bug 1193948SUSE bug 1210994SUSE bug 1212794SUSE bug 1212844SUSE bug 1212855SUSE bug 1213257SUSE bug 1213441SUSE bug 1213630SUSE bug 1213960SUSE bug 1214796SUSE bug 1214797SUSE bug 1215489CVE-2023-20897 at SUSECVE-2023-20897 at NVDCVE-2023-20898 at SUSECVE-2023-20898 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.3Security update for mdadm (Moderate)SUSE Linux Enterprise Micro 5.3
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
ModerateSUSE bug 1214244SUSE bug 1214245CVE-2023-28736 at SUSECVE-2023-28736 at NVDCVE-2023-28938 at SUSECVE-2023-28938 at NVDcpe:/o:suse:sle-micro:5.3Security update for libeconf (Important)SUSE Linux Enterprise Micro 5.3
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
ImportantSUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033CVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDcpe:/o:suse:sle-micro:5.3Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: hold rtnl lock during mtu update via netlink (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y gone with a82baa8083b
- config_printk_safe_log_buf_shift=13 gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/msm: update dev core dump to not print backwards (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: delete error messages for failed memory allocations (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix crash by keep old cfg when update tcs more than queues (git-fixes).
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1205462SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1212091SUSE bug 1212142SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y gone with a82baa8083b
- config_printk_safe_log_buf_shift=13 gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed hid patch into sorted section
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1205462SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1212091SUSE bug 1212142SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.3Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.3
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:suse:sle-micro:5.3Security update for shadow (Low)SUSE Linux Enterprise Micro 5.3
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
LowSUSE bug 1214806CVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:suse:sle-micro:5.3Security update for conmon (Important)SUSE Linux Enterprise Micro 5.3
This update for conmon fixes the following issues:
conmon was rebuilt using go1.21 (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
ImportantSUSE bug 1215888SUSE bug 1215889CVE-2023-38545 at SUSECVE-2023-38545 at NVDCVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device
(bsc#1213925).
- CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that
could lead to use-after-free (bsc#1190011).
- CVE-2021-3638: Fixed a buffer overflow in the ati-vga device
(bsc#1188609).
- CVE-2023-3354: Fixed an issue when performing a TLS handshake that
could lead to remote denial of service via VNC connection
(bsc#1212850).
- CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device
that could lead to a stack overflow (bsc#1207205).
Non-security fixes:
- Fixed a potential build issue in the librm subcomponent
(bsc#1215311).
- Fixed a potential crash during VM migration (bsc#1213663).
- Fixed potential issues during installation on a Xen host
(bsc#1179993, bsc#1181740).
ImportantSUSE bug 1179993SUSE bug 1181740SUSE bug 1188609SUSE bug 1190011SUSE bug 1207205SUSE bug 1212850SUSE bug 1213663SUSE bug 1213925SUSE bug 1215311CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2021-3750 at SUSECVE-2021-3750 at NVDCVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:suse:sle-micro:5.3Security update for samba (Important)SUSE Linux Enterprise Micro 5.3
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
ImportantSUSE bug 1213940SUSE bug 1215904SUSE bug 1215905SUSE bug 1215908CVE-2023-4091 at SUSECVE-2023-4091 at NVDCVE-2023-4154 at SUSECVE-2023-4154 at NVDCVE-2023-42669 at SUSECVE-2023-42669 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1202845SUSE bug 1213808SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214988SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.3Security update for opensc (Important)SUSE Linux Enterprise Micro 5.3
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1202845SUSE bug 1213808SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214988SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:suse:sle-micro:5.3Security update for haproxy (Critical)SUSE Linux Enterprise Micro 5.3
This update for haproxy fixes the following issues:
- CVE-2023-25725: Fixed a serious vulnerability in the HTTP/1 parser (bsc#1208132).
- Fixed an issue where sensitive data might leak to the backend.
CriticalSUSE bug 1208132CVE-2023-25725 at SUSECVE-2023-25725 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Important)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:suse:sle-micro:5.3Security update for cni (Important)SUSE Linux Enterprise Micro 5.3
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.3Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.3
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.3Security update for suse-module-tools (Important)SUSE Linux Enterprise Micro 5.3
This update for suse-module-tools fixes the following issues:
- Updated to version 15.4.18:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
ImportantSUSE bug 1205767SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:suse:sle-micro:5.3Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.3
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)
ImportantSUSE bug 1201300SUSE bug 1215935SUSE bug 1215936CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDcpe:/o:suse:sle-micro:5.3Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.3
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163)
- CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853)
ImportantSUSE bug 1213853SUSE bug 1216163CVE-2023-3817 at SUSECVE-2023-3817 at NVDCVE-2023-5363 at SUSECVE-2023-5363 at NVDcpe:/o:suse:sle-micro:5.3Recommended update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:sle-micro:5.3Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.3
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:sle-micro:5.3Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.3
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:sle-micro:5.3Security update for zchunk (Important)SUSE Linux Enterprise Micro 5.3
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
ImportantSUSE bug 1216268CVE-2023-46228 at SUSECVE-2023-46228 at NVDcpe:/o:suse:sle-micro:5.3Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.3
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990).
- CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ImportantSUSE bug 1207990SUSE bug 1207991SUSE bug 1207992CVE-2023-23914 at SUSECVE-2023-23914 at NVDCVE-2023-23915 at SUSECVE-2023-23915 at NVDCVE-2023-23916 at SUSECVE-2023-23916 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050).
- CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
- CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).
The following non-security bugs were fixed:
- ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
- ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
- ACPI: PRM: Check whether EFI runtime is available (git-fixes).
- ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
- ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- ALSA: control-led: use strscpy in set_led_id() (git-fixes).
- ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes).
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes).
- ALSA: hda/realtek - Turn on power early (git-fixes).
- ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
- ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes).
- ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes).
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes).
- ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes).
- ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes).
- ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
- ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- ARM: imx: add missing of_node_put() (git-fixes).
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
- ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
- ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes).
- ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes).
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
- Documentation: Remove bogus claim about del_timer_sync() (git-fixes).
- HID: betop: check shape of output reports (git-fixes).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: check empty report_list in bigben_probe() (git-fixes).
- HID: check empty report_list in hid_validate_values() (git-fixes).
- HID: drop assumptions on non-empty lists (git-fixes, bsc#1206784).
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
- HID: playstation: sanity check DualSense calibration data (git-fixes).
- HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
- IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
- IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
- IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
- IB/hfi1: Reserve user expected TIDs (git-fixes)
- IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
- KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616).
- PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269).
- PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- RDMA/core: Fix ib block iterator counter overflow (git-fixes)
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- RDMA/rxe: Prevent faulty rkey generation (git-fixes)
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes).
- Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes).
- Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes).
- Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes).
- Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes).
- Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- USB: gadget: Fix use-after-free during usb config switch (git-fixes).
- USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- VMCI: Use threaded irqs instead of tasklets (git-fixes).
- arm64: atomics: format whitespace consistently (git-fixes).
- arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
- ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- blk-throttle: prevent overflow while calculating wait time (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- block, bfq: do not move oom_bfqq (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: check minor range in device_add_disk() (git-fixes).
- block: ensure iov_iter advances for added pages (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
- block: use bdev_get_queue() in bio.c (git-fixes).
- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes).
- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
- bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).
- bnxt_en: fix the handling of PCIE-AER (git-fixes).
- bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
- btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
- btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
- btrfs: avoid logging all directory changes during renames (bsc#1207263).
- btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
- btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
- btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
- btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
- btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
- btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
- btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
- btrfs: join running log transaction when logging new name (bsc#1207263).
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
- btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263).
- btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
- btrfs: put initial index value of a directory in a constant (bsc#1207263).
- btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
- btrfs: remove useless path release in the fast fsync path (bsc#1207263).
- btrfs: remove write and wait of struct walk_control (bsc#1207263).
- btrfs: stop copying old dir items when logging a directory (bsc#1207263).
- btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
- btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263).
- btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
- cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- cifs: do not include page data when checking signature (git-fixes).
- cifs: do not query ifaces on smb1 mounts (git-fixes).
- cifs: don't take exclusive lock for updating target hints (bsc#1193629).
- cifs: fix double free on failed kerberos auth (git-fixes).
- cifs: fix file info setting in cifs_open_file() (git-fixes).
- cifs: fix file info setting in cifs_query_path_info() (git-fixes).
- cifs: fix potential deadlock in cache_refresh_path() (git-fixes).
- cifs: fix potential memory leaks in session setup (bsc#1193629).
- cifs: fix race in assemble_neg_contexts() (bsc#1193629).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- cifs: remove redundant assignment to the variable match (bsc#1193629).
- cifs: remove unused function (bsc#1193629).
- comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
- config: arm64: Fix Freescale LPUART dependency (boo#1204063).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes).
- dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes).
- dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
- dmaengine: lgm: Move DT parsing after initialization (git-fixes).
- dmaengine: tegra210-adma: fix global intr clear (git-fixes).
- dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
- dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes).
- docs: Fix the docs build with Sphinx 6.0 (git-fixes).
- driver core: Fix test_async_probe_init saves device in wrong array (git-fixes).
- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes).
- drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
- drm/amd/display: fix issues with driver unload (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- drm/i915/gt: Reset twice (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
- drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes).
- drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes).
- drm/msm: another fix for the headless Adreno GPU (git-fixes).
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
- dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes).
- dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes).
- dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes).
- efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
- efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes).
- efi: rt-wrapper: Add missing include (git-fixes).
- efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
- ext4: Fixup pages without buffers (bsc#1205495).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
- firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes).
- firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes).
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
- fs: remove __sync_filesystem (git-fixes).
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
- git_sort: add usb-linus branch for gregkh/usb
- gsmi: fix null-deref in gsmi_get_variable (git-fixes).
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
- i40e: Fix error handling in i40e_init_module() (git-fixes).
- i40e: Fix not setting default xps_cpus after reset (git-fixes).
- igb: Allocate MSI-X vector when testing (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
- ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes).
- ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
- jbd2: use the correct print format (git-fixes).
- kABI workaround for struct acpi_ec (bsc#1207149).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- kabi/severities: add mlx5 internal symbols
- l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes).
- loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mei: me: add meteor lake point M DID (git-fixes).
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes).
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes).
- memory: tegra: Remove clients SID override programming (git-fixes).
- misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes).
- misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
- mm: compaction: support triggering of proactive compaction by user (bsc#1207010).
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes).
- mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
- mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes).
- net: ena: Fix error handling in ena_init() (git-fixes).
- net: liquidio: release resources when liquidio driver open failed (git-fixes).
- net: liquidio: simplify if expression (git-fixes).
- net: macvlan: Use built-in RCU list checking (git-fixes).
- net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes).
- net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes).
- net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
- net: tun: Fix memory leaks of napi_get_frags (git-fixes).
- net: tun: Fix use-after-free in tun_detach() (git-fixes).
- net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: sr9700: Handle negative len (git-fixes).
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682).
- octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
- octeontx2-pf: Add check for devm_kcalloc (git-fixes).
- octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682).
- of/address: Return an error when no valid dma-ranges are found (git-fixes).
- phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes).
- phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes).
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes).
- phy: ti: fix Kconfig warning and operator precedence (git-fixes).
- pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
- pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
- platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes).
- platform/surface: aggregator: Ignore command messages not intended for us (git-fixes).
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
- platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes).
- platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes).
- platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
- powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
- powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
- regulator: da9211: Use irq handler when ready (git-fixes).
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- s390/qeth: fix various format strings (git-fixes).
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- sched/cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: efct: Fix possible memleak in efct_device_init() (git-fixes).
- scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006).
- scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- serial: atmel: fix incorrect baudrate setup (git-fixes).
- serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
- sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes).
- soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
- staging: vchiq_arm: fix enum vchiq_status return types (git-fixes).
- swim3: add missing major.h include (git-fixes).
- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes).
- thermal/core: Remove duplicate information when an error occurs (git-fixes).
- thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes).
- thunderbolt: Do not report errors if on-board retimers are found (git-fixes).
- thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
- tick/sched: Fix non-kernel-doc comment (git-fixes).
- tomoyo: fix broken dependency on *.conf.default (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
- tracing/hist: Fix issue of losting command info in error_log (git-fixes).
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
- tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
- tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing/probes: Handle system names with hyphens (git-fixes).
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
- tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing: Do not use out-of-sync va_list in event printing (git-fixes).
- tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
- tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
- tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
- tracing: Fix issue of missing one synthetic field (git-fixes).
- tracing: Fix mismatched comment in __string_len (git-fixes).
- tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
- tracing: Fix race where histograms can be called before the event (git-fixes).
- tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
- tracing: Fix warning on variable 'struct trace_array' (git-fixes).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
- tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
- tracing: Have type enum modifications copy the strings (git-fixes).
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
- tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes).
- tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes).
- usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
- usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
- usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
- usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes).
- usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes).
- usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes).
- usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
- usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes).
- usb: host: ehci-fsl: Fix module alias (git-fixes).
- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
- usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
- usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
- vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
- virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
- virtio-net: correctly enable callback during start_xmit (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- w1: fix WARNING after calling w1_process() (git-fixes).
- w1: fix deadloop in __w1_remove_master_device() (git-fixes).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
- wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes).
- wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes).
- wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
- wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes).
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
- x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- zram: Delete patch for regression addressed (bsc#1207933).
- zram: do not lookup algorithm in backends table (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1185861SUSE bug 1185863SUSE bug 1186449SUSE bug 1191256SUSE bug 1192868SUSE bug 1193629SUSE bug 1194869SUSE bug 1195175SUSE bug 1195655SUSE bug 1196058SUSE bug 1199701SUSE bug 1204063SUSE bug 1204356SUSE bug 1204662SUSE bug 1205495SUSE bug 1206006SUSE bug 1206036SUSE bug 1206056SUSE bug 1206057SUSE bug 1206258SUSE bug 1206363SUSE bug 1206459SUSE bug 1206616SUSE bug 1206677SUSE bug 1206784SUSE bug 1207010SUSE bug 1207034SUSE bug 1207036SUSE bug 1207050SUSE bug 1207125SUSE bug 1207134SUSE bug 1207149SUSE bug 1207158SUSE bug 1207184SUSE bug 1207186SUSE bug 1207190SUSE bug 1207237SUSE bug 1207263SUSE bug 1207269SUSE bug 1207497SUSE bug 1207500SUSE bug 1207501SUSE bug 1207506SUSE bug 1207507SUSE bug 1207734SUSE bug 1207769SUSE bug 1207795SUSE bug 1207842SUSE bug 1207878SUSE bug 1207933CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:sle-micro:5.3Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.3
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Fix metadata references
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
- Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
ImportantSUSE bug 1211307SUSE bug 1212423SUSE bug 1213772SUSE bug 1215955SUSE bug 1216062SUSE bug 1216512CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.3Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.3
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
kubevirt is rebuilt against the current GO security release.
- Set cache mode on hotplugged disks
- Delete VMI prior to NFS server pod in tests
Importantcpe:/o:suse:sle-micro:5.3Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
ModerateSUSE bug 1212535SUSE bug 1212881SUSE bug 1212883SUSE bug 1212888SUSE bug 1213273SUSE bug 1213274SUSE bug 1213589SUSE bug 1213590SUSE bug 1214574CVE-2020-18768 at SUSECVE-2020-18768 at NVDCVE-2023-25433 at SUSECVE-2023-25433 at NVDCVE-2023-26966 at SUSECVE-2023-26966 at NVDCVE-2023-2908 at SUSECVE-2023-2908 at NVDCVE-2023-3316 at SUSECVE-2023-3316 at NVDCVE-2023-3576 at SUSECVE-2023-3576 at NVDCVE-2023-3618 at SUSECVE-2023-3618 at NVDCVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-38289 at SUSECVE-2023-38289 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
ImportantSUSE bug 1208788SUSE bug 1210778SUSE bug 1211307SUSE bug 1212423SUSE bug 1212649SUSE bug 1213705SUSE bug 1213772SUSE bug 1214842SUSE bug 1215095SUSE bug 1215104SUSE bug 1215518SUSE bug 1215955SUSE bug 1215956SUSE bug 1215957SUSE bug 1215986SUSE bug 1216062SUSE bug 1216345SUSE bug 1216510SUSE bug 1216511SUSE bug 1216512SUSE bug 1216621CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Important)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Important)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.3
This update for containerized-data-importer fixes the following issue:
- rebuild with current go compiler
Importantcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Moderate)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security issues fixed:
- CVE-2023-31022: Fixed NULL ptr deref in kernel module layer
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 535.129.03
Changes in nvidia-open-driver-G06-signed:
- Update to version 535.129.03
ModerateSUSE bug 1216826CVE-2023-31022 at SUSECVE-2023-31022 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747).
- CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746).
- CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748).
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1215145SUSE bug 1215474SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748SUSE bug 1216654SUSE bug 1216807CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDCVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947).
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
ModerateSUSE bug 1215947SUSE bug 1216419CVE-2023-38470 at SUSECVE-2023-38470 at NVDCVE-2023-38473 at SUSECVE-2023-38473 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3-setuptools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:suse:sle-micro:5.3Security update for fdo-client (Moderate)SUSE Linux Enterprise Micro 5.3
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
ModerateSUSE bug 1216293cpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
- CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: Integer Overflow in :history command (bsc#1216696)
ImportantSUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:suse:sle-micro:5.3Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.3
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:sle-micro:5.3Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:sle-micro:5.3Security update for traceroute (Moderate)SUSE Linux Enterprise Micro 5.3
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
ModerateSUSE bug 1216591CVE-2023-46316 at SUSECVE-2023-46316 at NVDcpe:/o:suse:sle-micro:5.3Security update for tar (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tar fixes the following issues:
- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).
Bug fixes:
- Fix hang when unpacking test tarball (bsc#1202436).
ModerateSUSE bug 1202436SUSE bug 1207753CVE-2022-48303 at SUSECVE-2022-48303 at NVDcpe:/o:suse:sle-micro:5.3Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.3
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
ModerateSUSE bug 1217653CVE-2023-45539 at SUSECVE-2023-45539 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
Bug fixes:
- The default /etc/ssl/openssl3.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/.
- Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472]
ImportantSUSE bug 1194187SUSE bug 1207472SUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
ModerateSUSE bug 1217573SUSE bug 1217574CVE-2023-46218 at SUSECVE-2023-46218 at NVDCVE-2023-46219 at SUSECVE-2023-46219 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:sle-micro:5.3Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.3
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:suse:sle-micro:5.3Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.3
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
This update rebuilds containerized-data-importer and its containers against updated
GO and updated base images.
Importantcpe:/o:suse:sle-micro:5.3Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.3
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
Kubevirt is rebuilt against updated dependencies to fix security issues.
Importantcpe:/o:suse:sle-micro:5.3Security update for catatonit, containerd, runc (Important)SUSE Linux Enterprise Micro 5.3
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Disable Loongson drivers Loongson is a mips architecture, it does not make sense to build Loongson drivers on other architectures.
- Documentation: networking: correct possessive 'its' (bsc#1215458).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable]
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well.
- kernel-source: Move provides after sources
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1189998SUSE bug 1210447SUSE bug 1214286SUSE bug 1214976SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216584SUSE bug 1216693SUSE bug 1216759SUSE bug 1216761SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217124SUSE bug 1217140SUSE bug 1217195SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1210447SUSE bug 1214286SUSE bug 1214976SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216584SUSE bug 1216693SUSE bug 1216759SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217124SUSE bug 1217140SUSE bug 1217195SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3-cryptography (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:suse:sle-micro:5.3Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.3
This update for c-ares fixes the following issues:
Updated to version 1.19.0:
- CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067).
ImportantSUSE bug 1208067CVE-2022-4904 at SUSECVE-2022-4904 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
ImportantSUSE bug 1199483SUSE bug 1210231SUSE bug 1211478SUSE bug 1212398SUSE bug 1214680CVE-2022-1622 at SUSECVE-2022-1622 at NVDCVE-2022-40090 at SUSECVE-2022-40090 at NVDCVE-2023-1916 at SUSECVE-2023-1916 at NVDCVE-2023-26965 at SUSECVE-2023-26965 at NVDCVE-2023-2731 at SUSECVE-2023-2731 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux-RT Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed an out-of-bounds memory access vulnerability that was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c (bnc#1203332).
- CVE-2023-0045: Fixed flush IBP in ib_prctl_set() (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bnc#1207050).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-23454: Fixed denial or service in cbq_classify in net/sched/sch_cbq.c (bnc#1207036).
- CVE-2020-24588: Fixed injection of arbitrary network packets against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n) (bsc#1199701).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2022-4382: Fixed a use-after-free flaw that was caused by a race condition among the superblock operations inside the gadgetfs code (bsc#1206258).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
- CVE-2022-47929: Fixed NULL pointer dereference bug in the traffic control subsystem (bnc#1207237).
The following non-security bugs were fixed:
- ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
- ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
- ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- ACPI: PRM: Check whether EFI runtime is available (git-fixes).
- ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
- ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
- ALSA: pci: lx6464es: fix a debug loop (git-fixes).
- ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60 (git-fixes).
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts' (git-fixes).
- ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- ARM: imx: add missing of_node_put() (git-fixes).
- ASoC: Intel: boards: fix spelling in comments (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
- ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
- ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: hci_qca: Fix driver shutdown on closed serdev (git-fixes).
- Fix page corruption caused by racy check in __free_pages (bsc#1208149).
- HID: betop: check shape of output reports (git-fixes).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: check empty report_list in bigben_probe() (git-fixes).
- HID: check empty report_list in hid_validate_values() (git-fixes).
- HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
- HID: playstation: sanity check DualSense calibration data (git-fixes).
- HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
- IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
- IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
- IB/hfi1: Reserve user expected TIDs (git-fixes)
- IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
- IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
- KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init() (bsc#1206616).
- Move upstreamed net patch into sorted section
- PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP (bsc#1207269).
- PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe() (git-fixes).
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- RDMA/core: Fix ib block iterator counter overflow (git-fixes)
- RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- RDMA/rxe: Prevent faulty rkey generation (git-fixes)
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- Remove duplicate Git-commit tag in patch file
- Revert 'ARM: dts: armada-38x: Fix compatible string for gpios' (git-fixes).
- Revert 'ARM: dts: armada-39x: Fix compatible string for gpios' (git-fixes).
- Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes).
- Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes).
- Revert 'arm64: dts: meson-sm1-odroid-hc4: disable unused USB PHY0' (git-fixes).
- Revert 'wifi: mac80211: fix memory leak in ieee80211_if_add()' (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- USB: gadget: Fix use-after-free during usb config switch (git-fixes).
- USB: misc: iowarrior: fix up header size for USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- arm64: Fix Freescale LPUART dependency (boo#1204063).
- arm64: atomics: format whitespace consistently (git-fixes).
- arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC polarity (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- arm64: dts: qcom: msm8992: Do not use sfpb mutex (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
- ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- blk-throttle: prevent overflow while calculating wait time (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- block, bfq: do not move oom_bfqq (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: check minor range in device_add_disk() (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: ensure iov_iter advances for added pages (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- block: use bdev_get_queue() in bio.c (git-fixes).
- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (git-fixes).
- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed (git-fixes).
- bnxt_en: add dynamic debug support for HWRM messages (git-fixes).
- bnxt_en: fix potentially incorrect return value for ndo_rx_flow_steer (git-fixes).
- bnxt_en: fix the handling of PCIE-AER (git-fixes).
- bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- btrfs: add helper to delete a dir entry from a log tree (bsc#1207263).
- btrfs: avoid inode logging during rename and link when possible (bsc#1207263).
- btrfs: avoid logging all directory changes during renames (bsc#1207263).
- btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1207500 ltc#201363).
- btrfs: do not log unnecessary boundary keys when logging directory (bsc#1207263).
- btrfs: fix assertion failure when logging directory key range item (bsc#1207263).
- btrfs: fix processing of delayed data refs during backref walking (bsc#1206056 bsc#1207507 ltc#201367).
- btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057 bsc#1207506 ltc#201368).
- btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
- btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
- btrfs: join running log transaction when logging new name (bsc#1207263).
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
- btrfs: pass the dentry to btrfs_log_new_name() instead of the inode (bsc#1207263).
- btrfs: prepare extents to be logged before locking a log tree path (bsc#1207263).
- btrfs: put initial index value of a directory in a constant (bsc#1207263).
- btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- btrfs: remove unnecessary NULL check for the new inode during rename exchange (bsc#1207263).
- btrfs: remove useless path release in the fast fsync path (bsc#1207263).
- btrfs: remove write and wait of struct walk_control (bsc#1207263).
- btrfs: stop copying old dir items when logging a directory (bsc#1207263).
- btrfs: stop doing unnecessary log updates during a rename (bsc#1207263).
- btrfs: stop trying to log subdirectories created in past transactions (bsc#1207263).
- btrfs: use single variable to track return value at btrfs_log_inode() (bsc#1207263).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- cifs: Fix uninitialized memory read for smb311 posix symlink create (git-fixes).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- cifs: do not include page data when checking signature (git-fixes).
- cifs: do not query ifaces on smb1 mounts (git-fixes).
- cifs: do not take exclusive lock for updating target hints (bsc#1193629).
- cifs: fix double free on failed kerberos auth (git-fixes).
- cifs: fix file info setting in cifs_open_file() (git-fixes).
- cifs: fix file info setting in cifs_query_path_info() (git-fixes).
- cifs: fix potential memory leaks in session setup (bsc#1193629).
- cifs: fix race in assemble_neg_contexts() (bsc#1193629).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (bsc#1193629).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- cifs: remove redundant assignment to the variable match (bsc#1193629).
- cifs: remove unused function (bsc#1193629).
- comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- crypto: fixed DH and ECDH implemention for FIPS PCT (jsc#SLE-21132,bsc#1191256,bsc#1207184).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dmaengine: Fix double increment of client_count in dma_chan_get() (git-fixes).
- dmaengine: idxd: Do not call DMX TX callbacks during workqueue disable (git-fixes).
- dmaengine: idxd: Let probe fail when workqueue cannot be enabled (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
- dmaengine: lgm: Move DT parsing after initialization (git-fixes).
- dmaengine: tegra210-adma: fix global intr clear (git-fixes).
- dmaengine: ti: k3-udma: Do conditional decrement of UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
- dmaengine: xilinx_dma: call of_node_put() when breaking out of for_each_child_of_node() (git-fixes).
- docs: Fix the docs build with Sphinx 6.0 (git-fixes).
- driver core: Fix test_async_probe_init saves device in wrong array (git-fixes).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: net: xgene: disable napi when register irq failed in xgene_enet_open() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- drm/amd/display: Calculate output_color_space after pixel encoding adjustment (git-fixes).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix (git-fixes).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
- drm/amd/display: fix issues with driver unload (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- drm/i915/gt: Reset twice (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
- efi: rt-wrapper: Add missing include (git-fixes).
- efi: tpm: Avoid READ_ONCE() for accessing the event log (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: Fixup pages without buffers (bsc#1205495).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
- firmware: arm_scmi: Harden shared memory access in fetch_notification (git-fixes).
- firmware: arm_scmi: Harden shared memory access in fetch_response (git-fixes).
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fs: remove __sync_filesystem (git-fixes).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- git_sort: add usb-linus branch for gregkh/usb
- gsmi: fix null-deref in gsmi_get_variable (git-fixes).
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
- i40e: Fix error handling in i40e_init_module() (git-fixes).
- i40e: Fix not setting default xps_cpus after reset (git-fixes).
- igb: Allocate MSI-X vector when testing (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
- ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (git-fixes).
- ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: use the correct print format (git-fixes).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- kABI workaround for struct acpi_ec (bsc#1207149).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- kabi/severities: add mlx5 internal symbols
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- l2tp: Do not sleep and disable BH under writer-side sk_callback_lock (git-fixes).
- loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mei: me: add meteor lake point M DID (git-fixes).
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in atmel_ramc_probe() (git-fixes).
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in mvebu_devbus_probe() (git-fixes).
- memory: tegra: Remove clients SID override programming (git-fixes).
- misc: fastrpc: Do not remove map on creater_process and device_release (git-fixes).
- misc: fastrpc: Fix use-after-free race condition for maps (git-fixes).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- mm: compaction: kABI: avoid pglist_data kABI breakage (bsc#1207010).
- mm: compaction: support triggering of proactive compaction by user (bsc#1207010).
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step setting (git-fixes).
- mmc: sunxi-mmc: Fix clock refcount imbalance during unbind (git-fixes).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
- mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in mt7921_mcu_tx_done_event (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: cxgb3_main: disable napi when bind qsets failed in cxgb_up() (git-fixes).
- net: ena: Fix error handling in ena_init() (git-fixes).
- net: liquidio: release resources when liquidio driver open failed (git-fixes).
- net: liquidio: simplify if expression (git-fixes).
- net: macvlan: Use built-in RCU list checking (git-fixes).
- net: macvlan: fix memory leaks of macvlan_common_newlink (git-fixes).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: mdio: validate parameter addr in mdiobus_get_phy() (git-fixes).
- net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- net: tun: Fix memory leaks of napi_get_frags (git-fixes).
- net: tun: Fix use-after-free in tun_detach() (git-fixes).
- net: tun: call napi_schedule_prep() to ensure we own a napi (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: sr9700: Handle negative len (git-fixes).
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and unmap_si_regs (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- octeontx2-af: Fix reference count issue in rvu_sdp_init() (jsc#SLE-24682).
- octeontx2-af: debugsfs: fix pci device refcount leak (git-fixes).
- octeontx2-pf: Add check for devm_kcalloc (git-fixes).
- octeontx2-pf: Fix potential memory leak in otx2_init_tc() (jsc#SLE-24682).
- of/address: Return an error when no valid dma-ranges are found (git-fixes).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- phy: Revert 'phy: qualcomm: usb28nm: Add MDM9607 init sequence' (git-fixes).
- phy: phy-can-transceiver: Skip warning if no 'max-bitrate' (git-fixes).
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare() in rockchip_usb2phy_power_on() (git-fixes).
- phy: ti: fix Kconfig warning and operator precedence (git-fixes).
- pinctrl: amd: Add dynamic debugging for active GPIOs (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
- powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
- powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
- qlcnic: fix sleep-in-atomic-context bugs caused by msleep (git-fixes).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
- regulator: da9211: Use irq handler when ready (git-fixes).
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- s390/qeth: fix various format strings (git-fixes).
- sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: efct: Fix possible memleak in efct_device_init() (git-fixes).
- scsi: elx: libefc: Fix second parameter type in state callbacks (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_report_zones() (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (bsc#1206006).
- scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- serial: atmel: fix incorrect baudrate setup (git-fixes).
- serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
- sfc: fix potential memleak in __ef100_hard_start_xmit() (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- soc: imx8m: Fix incorrect check for of_clk_get_by_name() (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
- staging: vchiq_arm: fix enum vchiq_status return types (git-fixes).
- swim3: add missing major.h include (git-fixes).
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent (git-fixes).
- thermal/core: Remove duplicate information when an error occurs (git-fixes).
- thunderbolt: Do not call PM runtime functions in tb_retimer_scan() (git-fixes).
- thunderbolt: Do not report errors if on-board retimers are found (git-fixes).
- thunderbolt: Use correct function to calculate maximum USB3 link rate (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
- tick/sched: Fix non-kernel-doc comment (git-fixes).
- tomoyo: fix broken dependency on *.conf.default (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing/hist: Fix issue of losting command info in error_log (git-fixes).
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
- tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
- tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing/probes: Handle system names with hyphens (git-fixes).
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
- tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing: Do not use out-of-sync va_list in event printing (git-fixes).
- tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
- tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
- tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
- tracing: Fix issue of missing one synthetic field (git-fixes).
- tracing: Fix mismatched comment in __string_len (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
- tracing: Fix race where histograms can be called before the event (git-fixes).
- tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
- tracing: Fix warning on variable 'struct trace_array' (git-fixes).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
- tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
- tracing: Have type enum modifications copy the strings (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
- tty: fix possible null-ptr-defer in spk_ttyio_release (git-fixes).
- tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX FIFO buffer (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210 (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
- usb: cdns3: remove fetched trb from cache before dequeuing (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
- usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
- usb: gadget: g_webcam: Send color matching descriptor per frame (git-fixes).
- usb: gadget: udc: core: Print error code in usb_gadget_probe_driver() (git-fixes).
- usb: gadget: udc: core: Revise comments for USB ep enable/disable (git-fixes).
- usb: gadget: udc: core: Use pr_fmt() to prefix messages (git-fixes).
- usb: gadget: udc: core: remove usage of list iterator past the loop body (git-fixes).
- usb: host: ehci-fsl: Fix module alias (git-fixes).
- usb: typec: altmodes/displayport: Add pin assignment helper (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: tcpm: Fix altmode re-registration causes sysfs create fail (git-fixes).
- usb: xhci: Check endpoint is valid before dereferencing it (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
- virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
- virtio-net: correctly enable callback during start_xmit (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- w1: fix WARNING after calling w1_process() (git-fixes).
- w1: fix deadloop in __w1_remove_master_device() (git-fixes).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210)
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
- wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload (git-fixes).
- wifi: mt76: mt7921e: fix race issue between reset and suspend/resume (git-fixes).
- wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work (git-fixes).
- wifi: mt76: sdio: poll sta stat when device transmits data (git-fixes).
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid (git-fixes).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
- x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: hoist refcount record merge predicates (bsc#1208183).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: xfstest fails with error missing kernel patch (git-fixes bsc#1207501 ltc#201370).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- zram: Delete patch for regression addressed (bsc#1207933).
- zram: do not lookup algorithm in backends table (git-fixes).
ImportantSUSE bug 1166486SUSE bug 1185861SUSE bug 1185863SUSE bug 1186449SUSE bug 1191256SUSE bug 1192868SUSE bug 1193629SUSE bug 1194869SUSE bug 1195175SUSE bug 1195655SUSE bug 1196058SUSE bug 1199701SUSE bug 1203332SUSE bug 1204063SUSE bug 1204356SUSE bug 1204662SUSE bug 1205495SUSE bug 1206006SUSE bug 1206036SUSE bug 1206056SUSE bug 1206057SUSE bug 1206224SUSE bug 1206258SUSE bug 1206363SUSE bug 1206459SUSE bug 1206616SUSE bug 1206640SUSE bug 1206677SUSE bug 1206784SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206893SUSE bug 1206894SUSE bug 1207010SUSE bug 1207034SUSE bug 1207036SUSE bug 1207050SUSE bug 1207125SUSE bug 1207134SUSE bug 1207149SUSE bug 1207158SUSE bug 1207184SUSE bug 1207186SUSE bug 1207188SUSE bug 1207189SUSE bug 1207190SUSE bug 1207237SUSE bug 1207263SUSE bug 1207269SUSE bug 1207328SUSE bug 1207497SUSE bug 1207500SUSE bug 1207501SUSE bug 1207506SUSE bug 1207507SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207602SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207611SUSE bug 1207612SUSE bug 1207613SUSE bug 1207614SUSE bug 1207615SUSE bug 1207616SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207622SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207627SUSE bug 1207628SUSE bug 1207629SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207633SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207637SUSE bug 1207638SUSE bug 1207639SUSE bug 1207640SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207649SUSE bug 1207650SUSE bug 1207651SUSE bug 1207652SUSE bug 1207653SUSE bug 1207734SUSE bug 1207768SUSE bug 1207769SUSE bug 1207770SUSE bug 1207771SUSE bug 1207773SUSE bug 1207795SUSE bug 1207842SUSE bug 1207875SUSE bug 1207878SUSE bug 1207933SUSE bug 1208030SUSE bug 1208044SUSE bug 1208085SUSE bug 1208149SUSE bug 1208153SUSE bug 1208183SUSE bug 1208428SUSE bug 1208429CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:sle-micro:5.3Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).
ModerateSUSE bug 1216853CVE-2023-38472 at SUSECVE-2023-38472 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssh (Important)SUSE Linux Enterprise Micro 5.3
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker, rootlesskit (Important)SUSE Linux Enterprise Micro 5.3
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:suse:sle-micro:5.3Security update for ppp (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ModerateSUSE bug 1218251CVE-2022-4603 at SUSECVE-2022-4603 at NVDcpe:/o:suse:sle-micro:5.3Security update for jbigkit (Low)SUSE Linux Enterprise Micro 5.3
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:suse:sle-micro:5.3Security update for tpm2-0-tss (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tpm2-0-tss fixes the following issues:
- CVE-2023-22745: Fixed a memory safety issue that could be exploited
by local attackers with TPM access (bsc#1207325).
ModerateSUSE bug 1207325CVE-2023-22745 at SUSECVE-2023-22745 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).
Bugfixes:
- Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).
ModerateSUSE bug 1205244SUSE bug 1208443CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.3
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:sle-micro:5.3Security update for libksba (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ModerateSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:sle-micro:5.3Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libX11 fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881)
ModerateSUSE bug 1204425SUSE bug 1208881CVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2022-4144: Fixed qxl_phys2virt unsafe address translation that can lead to out-of-bounds read (bsc#1205808).
- CVE-2022-3165: Fixed integer underflow in vnc_client_cut_text_ext() (bsc#1203788).
- CVE-2022-1050: Fixed use-after-free issue in pvrdma_exec_cmd() (bsc#1197653).
Bugfixes:
- Fixed deviation of guest clock (bsc#1206527).
- Fixed broken 'block limits' VPD emulation (bsc#1202364).
ImportantSUSE bug 1197653SUSE bug 1202364SUSE bug 1203788SUSE bug 1205808SUSE bug 1206527CVE-2022-1050 at SUSECVE-2022-1050 at NVDCVE-2022-3165 at SUSECVE-2022-3165 at NVDCVE-2022-4144 at SUSECVE-2022-4144 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2022-27672: Fixed speculative execution vulnerability due to RAS being dynamically partitioned between non-idle threads (bsc#1208286).
Bugfixes:
- Fixed launch-xenstore error (bsc#1205792)
- Fixed issues in VMX (bsc#1027519).
ModerateSUSE bug 1027519SUSE bug 1205792SUSE bug 1208286CVE-2022-27672 at SUSECVE-2022-27672 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:sle-micro:5.3Security update for net-snmp (Moderate)SUSE Linux Enterprise Micro 5.3
This update for net-snmp fixes the following issues:
- CVE-2022-44793: Fixed a NULL pointer dereference issue that could
allow a remote attacker with write access to crash the server
instance (bsc#1205148).
- CVE-2022-44792: Fixed a NULL pointer dereference issue that could
allow a remote attacker with write access to crash the server
instance (bsc#1205150).
Other fixes:
- Enabled AES-192 and AES-256 privacy protocols (bsc#1206828).
- Fixed an incorrect systemd hardening that caused home directory
size and allocation to be listed incorrectly (bsc#1206044)
ModerateSUSE bug 1205148SUSE bug 1205150SUSE bug 1206044SUSE bug 1206828CVE-2022-44792 at SUSECVE-2022-44792 at NVDCVE-2022-44793 at SUSECVE-2022-44793 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-future (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-future fixes the following issues:
- CVE-2022-40899: Fixed an issue that could allow attackers to cause
an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673).
ModerateSUSE bug 1206673CVE-2022-40899 at SUSECVE-2022-40899 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
Docker was updated to 20.10.23-ce.
See upstream changelog at https://docs.docker.com/engine/release-notes/#201023
Docker was updated to 20.10.21-ce (bsc#1206065)
See upstream changelog at https://docs.docker.com/engine/release-notes/#201021
Security issues fixed:
- CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375)
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
ModerateSUSE bug 1205375SUSE bug 1206065CVE-2022-36109 at SUSECVE-2022-36109 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
ImportantSUSE bug 1203355SUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
- CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207).
ModerateSUSE bug 1180207SUSE bug 1185000CVE-2020-14394 at SUSECVE-2020-14394 at NVDCVE-2021-3507 at SUSECVE-2021-3507 at NVDcpe:/o:suse:sle-micro:5.3Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.3
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
ModerateSUSE bug 1209282cpe:/o:suse:sle-micro:5.3Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.3
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
ImportantSUSE bug 1220770SUSE bug 1220771CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
ModerateSUSE bug 1216594SUSE bug 1216598CVE-2023-38469 at SUSECVE-2023-38469 at NVDCVE-2023-38471 at SUSECVE-2023-38471 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.3Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libvirt fixes the following issues:
- CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815)
The following non-security bug was fixed:
- Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() (bsc#1221749).
ModerateSUSE bug 1221749SUSE bug 1221815CVE-2024-2494 at SUSECVE-2024-2494 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
ModerateSUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Important)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
ImportantSUSE bug 1219559SUSE bug 1221289CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-28757 at SUSECVE-2024-28757 at NVDcpe:/o:suse:sle-micro:5.3Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:suse:sle-micro:5.3Security update for c-ares (Moderate)SUSE Linux Enterprise Micro 5.3
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:suse:sle-micro:5.3Security update for buildah (Important)SUSE Linux Enterprise Micro 5.3
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
ImportantSUSE bug 1219563SUSE bug 1220568SUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:suse:sle-micro:5.3Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.3
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:suse:sle-micro:5.3Security update for util-linux (Important)SUSE Linux Enterprise Micro 5.3
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1207987SUSE bug 1220117SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:suse:sle-micro:5.3Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.3
This update for gnutls fixes the following issues:
Security issues fixed:
- CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143).
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).
FIPS 140-3 certification related bugs fixed:
- FIPS: Set error state when jent init failed in FIPS mode (bsc#1202146)
- FIPS: Make XTS key check failure not fatal (bsc#1203779)
- FIPS: Added GnuTLS DH/ECDH pairwise consistency check for public key regeneration [bsc#1207183]
- FIPS: Change all the 140-2 references to FIPS 140-3 in order to account for the new FIPS certification [bsc#1207346]
- FIPS: Make the jitterentropy calls thread-safe (bsc#1208146).
- FIPS: GnuTLS DH/ECDH PCT public key regeneration (bsc#1207183).
- FIPS: Fix pct_test() return code in case of error (bsc#1207183)
- FIPS: Establish PBKDF2 additional requirements [bsc#1209001]
* Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
* Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
* Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
* Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
* Add regression tests for the new PBKDF2 requirements.
Other issues fixed:
- Fix AVX CPU feature detection for OSXSAVE (bsc#1203299)
This fixes a SIGILL termination at the verzoupper instruction when
trying to run GnuTLS on a Linux kernel with the noxsave command
line parameter set. Relevant mostly for virtual systems.
- Increase the limit of TLS PSK usernames from 128 to 65535 characters. [bsc#1208237, jsc#PED-1562]
ImportantSUSE bug 1202146SUSE bug 1203299SUSE bug 1203779SUSE bug 1207183SUSE bug 1207346SUSE bug 1208143SUSE bug 1208146SUSE bug 1208237SUSE bug 1209001SUSE bug 1217277SUSE bug 1218862SUSE bug 1218865CVE-2023-0361 at SUSECVE-2023-0361 at NVDCVE-2023-5981 at SUSECVE-2023-5981 at NVDCVE-2024-0553 at SUSECVE-2024-0553 at NVDCVE-2024-0567 at SUSECVE-2024-0567 at NVDcpe:/o:suse:sle-micro:5.3Security update for less (Important)SUSE Linux Enterprise Micro 5.3
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.16.6 (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Build in the correct KOTD repository with multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) With multibuild setting repository flags is no longer supported for individual spec files - see https://github.com/openSUSE/open-build-service/issues/3574 Add ExclusiveArch conditional that depends on a macro set up by bs-upload-kernel instead. With that each package should build only in one repository - either standard or QA. Note: bs-upload-kernel does not interpret rpm conditionals, and only uses the first ExclusiveArch line to determine the architectures to enable.
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584, jsc#PED-3459).
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- libceph: use kernel_connect() (bsc#1217981).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1193285SUSE bug 1211162SUSE bug 1211226SUSE bug 1212584SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218139SUSE bug 1218184SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218447SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218659CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- group-source-files.pl: Quote filenames (boo#1221077).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
ImportantSUSE bug 1212514SUSE bug 1220237SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220790SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220885SUSE bug 1220898SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221048SUSE bug 1221055SUSE bug 1221058SUSE bug 1221077SUSE bug 1221276SUSE bug 1221551SUSE bug 1221553SUSE bug 1221725SUSE bug 1222073SUSE bug 1222619CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
ImportantSUSE bug 1200599SUSE bug 1209635SUSE bug 1212514SUSE bug 1213456SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220790SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220885SUSE bug 1220898SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221048SUSE bug 1221055SUSE bug 1221058SUSE bug 1221077SUSE bug 1221276SUSE bug 1221551SUSE bug 1221553SUSE bug 1221725SUSE bug 1222073SUSE bug 1222619CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.3
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:suse:sle-micro:5.3Security update for shim (Important)SUSE Linux Enterprise Micro 5.3
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Important)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134)
- CVE-2024-3446: Fixed DM reentrancy issue that could lead to double free vulnerability (bsc#1222843)
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
ImportantSUSE bug 1213269SUSE bug 1218889SUSE bug 1220134SUSE bug 1222843SUSE bug 1222845CVE-2023-3019 at SUSECVE-2023-3019 at NVDCVE-2023-6683 at SUSECVE-2023-6683 at NVDCVE-2024-24474 at SUSECVE-2024-24474 at NVDCVE-2024-3446 at SUSECVE-2024-3446 at NVDCVE-2024-3447 at SUSECVE-2024-3447 at NVDcpe:/o:suse:sle-micro:5.3Security update for libssh (Important)SUSE Linux Enterprise Micro 5.3
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
ImportantSUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:suse:sle-micro:5.3Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.3
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-idna (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459)
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- libceph: use kernel_connect() (bsc#1217981).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1193285SUSE bug 1211162SUSE bug 1211226SUSE bug 1212584SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218139SUSE bug 1218184SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218447SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218659CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.3Security update for sssd (Important)SUSE Linux Enterprise Micro 5.3
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:suse:sle-micro:5.3Security update for less (Important)SUSE Linux Enterprise Micro 5.3
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:suse:sle-micro:5.3Security update for tpm2-0-tss (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tpm2-0-tss fixes the following issues:
- CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).
ModerateSUSE bug 1223690CVE-2024-29040 at SUSECVE-2024-29040 at NVDcpe:/o:suse:sle-micro:5.3Security update for tpm2.0-tools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tpm2.0-tools fixes the following issues:
- CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687).
- CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689).
ModerateSUSE bug 1223687SUSE bug 1223689CVE-2024-29038 at SUSECVE-2024-29038 at NVDCVE-2024-29039 at SUSECVE-2024-29039 at NVDcpe:/o:suse:sle-micro:5.3Recommended update for google-cloud SDK (Moderate)SUSE Linux Enterprise Micro 5.3
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
ImportantSUSE bug 1192145SUSE bug 1209657SUSE bug 1215221SUSE bug 1216223SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220703SUSE bug 1220761SUSE bug 1220883SUSE bug 1221044SUSE bug 1221061SUSE bug 1221088SUSE bug 1221293SUSE bug 1221299SUSE bug 1221612SUSE bug 1221725SUSE bug 1221830SUSE bug 1222117SUSE bug 1222422SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222503SUSE bug 1222536SUSE bug 1222559SUSE bug 1222585SUSE bug 1222618SUSE bug 1222624SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1223016SUSE bug 1223187SUSE bug 1223380SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223479SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223522SUSE bug 1223523SUSE bug 1223705SUSE bug 1223824CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1192354SUSE bug 1192837SUSE bug 1193629SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1206881SUSE bug 1209657SUSE bug 1215221SUSE bug 1216223SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220703SUSE bug 1220761SUSE bug 1220883SUSE bug 1221044SUSE bug 1221061SUSE bug 1221088SUSE bug 1221293SUSE bug 1221299SUSE bug 1221612SUSE bug 1221830SUSE bug 1222117SUSE bug 1222422SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222503SUSE bug 1222536SUSE bug 1222559SUSE bug 1222585SUSE bug 1222618SUSE bug 1222624SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1223016SUSE bug 1223187SUSE bug 1223380SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223479SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223522SUSE bug 1223523SUSE bug 1223705SUSE bug 1223824CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.3Security update for cairo (Low)SUSE Linux Enterprise Micro 5.3
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
LowSUSE bug 1122321CVE-2019-6462 at SUSECVE-2019-6462 at NVDcpe:/o:suse:sle-micro:5.3Security update for perl (Important)SUSE Linux Enterprise Micro 5.3
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Important)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:suse:sle-micro:5.3Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.3
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
ImportantSUSE bug 1224806CVE-2024-4453 at SUSECVE-2024-4453 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
- CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388).
ModerateSUSE bug 1222548SUSE bug 1224388CVE-2024-2511 at SUSECVE-2024-2511 at NVDCVE-2024-4603 at SUSECVE-2024-4603 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Important)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
ImportantSUSE bug 1223179SUSE bug 1225365CVE-2024-35235 at SUSECVE-2024-35235 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
ImportantSUSE bug 1223356CVE-2024-0090 at SUSECVE-2024-0090 at NVDCVE-2024-0091 at SUSECVE-2024-0091 at NVDCVE-2024-0092 at SUSECVE-2024-0092 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- supported.conf: support tcp_dctcp module (jsc#PED-8111)
ImportantSUSE bug 1065729SUSE bug 1174585SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1211592SUSE bug 1213863SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1218917SUSE bug 1220492SUSE bug 1220783SUSE bug 1221044SUSE bug 1221645SUSE bug 1221958SUSE bug 1222011SUSE bug 1222619SUSE bug 1222721SUSE bug 1222976SUSE bug 1223057SUSE bug 1223084SUSE bug 1223111SUSE bug 1223138SUSE bug 1223191SUSE bug 1223384SUSE bug 1223390SUSE bug 1223481SUSE bug 1223501SUSE bug 1223512SUSE bug 1223520SUSE bug 1223532SUSE bug 1223626SUSE bug 1223715SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224085SUSE bug 1224099SUSE bug 1224137SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224488SUSE bug 1224494SUSE bug 1224511SUSE bug 1224592SUSE bug 1224611SUSE bug 1224664SUSE bug 1224678SUSE bug 1224682SUSE bug 1224685SUSE bug 1224730SUSE bug 1224736SUSE bug 1224763SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224931SUSE bug 1224932SUSE bug 1224937SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225044SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225482SUSE bug 1225483SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225508SUSE bug 1225510SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225595SUSE bug 1225599CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
ModerateSUSE bug 1212233CVE-2023-3164 at SUSECVE-2023-3164 at NVDcpe:/o:suse:sle-micro:5.3Security update for bluez (Important)SUSE Linux Enterprise Micro 5.3
This update for bluez fixes the following issues:
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
ImportantSUSE bug 1218300SUSE bug 1218301CVE-2023-50229 at SUSECVE-2023-50229 at NVDCVE-2023-50230 at SUSECVE-2023-50230 at NVDcpe:/o:suse:sle-micro:5.3Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.3
This update for gdk-pixbuf fixes the following issues:
gdk-pixbuf was updated to version 2.42.12:
- Security issues fixed:
* CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276)
- Changes in version 2.42.12:
+ ani: Reject files with multiple INA or IART chunks,
+ ani: validate chunk size,
+ Updated translations.
- Enable other image loaders such as xpm and xbm (bsc#1223903)
- Changes in version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Changes in version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Fixed loading of larger images
- Avoid Bash specific syntax in baselibs postscript (bsc#1195391)
ImportantSUSE bug 1195391SUSE bug 1219276SUSE bug 1223903CVE-2022-48622 at SUSECVE-2022-48622 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.3Security update for libarchive (Important)SUSE Linux Enterprise Micro 5.3
This update for libarchive fixes the following issues:
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971).
ImportantSUSE bug 1225971CVE-2024-20696 at SUSECVE-2024-20696 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
The following non-security bugs were fixed:
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
ImportantSUSE bug 1065729SUSE bug 1174585SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1210335SUSE bug 1211592SUSE bug 1213863SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1218917SUSE bug 1220492SUSE bug 1220783SUSE bug 1221044SUSE bug 1221645SUSE bug 1221958SUSE bug 1222011SUSE bug 1222559SUSE bug 1222619SUSE bug 1222721SUSE bug 1222976SUSE bug 1223057SUSE bug 1223084SUSE bug 1223111SUSE bug 1223138SUSE bug 1223191SUSE bug 1223384SUSE bug 1223390SUSE bug 1223481SUSE bug 1223501SUSE bug 1223505SUSE bug 1223512SUSE bug 1223520SUSE bug 1223532SUSE bug 1223626SUSE bug 1223715SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224085SUSE bug 1224099SUSE bug 1224137SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224488SUSE bug 1224494SUSE bug 1224511SUSE bug 1224592SUSE bug 1224611SUSE bug 1224664SUSE bug 1224678SUSE bug 1224682SUSE bug 1224685SUSE bug 1224730SUSE bug 1224736SUSE bug 1224763SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224931SUSE bug 1224932SUSE bug 1224937SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225044SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225508SUSE bug 1225510SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225595SUSE bug 1225599CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed a potential leak of sensitive information on
HTTP log file (bsc#1227052).
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:suse:sle-micro:5.3Security update for libndp (Important)SUSE Linux Enterprise Micro 5.3
This update for libndp fixes the following issues:
- CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771)
ImportantSUSE bug 1225771CVE-2024-5564 at SUSECVE-2024-5564 at NVDcpe:/o:suse:sle-micro:5.3Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.3
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:suse:sle-micro:5.3Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
ModerateSUSE bug 1218571CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- mkspec-dtb: add toplevel symlinks also on arm
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ImportantSUSE bug 1195775SUSE bug 1216124SUSE bug 1218148SUSE bug 1219224SUSE bug 1220492SUSE bug 1222015SUSE bug 1222254SUSE bug 1222678SUSE bug 1224020SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1225098SUSE bug 1225467SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1226270SUSE bug 1226587SUSE bug 1226595SUSE bug 1226634SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226953SUSE bug 1226962CVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDcpe:/o:suse:sle-micro:5.3Security update for oniguruma (Moderate)SUSE Linux Enterprise Micro 5.3
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:suse:sle-micro:5.3Security update for cockpit (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cockpit fixes the following issues:
- CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). ModerateSUSE bug 1226040CVE-2024-6126 at SUSECVE-2024-6126 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075SUSE bug 1226447SUSE bug 1226448CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)'
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ImportantSUSE bug 1195775SUSE bug 1216124SUSE bug 1218148SUSE bug 1219224SUSE bug 1220492SUSE bug 1222015SUSE bug 1222254SUSE bug 1222678SUSE bug 1223384SUSE bug 1224020SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1225098SUSE bug 1225467SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1226270SUSE bug 1226587SUSE bug 1226595SUSE bug 1226634SUSE bug 1226758SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226953SUSE bug 1226962CVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDcpe:/o:suse:sle-micro:5.3Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.3
This update for gnutls fixes the following issues:
- CVE-2024-28835: Fixed a certtool crash when verifying a certificate
chain (bsc#1221747).
- CVE-2024-28834: Fixed a side-channel attack in the deterministic
ECDSA (bsc#1221746).
Other fixes:
- Fixed a memory leak when using the entropy collector (bsc#1221242).
ModerateSUSE bug 1221242SUSE bug 1221746SUSE bug 1221747CVE-2024-28834 at SUSECVE-2024-28834 at NVDCVE-2024-28835 at SUSECVE-2024-28835 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
ModerateSUSE bug 1222693CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.3Security update for shadow (Important)SUSE Linux Enterprise Micro 5.3
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.3Security update for gtk2 (Important)SUSE Linux Enterprise Micro 5.3
This update for gtk2 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.3Security update for gtk3 (Important)SUSE Linux Enterprise Micro 5.3
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:suse:sle-micro:5.3Security update for orc (Important)SUSE Linux Enterprise Micro 5.3
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
ModerateSUSE bug 1218851CVE-2023-46839 at SUSECVE-2023-46839 at NVDcpe:/o:suse:sle-micro:5.3Recommended update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.3
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added 'Provides: nss' so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1223724SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118SUSE bug 1227918CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.3Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.3
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.3Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.3
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1209636SUSE bug 1213123SUSE bug 1215587SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1222728SUSE bug 1222809SUSE bug 1222810SUSE bug 1223635SUSE bug 1223863SUSE bug 1224495SUSE bug 1224671SUSE bug 1225573SUSE bug 1226168SUSE bug 1226226SUSE bug 1226519SUSE bug 1226537SUSE bug 1226539SUSE bug 1226550SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226580SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226614SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226650SUSE bug 1226653SUSE bug 1226662SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226705SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226762SUSE bug 1227090SUSE bug 1227383SUSE bug 1227487SUSE bug 1227549SUSE bug 1227716SUSE bug 1227750SUSE bug 1227764SUSE bug 1227808SUSE bug 1227810SUSE bug 1227823SUSE bug 1227829SUSE bug 1227836SUSE bug 1227917SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227948SUSE bug 1227949SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228114SUSE bug 1228247SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228680SUSE bug 1228743SUSE bug 1228801CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1209636SUSE bug 1213123SUSE bug 1215587SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1221044SUSE bug 1222011SUSE bug 1222728SUSE bug 1222809SUSE bug 1222810SUSE bug 1223635SUSE bug 1223863SUSE bug 1224488SUSE bug 1224495SUSE bug 1224671SUSE bug 1225573SUSE bug 1225829SUSE bug 1226168SUSE bug 1226226SUSE bug 1226519SUSE bug 1226537SUSE bug 1226539SUSE bug 1226550SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226580SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226614SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226650SUSE bug 1226653SUSE bug 1226662SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226705SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226758SUSE bug 1226762SUSE bug 1226785SUSE bug 1227090SUSE bug 1227383SUSE bug 1227487SUSE bug 1227549SUSE bug 1227716SUSE bug 1227750SUSE bug 1227764SUSE bug 1227808SUSE bug 1227810SUSE bug 1227823SUSE bug 1227829SUSE bug 1227836SUSE bug 1227917SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227948SUSE bug 1227949SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228114SUSE bug 1228247SUSE bug 1228328SUSE bug 1228440SUSE bug 1228561SUSE bug 1228644SUSE bug 1228680SUSE bug 1228743SUSE bug 1228801CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware fixes the following issues:
CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:suse:sle-micro:5.3Security update for keepalived (Moderate)SUSE Linux Enterprise Micro 5.3
This update for keepalived fixes the following issues:
- CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123)
ModerateSUSE bug 1228123CVE-2024-41184 at SUSECVE-2024-41184 at NVDcpe:/o:suse:sle-micro:5.3Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.3
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
ModerateSUSE bug 1229465CVE-2024-6119 at SUSECVE-2024-6119 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)
ModerateSUSE bug 1228924CVE-2024-7006 at SUSECVE-2024-7006 at NVDcpe:/o:suse:sle-micro:5.3Security update for buildah, docker (Critical)SUSE Linux Enterprise Micro 5.3
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.3Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for systemd fixes the following issues:
- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)
Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).
ModerateSUSE bug 1218297SUSE bug 1221479SUSE bug 1226414SUSE bug 1228091CVE-2023-7008 at SUSECVE-2023-7008 at NVDcpe:/o:suse:sle-micro:5.3Security update for libpcap (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
ModerateSUSE bug 1230093CVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Low)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203360SUSE bug 1206006SUSE bug 1206258SUSE bug 1207158SUSE bug 1216834SUSE bug 1221326SUSE bug 1221645SUSE bug 1223191SUSE bug 1224105SUSE bug 1227832SUSE bug 1228020SUSE bug 1228466SUSE bug 1228516SUSE bug 1228576SUSE bug 1228718SUSE bug 1228801SUSE bug 1228959SUSE bug 1229042SUSE bug 1229292SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229522SUSE bug 1229526SUSE bug 1229528SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229554SUSE bug 1229557SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229581SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229617SUSE bug 1229619SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229664SUSE bug 1229707SUSE bug 1229792CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-dnspython fixes the following issue:
- Fix CVE-2023-29483 (bsc#1230353).
ModerateSUSE bug 1230353CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
ImportantSUSE bug 1227322SUSE bug 1230363CVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-45003: Don't evict inode under the inode lru traversing context. (bsc#1230245)
The following non-security bugs were fixed:
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'. (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage'. (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'. (bsc#1230413)
ImportantSUSE bug 1230245SUSE bug 1230413CVE-2024-45003 at SUSECVE-2024-45003 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203360SUSE bug 1206006SUSE bug 1206258SUSE bug 1207158SUSE bug 1216834SUSE bug 1221326SUSE bug 1221645SUSE bug 1223191SUSE bug 1224105SUSE bug 1227832SUSE bug 1228020SUSE bug 1228114SUSE bug 1228466SUSE bug 1228489SUSE bug 1228516SUSE bug 1228576SUSE bug 1228718SUSE bug 1228801SUSE bug 1228959SUSE bug 1229042SUSE bug 1229292SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229522SUSE bug 1229526SUSE bug 1229528SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229554SUSE bug 1229557SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229581SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229617SUSE bug 1229619SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229664SUSE bug 1229707SUSE bug 1229792SUSE bug 1230245SUSE bug 1230413CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ImportantSUSE bug 1222453SUSE bug 1227355SUSE bug 1228574SUSE bug 1228575SUSE bug 1230366CVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDCVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDCVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:suse:sle-micro:5.3Security update for opensc (Low)SUSE Linux Enterprise Micro 5.3
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596SUSE bug 1230227CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
ImportantSUSE bug 1230698CVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:suse:sle-micro:5.3Security update for Mesa (Moderate)SUSE Linux Enterprise Micro 5.3
This update for Mesa fixes the following issues:
- CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041).
- CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040).
- CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#CVE-2023-45922).
ModerateSUSE bug 1222040SUSE bug 1222041SUSE bug 1222042CVE-2023-45913 at SUSECVE-2023-45913 at NVDCVE-2023-45919 at SUSECVE-2023-45919 at NVDCVE-2023-45922 at SUSECVE-2023-45922 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
ImportantSUSE bug 1216223SUSE bug 1223600SUSE bug 1223958SUSE bug 1225272SUSE bug 1227487SUSE bug 1228466SUSE bug 1229407SUSE bug 1229633SUSE bug 1229662SUSE bug 1229947SUSE bug 1230015SUSE bug 1230398SUSE bug 1230434SUSE bug 1230507SUSE bug 1230767SUSE bug 1231016CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
ImportantSUSE bug 1216223SUSE bug 1223600SUSE bug 1223958SUSE bug 1225272SUSE bug 1227487SUSE bug 1229407SUSE bug 1229633SUSE bug 1229662SUSE bug 1229947SUSE bug 1230015SUSE bug 1230398SUSE bug 1230434SUSE bug 1230507SUSE bug 1230767SUSE bug 1231016CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:sle-micro:5.3Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.3
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
ImportantSUSE bug 1230778CVE-2024-7254 at SUSECVE-2024-7254 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
- CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)
ImportantSUSE bug 1220262SUSE bug 1230698CVE-2023-50782 at SUSECVE-2023-50782 at NVDCVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
ModerateSUSE bug 1232528CVE-2024-9681 at SUSECVE-2024-9681 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216223SUSE bug 1216813SUSE bug 1218562SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226666SUSE bug 1228743SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1230429SUSE bug 1230442SUSE bug 1230454SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230903SUSE bug 1231016SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231929SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231972SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1232001SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232097SUSE bug 1232108SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232133SUSE bug 1232136SUSE bug 1232145SUSE bug 1232150SUSE bug 1232163SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232229SUSE bug 1232237SUSE bug 1232260SUSE bug 1232262SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622).
- CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624).
Bug fixes:
- Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542).
ImportantSUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216223SUSE bug 1216813SUSE bug 1218562SUSE bug 1220382SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226666SUSE bug 1228743SUSE bug 1229345SUSE bug 1229452SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1230429SUSE bug 1230442SUSE bug 1230454SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230903SUSE bug 1231016SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231929SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231972SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1232001SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232097SUSE bug 1232108SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232133SUSE bug 1232136SUSE bug 1232145SUSE bug 1232150SUSE bug 1232163SUSE bug 1232165SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232224SUSE bug 1232229SUSE bug 1232237SUSE bug 1232260SUSE bug 1232262SUSE bug 1232281SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232436SUSE bug 1232519SUSE bug 1233117CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Low)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.3Security update for socat (Moderate)SUSE Linux Enterprise Micro 5.3
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
ModerateSUSE bug 1225462CVE-2024-54661 at SUSECVE-2024-54661 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007)
- CVE-2024-8354: Fixed assertion failure in usb_ep_get() in usb (bsc#1230834)
- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915)
ImportantSUSE bug 1229007SUSE bug 1230834SUSE bug 1230915CVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8354 at SUSECVE-2024-8354 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
ImportantSUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1222590SUSE bug 1229345SUSE bug 1229808SUSE bug 1230220SUSE bug 1231646SUSE bug 1232165SUSE bug 1232187SUSE bug 1232224SUSE bug 1232312SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233214SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233463SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557SUSE bug 1233561SUSE bug 1233977CVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
ImportantSUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1222590SUSE bug 1229808SUSE bug 1230220SUSE bug 1231646SUSE bug 1232187SUSE bug 1232312SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233214SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233463SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557SUSE bug 1233561SUSE bug 1233977CVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDcpe:/o:suse:sle-micro:5.3Security update for installation-images (Important)SUSE Linux Enterprise Micro 5.3
This update updates installation-images and tftpboot images to contain the latest shim for secure boot.
ImportantSUSE bug 1233813cpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Important)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
ModerateSUSE bug 1226586SUSE bug 1233420CVE-2024-52616 at SUSECVE-2024-52616 at NVDcpe:/o:suse:sle-micro:5.3Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.3
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:suse:sle-micro:5.3Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.3
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kernel-source: Fix description typo
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
ImportantSUSE bug 1108281SUSE bug 1177529SUSE bug 1209834SUSE bug 1212091SUSE bug 1215885SUSE bug 1216016SUSE bug 1216702SUSE bug 1217217SUSE bug 1217670SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218689SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218929SUSE bug 1218930SUSE bug 1218968SUSE bug 1219053SUSE bug 1219120SUSE bug 1219128SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Important)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
ImportantSUSE bug 1108281SUSE bug 1177529SUSE bug 1209834SUSE bug 1212091SUSE bug 1215275SUSE bug 1215885SUSE bug 1216016SUSE bug 1216702SUSE bug 1217217SUSE bug 1217670SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218689SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218929SUSE bug 1218930SUSE bug 1218968SUSE bug 1219053SUSE bug 1219120SUSE bug 1219128SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690)
- CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. (bsc#1218810)
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1218690SUSE bug 1218810SUSE bug 1219243CVE-2023-6129 at SUSECVE-2023-6129 at NVDCVE-2023-6237 at SUSECVE-2023-6237 at NVDCVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.3Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.3
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.3Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:
* Add StdcppWaiter to the end of the list of waiter implementations
Update to 20230802.0
What's New:
* Added the nullability library for designating the expected
nullability of pointers. Currently these serve as annotations
only, but it is expected that compilers will one day be able
to use these annotations for diagnostic purposes.
* Added the prefetch library as a portable layer for moving data
into caches before it is read.
* Abseil's hash tables now detect many more programming errors
in debug and sanitizer builds.
* Abseil's synchronization objects now differentiate absolute
waits (when passed an absl::Time) from relative waits (when
passed an absl::Duration) when the underlying platform supports
differentiating these cases. This only makes a difference when
system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that
make it easier to use when another library also expects to be
able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may
use this library without depending on the much larger
@com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional<T>.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository.
See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
Update to release 1.59.2
* Fixes for CVE-2023-44487
Update to version 1.59.1:
* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).
Update to version 1.59.0:
* xds ssa: Remove environment variable protection for stateful
affinity (gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket
that still has data left in its read buffer
(gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion
timeline (gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to
fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
- replace strdup with gpr_strdup (gh#grpc/grpc#34177).
- drop ruby 2.6 support (gh#grpc/grpc#34198).
Update to release 1.58.1
* Reintroduced c-ares 1.14 or later support
Update to release 1.58
* ruby extension: remove unnecessary background thread startup
wait logic that interferes with forking
Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.
Update to release 1.56.2
* Improve server handling of file descriptor exhaustion
Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
* C++/Authz: support customizable audit functionality for
authorization policy.
Update to release 1.54.1
* Bring declarations and definitions to be in sync
Update to release 1.54 (CVE-2023-32732, bsc#1212182)
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
Update to release 1.51.1
* Only a macOS/aarch64-related change
Update to release 1.51
* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS
Update to release 1.50.0
* Core
- Derive EventEngine from std::enable_shared_from_this. (#31060)
- Revert 'Revert '[chttp2] fix stream leak with queued flow control
update and absence of writes (#30907)' (#30991)'. (#30992)
- [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907)
- Remove gpr_codegen. (#30899)
- client_channel: allow LB policy to communicate update errors to resolver. (#30809)
- FaultInjection: Fix random number generation. (#30623)
* C++
- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)
* C#
- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)
- Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411)
- Grpc.Tools document AdditionalImportDirs. (#30405)
- Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1
* All
- Update protobuf to v21.6 on 1.49.x. (#31028)
* Ruby
- Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053)
Update to release 1.49.0
* Core
- Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654)
- Bump core version. (#30588)
- Update OpenCensus to HEAD. (#30567)
- Update protobuf submodule to 3.21.5. (#30548)
- Update third_party/protobuf to 3.21.4. (#30377)
- [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
- HTTP2: Fix keepalive time throttling. (#30164)
- Use AnyInvocable in EventEngine APIs. (#30220)
* Python
- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1
* Backport EventEngine Forkables
Update to release 1.48.0
* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio
Update to release 1.46.3
* backport: xds: use federation env var to guard new-style
resource name parsing (#29725) #29727
Update to release 1.46
* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway
Update to release 1.45.2
* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when
receiving GOAWAY
Update to release 1.45.1
* Switched to epoll1 as a default polling engine for Linux
Update to version 1.45.0:
* Core:
- Backport 'Include ADS stream error in XDS error updates
(#29014)' to 1.45.x [gh#grpc/grpc#29121].
- Bump core version to 23.0.0 for upcoming release
[gh#grpc/grpc#29026].
- Fix memory leak in HTTP request security handshake
cancellation [gh#grpc/grpc#28971].
- CompositeChannelCredentials: Comparator implementation
[gh#grpc/grpc#28902].
- Delete custom iomgr [gh#grpc/grpc#28816].
- Implement transparent retries [gh#grpc/grpc#28548].
- Uniquify channel args keys [gh#grpc/grpc#28799].
- Set trailing_metadata_available for recv_initial_metadata
ops when generating a fake status [gh#grpc/grpc#28827].
- Eliminate gRPC insecure build [gh#grpc/grpc#25586].
- Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
- InsecureCredentials: singleton object [gh#grpc/grpc#28777].
- Add http cancel api [gh#grpc/grpc#28354].
- Memory leak fix on windows in grpc_tcp_create()
[gh#grpc/grpc#27457].
- xDS: Rbac filter updates [gh#grpc/grpc#28568].
* C++
- Bump the minimum gcc to 5 [gh#grpc/grpc#28786].
- Add experimental API for CRL checking support to gRPC C++
TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0
* Add a trace to list which filters are contained in a
channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.
Update to version 1.43.2:
* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).
Changes from version 1.43.0:
* Core:
- Remove redundant work serializer usage in c-ares windows
code (gh#grpc/grpc#28016).
- Support RDS updates on the server (gh#grpc/grpc#27851).
- Use WorkSerializer in XdsClient to propagate updates in a
synchronized manner (gh#grpc/grpc#27975).
- Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
- Reintroduce the EventEngine default factory
(gh#grpc/grpc#27920).
- Assert Android API >= v21 (gh#grpc/grpc#27943).
- Add support for abstract unix domain sockets
(gh#grpc/grpc#27906).
* C++:
- OpenCensus: Move metadata storage to arena
(gh#grpc/grpc#27948).
* [C#] Add nullable type attributes to Grpc.Core.Api
(gh#grpc/grpc#27887).
- Update package name libgrpc++1 to libgrpc++1_43 in keeping with
updated so number.
Update to release 1.41.0
* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider
plugin instance config.
* xDS server serving status: Use a struct to allow more fields
to be added in the future.
Update to release 1.39.1
* Fix C# protoc plugin argument parsing on 1.39.x
Update to version 1.39.0:
* Core
- Initialize tcp_posix for CFStream when needed
(gh#grpc/grpc#26530).
- Update boringssl submodule (gh#grpc/grpc#26520).
- Fix backup poller races (gh#grpc/grpc#26446).
- Use default port 443 in HTTP CONNECT request
(gh#grpc/grpc#26331).
* C++
- New iomgr implementation backed by the EventEngine API
(gh#grpc/grpc#26026).
- async_unary_call: add a Destroy method, called by
std::default_delete (gh#grpc/grpc#26389).
- De-experimentalize C++ callback API (gh#grpc/grpc#25728).
* PHP: stop reading composer.json file just to read the version
string (gh#grpc/grpc#26156).
* Ruby: Set XDS user agent in ruby via macros
(gh#grpc/grpc#26268).
Update to release 1.38.0
* Invalidate ExecCtx now before computing timeouts in all
repeating timer events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/
Update to release 1.37.1
* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify
subchannel refcounting
Update to release 1.36.4
* A fix for DNS SRV lookups on Windows
Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds
Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
* Backport 'do not use <PublicSign>true</PublicSign> on
non-windows' to 1.34.x (gh#grpc/grpc#24995).
Update to version 1.34.0:
* Core:
- Protect xds security code with the environment variable
'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT'
(gh#grpc/grpc#24782).
- Add support for 'unix-abstract:' URIs to support abstract
unix domain sockets (gh#grpc/grpc#24500).
- Increment Index when parsing not plumbed SAN fields
(gh#grpc/grpc#24601).
- Revert 'Revert 'Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS''
(gh#grpc/grpc#24518).
- xds: Set status code to INVALID_ARGUMENT when NACKing
(gh#grpc/grpc#24516).
- Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
- xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
- Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
- Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd
(gh#grpc/grpc#24362).
Update to release 1.33.2
* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.
Update to version 1.33.1
* Core
- Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).
- Expose Cronet error message to the application layer
(gh#grpc/grpc#24083).
- Remove grpc_channel_ping from surface API
(gh#grpc/grpc#23894).
- Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).
* C++
- Makefile: only support building deps from submodule
(gh#grpc/grpc#23957).
- Add new subpackages - libupb and upb-devel. Currently, grpc
sources include also upb sources. Before this change, libupb and
upb-devel used to be included in a separate package - upb.
Update to version 1.32.0:
* Core
- Remove stream from stalled lists on remove_stream
(gh#grpc/grpc#23984).
- Do not cancel RPC if send metadata size if larger than
peer's limit (gh#grpc/grpc#23806).
- Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
- Keepalive throttling (gh#grpc/grpc#23313).
- Include the target_uri in 'target uri is not valid' error
messages (gh#grpc/grpc#23782).
- Fix 'cannot send compressed message large than 1024B' in
cronet_transport (gh#grpc/grpc#23219).
- Receive SETTINGS frame on clients before declaring
subchannel READY (gh#grpc/grpc#23636).
- Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
- Experimental xDS v3 support (gh#grpc/grpc#23281).
* C++
- Upgrade bazel used for all tests to 2.2.0
(gh#grpc/grpc#23902).
- Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
- Fix repeated builds broken by re2's cmake
(gh#grpc/grpc#23587).
- Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:
- Update to version 0.3.0+git.20200721:
* Bump version to 0.3.0
* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)
- Update to version 0.2.1+git.20190826:
* Remove grpc_java dependency and java_proto rules. (#214)
* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)
- Update to version 0.2.1:
* Add grpc-gateway for metrics service. (#205)
* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert 'Start 0.3.0 development cycle (#167)' (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality. (#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should. (#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven. (#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)
- Initial version 20180523
protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
C++:
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split('/')
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
UPB (Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C:
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler:
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java:
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp:
* [C#] Replace regex that validates descriptor names
update to 22.5:
C++:
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++:
* Fix libprotoc: export useful symbols from .so
Python:
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other:
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension):
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
update to 22.2:
Java:
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip 'src' from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:
* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
update to 21.11:
* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
update to 21.10::
* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
update to 21.9:
* Ruby:
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other:
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++:
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java:
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private 'parsing
constructor' to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP:
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++:
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:
- C++:
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java:
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python:
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP:
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby:
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other:
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Update to 3.20.1:
- PHP:
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby:
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other:
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby:
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java:
- Revert 'Standardize on Array copyOf' (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin:
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python:
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
--pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add 'ensure_ascii' parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler:
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas:
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++:
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP:
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#:
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C:
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)
Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++:
* Remove the ::pb namespace (alias) (#8423)
Ruby:
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby:
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP:
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++:
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python:
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP:
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby:
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java:
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#:
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
Update to v3.14.0
Protocol Compiler:
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++:
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python:
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP:
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
Update to version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler:
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C:
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++:
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby:
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java:
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka 'cpp api v2') that
replaces the old ('cpp api v1') one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
- Release notes for 0.15.0
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
- Release notes for 0.14.1
* Top-level LICENSE file is now exported in bazel.
- Release notes for 0.14.0
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert 'Fix prefork handler register's default behavior'
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package 'xds_protos'
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
ModerateSUSE bug 1133277SUSE bug 1182659SUSE bug 1203378SUSE bug 1208794SUSE bug 1212180SUSE bug 1212182SUSE bug 1214148SUSE bug 1215334CVE-2023-32731 at SUSECVE-2023-32731 at NVDCVE-2023-32732 at SUSECVE-2023-32732 at NVDCVE-2023-33953 at SUSECVE-2023-33953 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-4785 at SUSECVE-2023-4785 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Important)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
ModerateSUSE bug 1219213CVE-2023-52356 at SUSECVE-2023-52356 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssh (Important)SUSE Linux Enterprise Micro 5.3
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:suse:sle-micro:5.3Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.3
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.3Security update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ImportantSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:suse:sle-micro:5.3Security update for tar (Low)SUSE Linux Enterprise Micro 5.3
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14
* Added vGPU Host and vGPU Guest support. For vGPU Host, please
refer to the README.vgpu packaged in the vGPU Host Package for
more details.
Security issues fixed:
* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
- create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks
also during modprobing the nvidia module; this changes the issue
of not having access to /dev/nvidia${devid}, when gfxcard has
been replaced by a different gfx card after installing the driver
- provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
* this makes it easy to replace the package from nVidia's
CUDA repository with this presigned package
ImportantSUSE bug 1220552CVE-2022-42265 at SUSECVE-2022-42265 at NVDCVE-2024-0074 at SUSECVE-2024-0074 at NVDCVE-2024-0075 at SUSECVE-2024-0075 at NVDcpe:/o:suse:sle-micro:5.3Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.3
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:suse:sle-micro:5.3Security update for vim (Important)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).
Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:suse:sle-micro:5.3Security update for sudo (Important)SUSE Linux Enterprise Micro 5.3
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
ImportantSUSE bug 1221134SUSE bug 1221151CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
The following non-security bugs were fixed:
- bpf: Fix verification of indirect var-off stack access (git-fixes).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1211515SUSE bug 1213456SUSE bug 1214064SUSE bug 1218195SUSE bug 1218216SUSE bug 1218562SUSE bug 1218915SUSE bug 1219073SUSE bug 1219126SUSE bug 1219127SUSE bug 1219146SUSE bug 1219295SUSE bug 1219633SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220350SUSE bug 1220364SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220797SUSE bug 1220825SUSE bug 1220845SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
ImportantSUSE bug 1214691SUSE bug 1219666CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1219885CVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
ModerateSUSE bug 1213590SUSE bug 1214686SUSE bug 1214687SUSE bug 1221187CVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-40745 at SUSECVE-2023-40745 at NVDCVE-2023-41175 at SUSECVE-2023-41175 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- drop 2 git-fixes patches which are suspicious to introduce regression reported in bsc#1219073
- fix unresolved hunks in readme.branch
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- readme.branch: use correct mail for roy
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add the removed mds_user_clear symbol to kabi severities as it is exposed just for kvm module and is generally a core kernel component so removing it is low risk.
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1211515SUSE bug 1213456SUSE bug 1214064SUSE bug 1218195SUSE bug 1218216SUSE bug 1218562SUSE bug 1218915SUSE bug 1219073SUSE bug 1219126SUSE bug 1219127SUSE bug 1219146SUSE bug 1219295SUSE bug 1219633SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220350SUSE bug 1220364SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220797SUSE bug 1220825SUSE bug 1220845SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
ModerateSUSE bug 1238879CVE-2025-27516 at SUSECVE-2025-27516 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1206048SUSE bug 1206049SUSE bug 1207593SUSE bug 1207640SUSE bug 1210050SUSE bug 1211263SUSE bug 1217339SUSE bug 1228483SUSE bug 1228708SUSE bug 1228779SUSE bug 1228966SUSE bug 1237521SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237807SUSE bug 1237808SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237817SUSE bug 1237818SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238006SUSE bug 1238007SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238030SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238115SUSE bug 1238116SUSE bug 1238120SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238343SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238400SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238423SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238804SUSE bug 1238805SUSE bug 1238808SUSE bug 1238809SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238821SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238916SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238943SUSE bug 1238945SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115CVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
ImportantSUSE bug 1239330CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Low)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
LowSUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker, docker-stable (Important)SUSE Linux Enterprise Micro 5.3
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
ImportantSUSE bug 1237367SUSE bug 1239185SUSE bug 1239322CVE-2024-23650 at SUSECVE-2024-23650 at NVDCVE-2024-29018 at SUSECVE-2024-29018 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.3
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
ImportantSUSE bug 1238591SUSE bug 1239625SUSE bug 1239637CVE-2023-40403 at SUSECVE-2023-40403 at NVDCVE-2024-55549 at SUSECVE-2024-55549 at NVDCVE-2025-24855 at SUSECVE-2025-24855 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
- CVE-2025-21839: kABI: Fix kABI after backport od CVE-2025-21839 (bsc#1239061).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197227SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1206048SUSE bug 1206049SUSE bug 1207034SUSE bug 1207186SUSE bug 1207593SUSE bug 1207640SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1210050SUSE bug 1210647SUSE bug 1211263SUSE bug 1213167SUSE bug 1217339SUSE bug 1225742SUSE bug 1228483SUSE bug 1228708SUSE bug 1228779SUSE bug 1228966SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1233558SUSE bug 1234464SUSE bug 1235528SUSE bug 1237029SUSE bug 1237521SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237807SUSE bug 1237808SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237817SUSE bug 1237818SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237875SUSE bug 1237877SUSE bug 1237890SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237918SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238006SUSE bug 1238007SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238030SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238115SUSE bug 1238116SUSE bug 1238120SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238343SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238400SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238423SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238804SUSE bug 1238805SUSE bug 1238808SUSE bug 1238809SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238821SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238911SUSE bug 1238916SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238943SUSE bug 1238945SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239016SUSE bug 1239035SUSE bug 1239036SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239061SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240195SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2024-58083 at SUSECVE-2024-58083 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21714 at SUSECVE-2025-21714 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21732 at SUSECVE-2025-21732 at NVDCVE-2025-21753 at SUSECVE-2025-21753 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDcpe:/o:suse:sle-micro:5.3Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.3
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
ModerateSUSE bug 1234452cpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
ImportantSUSE bug 1193629SUSE bug 1197227SUSE bug 1207034SUSE bug 1207186SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1210647SUSE bug 1213167SUSE bug 1225742SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1233558SUSE bug 1234464SUSE bug 1235528SUSE bug 1237029SUSE bug 1237530SUSE bug 1237875SUSE bug 1237877SUSE bug 1237890SUSE bug 1237918SUSE bug 1238911SUSE bug 1238919SUSE bug 1239016SUSE bug 1239036SUSE bug 1239061SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240195SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-58083 at SUSECVE-2024-58083 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21714 at SUSECVE-2025-21714 at NVDCVE-2025-21732 at SUSECVE-2025-21732 at NVDCVE-2025-21753 at SUSECVE-2025-21753 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Important)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
ImportantSUSE bug 1239618CVE-2024-8176 at SUSECVE-2024-8176 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.3
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
ModerateSUSE bug 1232234CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.3Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.3
This update for haproxy fixes the following issues:
- CVE-2025-32464: Fixed heap-based buffer overflow in sample_conv_regsub. (bsc#1240971)
ModerateSUSE bug 1240971CVE-2025-32464 at SUSECVE-2025-32464 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
ModerateSUSE bug 1239749CVE-2024-40635 at SUSECVE-2024-40635 at NVDcpe:/o:suse:sle-micro:5.3Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for mozjs60 fixes the following issues:
- CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837).
ModerateSUSE bug 1234837CVE-2024-56431 at SUSECVE-2024-56431 at NVDcpe:/o:suse:sle-micro:5.3Security update for cifs-utils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cifs-utils fixes the following issues:
- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
ModerateSUSE bug 1239680CVE-2025-2312 at SUSECVE-2025-2312 at NVDcpe:/o:suse:sle-micro:5.3Security update for augeas (Low)SUSE Linux Enterprise Micro 5.3
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
LowSUSE bug 1239909CVE-2025-2588 at SUSECVE-2025-2588 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
ModerateSUSE bug 1241453SUSE bug 1241551CVE-2025-32414 at SUSECVE-2025-32414 at NVDCVE-2025-32415 at SUSECVE-2025-32415 at NVDcpe:/o:suse:sle-micro:5.3Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
ModerateSUSE bug 1241020SUSE bug 1241078SUSE bug 1241189CVE-2025-29087 at SUSECVE-2025-29087 at NVDCVE-2025-29088 at SUSECVE-2025-29088 at NVDCVE-2025-3277 at SUSECVE-2025-3277 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750)
- CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
- CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
- CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
- CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
- CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164)
- CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
- CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688)
ImportantSUSE bug 1240750SUSE bug 1240752SUSE bug 1240756SUSE bug 1240757SUSE bug 1241164SUSE bug 1241222SUSE bug 1241686SUSE bug 1241688CVE-2025-2784 at SUSECVE-2025-2784 at NVDCVE-2025-32050 at SUSECVE-2025-32050 at NVDCVE-2025-32052 at SUSECVE-2025-32052 at NVDCVE-2025-32053 at SUSECVE-2025-32053 at NVDCVE-2025-32907 at SUSECVE-2025-32907 at NVDCVE-2025-32914 at SUSECVE-2025-32914 at NVDCVE-2025-46420 at SUSECVE-2025-46420 at NVDCVE-2025-46421 at SUSECVE-2025-46421 at NVDcpe:/o:suse:sle-micro:5.3Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.3
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
ModerateSUSE bug 1241678CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
ImportantSUSE bug 1201855SUSE bug 1230771SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239968SUSE bug 1240188SUSE bug 1240195SUSE bug 1240553SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241378SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21886 at SUSECVE-2025-21886 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22029 at SUSECVE-2025-22029 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
ModerateSUSE bug 1228634SUSE bug 1232533SUSE bug 1241012SUSE bug 1241045CVE-2025-32728 at SUSECVE-2025-32728 at NVDcpe:/o:suse:sle-micro:5.3Security update for brltty (Moderate)SUSE Linux Enterprise Micro 5.3
This update for brltty fixes the following issues:
- Avoid having brlapi.key temporarily world-readable during creation (bsc#1235438).
ModerateSUSE bug 1235438cpe:/o:suse:sle-micro:5.3Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
ModerateSUSE bug 1240897CVE-2025-3360 at SUSECVE-2025-3360 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
ImportantSUSE bug 1201855SUSE bug 1230771SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239968SUSE bug 1240188SUSE bug 1240195SUSE bug 1240553SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21886 at SUSECVE-2025-21886 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDcpe:/o:suse:sle-micro:5.3Security update for s390-tools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for s390-tools rebuilds the existing package with the new 4k RSA secure boot key.
Security issues fixed:
- CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. (bsc#1242622)
Other issues:
- Added the new IBM z17 (9175) processor type
ModerateSUSE bug 1242622CVE-2025-3416 at SUSECVE-2025-3416 at NVDcpe:/o:suse:sle-micro:5.3Security update for rsync (Important)SUSE Linux Enterprise Micro 5.3
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
ImportantSUSE bug 1234101SUSE bug 1234102SUSE bug 1234103SUSE bug 1234104SUSE bug 1235475SUSE bug 1235895CVE-2024-12085 at SUSECVE-2024-12085 at NVDCVE-2024-12086 at SUSECVE-2024-12086 at NVDCVE-2024-12087 at SUSECVE-2024-12087 at NVDCVE-2024-12088 at SUSECVE-2024-12088 at NVDCVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)
- CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
- Updates for functional issues.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2)
| ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2)
| GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6
| LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3
| EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5
| GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3
| MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores
| TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile
| TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile
ModerateSUSE bug 1243123CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-43420 at SUSECVE-2024-43420 at NVDCVE-2024-45332 at SUSECVE-2024-45332 at NVDCVE-2025-20012 at SUSECVE-2025-20012 at NVDCVE-2025-20054 at SUSECVE-2025-20054 at NVDCVE-2025-20103 at SUSECVE-2025-20103 at NVDCVE-2025-20623 at SUSECVE-2025-20623 at NVDCVE-2025-24495 at SUSECVE-2025-24495 at NVDcpe:/o:suse:sle-micro:5.3Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
- Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
ModerateSUSE bug 1237147SUSE bug 1237180SUSE bug 1241938SUSE bug 1243106CVE-2025-22247 at SUSECVE-2025-22247 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.3
This update for python-tornado fixes the following issues:
- CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service
(bsc#1243268).
ImportantSUSE bug 1243268CVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.3Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for iputils fixes the following issues:
Security fixes:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300).
Other bug fixes:
- Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284).
ModerateSUSE bug 1242300SUSE bug 1243284CVE-2025-47268 at SUSECVE-2025-47268 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Important)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
ImportantSUSE bug 1234128SUSE bug 1243317CVE-2025-4802 at SUSECVE-2025-4802 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.3
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
ImportantSUSE bug 1243313CVE-2025-47273 at SUSECVE-2025-47273 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332)
- CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423)
- CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263)
- CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226)
- CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252)
- CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238)
- CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214)
- CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162)
ImportantSUSE bug 1241162SUSE bug 1241214SUSE bug 1241226SUSE bug 1241238SUSE bug 1241252SUSE bug 1241263SUSE bug 1243332SUSE bug 1243423CVE-2025-32906 at SUSECVE-2025-32906 at NVDCVE-2025-32909 at SUSECVE-2025-32909 at NVDCVE-2025-32910 at SUSECVE-2025-32910 at NVDCVE-2025-32911 at SUSECVE-2025-32911 at NVDCVE-2025-32912 at SUSECVE-2025-32912 at NVDCVE-2025-32913 at SUSECVE-2025-32913 at NVDCVE-2025-4948 at SUSECVE-2025-4948 at NVDCVE-2025-4969 at SUSECVE-2025-4969 at NVDcpe:/o:suse:sle-micro:5.3Security update for sysstat (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
ModerateSUSE bug 1202473SUSE bug 1205224SUSE bug 1211507CVE-2022-39377 at SUSECVE-2022-39377 at NVDCVE-2023-33204 at SUSECVE-2023-33204 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919)
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1240177SUSE bug 1240802SUSE bug 1241525SUSE bug 1241526SUSE bug 1241640SUSE bug 1241648SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242284SUSE bug 1242285SUSE bug 1242289SUSE bug 1242294SUSE bug 1242305SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242402SUSE bug 1242403SUSE bug 1242409SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242493SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242749SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243649SUSE bug 1243660SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21888 at SUSECVE-2025-21888 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-22060 at SUSECVE-2025-22060 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
ModerateSUSE bug 1244039CVE-2024-47081 at SUSECVE-2024-47081 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam_u2f (Important)SUSE Linux Enterprise Micro 5.3
This update for pam_u2f fixes the following issues:
- CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)
ImportantSUSE bug 1233517SUSE bug 1235961CVE-2025-23013 at SUSECVE-2025-23013 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam (Important)SUSE Linux Enterprise Micro 5.3
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
ImportantSUSE bug 1243226SUSE bug 1244509CVE-2025-6018 at SUSECVE-2025-6018 at NVDCVE-2025-6020 at SUSECVE-2025-6020 at NVDcpe:/o:suse:sle-micro:5.3Security update for screen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for screen fixes the following issues:
Security issues fixed:
- CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session
allows for TTY hijacking (bsc#1242269).
Other issues fixed:
- Use TTY file descriptor passing after a suspend (`MSG_CONT`).
- Fix resume after suspend in multi-user mode.
ModerateSUSE bug 1242269CVE-2025-46802 at SUSECVE-2025-46802 at NVDcpe:/o:suse:sle-micro:5.3Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
ModerateSUSE bug 1244079CVE-2025-40909 at SUSECVE-2025-40909 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358)
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1190358SUSE bug 1190428SUSE bug 1209798SUSE bug 1215304SUSE bug 1222878SUSE bug 1228466SUSE bug 1230697SUSE bug 1232436SUSE bug 1233070SUSE bug 1233642SUSE bug 1234281SUSE bug 1234282SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1235004SUSE bug 1235035SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam_pkcs11 (Important)SUSE Linux Enterprise Micro 5.3
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.3Security update for libblockdev (Important)SUSE Linux Enterprise Micro 5.3
This update for libblockdev fixes the following issues:
- CVE-2025-6019: Suppress privilege escalation during xfs fs resize (bsc#1243285).
ImportantSUSE bug 1243285CVE-2025-6019 at SUSECVE-2025-6019 at NVDcpe:/o:suse:sle-micro:5.3Security update for ignition (Important)SUSE Linux Enterprise Micro 5.3
This update for ignition fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192).
ImportantSUSE bug 1239192CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sle-micro:5.3Security update for icu (Important)SUSE Linux Enterprise Micro 5.3
This update for icu fixes the following issues:
- CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721).
ImportantSUSE bug 1161007SUSE bug 1167603SUSE bug 1193951SUSE bug 1243721CVE-2020-21913 at SUSECVE-2020-21913 at NVDCVE-2025-5222 at SUSECVE-2025-5222 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam-config (Important)SUSE Linux Enterprise Micro 5.3
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.3Recommended update for podman (Moderate)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- Added patch to remove using rw as a default mount option (bsc#1239776)
ModerateSUSE bug 1239776CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.3Security update for sudo (Important)SUSE Linux Enterprise Micro 5.3
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
ImportantSUSE bug 1245274CVE-2025-32462 at SUSECVE-2025-32462 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Low)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
ModerateSUSE bug 1228776SUSE bug 1239602CVE-2024-41965 at SUSECVE-2024-41965 at NVDCVE-2025-29768 at SUSECVE-2025-29768 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49858: octeontx2-pf: Fix SQE threshold checking (bsc#1242589).
- CVE-2023-53058: net/mlx5: E-Switch, Fix an Oops in error handling code (bsc#1242237).
- CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock (bsc#1242241).
- CVE-2023-53064: iavf: Fix hang on reboot with ice (bsc#1242222).
- CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
- CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
- CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
- CVE-2023-53134: bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1242380)
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919).
- Update metadata and put them into the sorted part of the series
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1240177SUSE bug 1240802SUSE bug 1241525SUSE bug 1241526SUSE bug 1241640SUSE bug 1241648SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242284SUSE bug 1242285SUSE bug 1242289SUSE bug 1242294SUSE bug 1242305SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242402SUSE bug 1242403SUSE bug 1242409SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242493SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242749SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243649SUSE bug 1243660SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21888 at SUSECVE-2025-21888 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-22060 at SUSECVE-2025-22060 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDcpe:/o:suse:sle-micro:5.3Security update for libssh (Important)SUSE Linux Enterprise Micro 5.3
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
ImportantSUSE bug 1245309SUSE bug 1245310SUSE bug 1245311SUSE bug 1245314CVE-2025-4877 at SUSECVE-2025-4877 at NVDCVE-2025-4878 at SUSECVE-2025-4878 at NVDCVE-2025-5318 at SUSECVE-2025-5318 at NVDCVE-2025-5372 at SUSECVE-2025-5372 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
ModerateSUSE bug 1239765SUSE bug 1240150SUSE bug 1241830SUSE bug 1242114SUSE bug 1243833SUSE bug 1244035CVE-2025-0495 at SUSECVE-2025-0495 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:sle-micro:5.3Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.3
This update for protobuf fixes the following issues:
- CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- KVM: x86: fix sending PV IPI (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1189998SUSE bug 1190358SUSE bug 1190428SUSE bug 1191949SUSE bug 1193983SUSE bug 1196869SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1209657SUSE bug 1209798SUSE bug 1211592SUSE bug 1215304SUSE bug 1216702SUSE bug 1217169SUSE bug 1218447SUSE bug 1221044SUSE bug 1222721SUSE bug 1222878SUSE bug 1223481SUSE bug 1223501SUSE bug 1223512SUSE bug 1223520SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224099SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224685SUSE bug 1224730SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1230697SUSE bug 1232436SUSE bug 1233070SUSE bug 1233642SUSE bug 1234281SUSE bug 1234282SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1235004SUSE bug 1235035SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch')
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag.
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1233551SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1236333SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242221SUSE bug 1242414SUSE bug 1242417SUSE bug 1242504SUSE bug 1242596SUSE bug 1242782SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244890SUSE bug 1244895SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244908SUSE bug 1244911SUSE bug 1244915SUSE bug 1244936SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245018SUSE bug 1245019SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245064SUSE bug 1245069SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
Security fixes:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
Other fixes:
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1234282SUSE bug 1238043SUSE bug 1238896SUSE bug 1243117SUSE bug 1244644SUSE bug 1246112CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2025-1713 at SUSECVE-2025-1713 at NVDCVE-2025-27465 at SUSECVE-2025-27465 at NVDcpe:/o:suse:sle-micro:5.3Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.3
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
ImportantSUSE bug 1246232SUSE bug 1246233SUSE bug 1246267SUSE bug 1246299CVE-2025-32988 at SUSECVE-2025-32988 at NVDCVE-2025-32989 at SUSECVE-2025-32989 at NVDCVE-2025-32990 at SUSECVE-2025-32990 at NVDCVE-2025-6395 at SUSECVE-2025-6395 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
ImportantSUSE bug 1244554SUSE bug 1244557SUSE bug 1244590SUSE bug 1244700CVE-2025-49794 at SUSECVE-2025-49794 at NVDCVE-2025-49796 at SUSECVE-2025-49796 at NVDCVE-2025-6021 at SUSECVE-2025-6021 at NVDCVE-2025-6170 at SUSECVE-2025-6170 at NVDcpe:/o:suse:sle-micro:5.3Security update for coreutils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
ModerateSUSE bug 1243767CVE-2025-5278 at SUSECVE-2025-5278 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
ModerateSUSE bug 1242844CVE-2025-4373 at SUSECVE-2025-4373 at NVDcpe:/o:suse:sle-micro:5.3Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.3
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
ModerateSUSE bug 1243450CVE-2024-23337 at SUSECVE-2024-23337 at NVDcpe:/o:suse:sle-micro:5.3Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
ModerateSUSE bug 1243772CVE-2025-48964 at SUSECVE-2025-48964 at NVDcpe:/o:suse:sle-micro:5.3Security update for libgcrypt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
ModerateSUSE bug 1221107CVE-2024-2236 at SUSECVE-2024-2236 at NVDcpe:/o:suse:sle-micro:5.3Security update for gstreamer-plugins-base (Moderate)SUSE Linux Enterprise Micro 5.3
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (bsc#1244404).
- CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (bsc#1244403).
- CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser (bsc#1244407).
ModerateSUSE bug 1244403SUSE bug 1244404SUSE bug 1244407CVE-2025-47806 at SUSECVE-2025-47806 at NVDCVE-2025-47807 at SUSECVE-2025-47807 at NVDCVE-2025-47808 at SUSECVE-2025-47808 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Important)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2024-38822: Fixed Minion token validation (bsc#1244561)
- CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)
- CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)
- CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)
- CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)
- CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)
- CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)
- CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)
- CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)
- CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574)
- CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)
- CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)
- Other bugs fixed:
- Added subsystem filter to udev.exportdb (bsc#1236621)
- Fixed Ubuntu 24.04 test failures
- Fixed refresh of osrelease and related grains on Python 3.10+
- Fixed issue requiring proper Python flavor for dependencies
ImportantSUSE bug 1236621SUSE bug 1243268SUSE bug 1244561SUSE bug 1244564SUSE bug 1244565SUSE bug 1244566SUSE bug 1244567SUSE bug 1244568SUSE bug 1244570SUSE bug 1244571SUSE bug 1244572SUSE bug 1244574SUSE bug 1244575CVE-2024-38822 at SUSECVE-2024-38822 at NVDCVE-2024-38823 at SUSECVE-2024-38823 at NVDCVE-2024-38824 at SUSECVE-2024-38824 at NVDCVE-2024-38825 at SUSECVE-2024-38825 at NVDCVE-2025-22236 at SUSECVE-2025-22236 at NVDCVE-2025-22237 at SUSECVE-2025-22237 at NVDCVE-2025-22238 at SUSECVE-2025-22238 at NVDCVE-2025-22239 at SUSECVE-2025-22239 at NVDCVE-2025-22240 at SUSECVE-2025-22240 at NVDCVE-2025-22241 at SUSECVE-2025-22241 at NVDCVE-2025-22242 at SUSECVE-2025-22242 at NVDCVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.3Security update for polkit (Important)SUSE Linux Enterprise Micro 5.3
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
ImportantSUSE bug 1246472CVE-2025-7519 at SUSECVE-2025-7519 at NVDcpe:/o:suse:sle-micro:5.3Security update for boost (Important)SUSE Linux Enterprise Micro 5.3
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
ImportantSUSE bug 1245936CVE-2016-9840 at SUSECVE-2016-9840 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1233551SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1236333SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242221SUSE bug 1242414SUSE bug 1242417SUSE bug 1242504SUSE bug 1242596SUSE bug 1242782SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244890SUSE bug 1244895SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244908SUSE bug 1244911SUSE bug 1244915SUSE bug 1244936SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245018SUSE bug 1245019SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245064SUSE bug 1245069SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.3Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.3
This update for nvidia-open-driver-G06-signed fixes the following issues:
- Update to 550.144.03 (bsc#1235461, bsc#1235871)
* fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149,
CVE-2024-0150, CVE-2024-53869
ImportantSUSE bug 1234675SUSE bug 1235461SUSE bug 1235871CVE-2024-0131 at SUSECVE-2024-0131 at NVDCVE-2024-0147 at SUSECVE-2024-0147 at NVDCVE-2024-0149 at SUSECVE-2024-0149 at NVDCVE-2024-0150 at SUSECVE-2024-0150 at NVDCVE-2024-53869 at SUSECVE-2024-53869 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
ImportantSUSE bug 1246296CVE-2025-7425 at SUSECVE-2025-7425 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
* Required for rootless mode as a regular user has no permission
to load kernel modules
- CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
- Refactor network backend dependencies:
* podman requires either netavark or cni-plugins. On ALP, require
netavark, otherwise prefer netavark but don't force it.
* This fixes missing cni-plugins in some scenarios
* Default to netavark everywhere where it's available
ImportantSUSE bug 1214612SUSE bug 1215807SUSE bug 1215926SUSE bug 1217828SUSE bug 1221677SUSE bug 1231208SUSE bug 1231230SUSE bug 1231499SUSE bug 1231698SUSE bug 1236270CVE-2024-11218 at SUSECVE-2024-11218 at NVDCVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDCVE-2024-9676 at SUSECVE-2024-9676 at NVDcpe:/o:suse:sle-micro:5.3Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
ImportantSUSE bug 1246597CVE-2025-6965 at SUSECVE-2025-6965 at NVDcpe:/o:suse:sle-micro:5.3Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.3
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
ModerateSUSE bug 1243935CVE-2025-4598 at SUSECVE-2025-4598 at NVDcpe:/o:suse:sle-micro:5.3Security update for cairo (Low)SUSE Linux Enterprise Micro 5.3
This update for cairo fixes the following issues:
- CVE-2019-6461: avoid assert when drawing arcs with NaN angles (bsc#1122338).
LowSUSE bug 1122338CVE-2019-6461 at SUSECVE-2019-6461 at NVDcpe:/o:suse:sle-micro:5.3Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
ModerateSUSE bug 1244270SUSE bug 1244272SUSE bug 1244273SUSE bug 1244279SUSE bug 1244336CVE-2025-5914 at SUSECVE-2025-5914 at NVDCVE-2025-5915 at SUSECVE-2025-5915 at NVDCVE-2025-5916 at SUSECVE-2025-5916 at NVDCVE-2025-5917 at SUSECVE-2025-5917 at NVDCVE-2025-5918 at SUSECVE-2025-5918 at NVDcpe:/o:suse:sle-micro:5.3Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ModerateSUSE bug 1234959CVE-2024-56738 at SUSECVE-2024-56738 at NVDcpe:/o:suse:sle-micro:5.3Security update for dpkg (Moderate)SUSE Linux Enterprise Micro 5.3
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
ModerateSUSE bug 1245573CVE-2025-6297 at SUSECVE-2025-6297 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
ImportantSUSE bug 1233012SUSE bug 1243273SUSE bug 1244032SUSE bug 1244056SUSE bug 1244059SUSE bug 1244060SUSE bug 1244061SUSE bug 1244401SUSE bug 1244705SUSE bug 1247249SUSE bug 831629CVE-2024-12718 at SUSECVE-2024-12718 at NVDCVE-2025-4138 at SUSECVE-2025-4138 at NVDCVE-2025-4330 at SUSECVE-2025-4330 at NVDCVE-2025-4435 at SUSECVE-2025-4435 at NVDCVE-2025-4516 at SUSECVE-2025-4516 at NVDCVE-2025-4517 at SUSECVE-2025-4517 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDCVE-2025-8194 at SUSECVE-2025-8194 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
ImportantSUSE bug 1245320CVE-2025-6032 at SUSECVE-2025-6032 at NVDcpe:/o:suse:sle-micro:5.3Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.3
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
ImportantSUSE bug 1210344SUSE bug 1223234SUSE bug 1229952SUSE bug 1230029SUSE bug 1242623SUSE bug 1243861SUSE bug 1247193CVE-2023-26964 at SUSECVE-2023-26964 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-32650 at SUSECVE-2024-32650 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-58266 at SUSECVE-2025-58266 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
ImportantSUSE bug 1247106SUSE bug 1247108CVE-2025-8176 at SUSECVE-2025-8176 at NVDCVE-2025-8177 at SUSECVE-2025-8177 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1229334SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1240185SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21881 at SUSECVE-2025-21881 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1229334SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1240185SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21881 at SUSECVE-2025-21881 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-Jinja2 (Important)SUSE Linux Enterprise Micro 5.3
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
- Update to Docker 28.3.3-ce.
- CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367)
ModerateSUSE bug 1246556SUSE bug 1247367CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:sle-micro:5.3Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.3
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
ModerateSUSE bug 1244116CVE-2025-48060 at SUSECVE-2025-48060 at NVDcpe:/o:suse:sle-micro:5.3Security update for rust-keylime (Moderate)SUSE Linux Enterprise Micro 5.3
This update for rust-keylime fixes the following issues:
- Update slab to version 0.4.11:
* CVE-2025-55159: Fixed incorrect bounds check in get_disjoint_mut function (bsc#1248006)
- Update to version 0.2.8+12:
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump cfg-if from 1.0.0 to 1.0.1
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump clap from 4.5.39 to 4.5.45
* build(deps): bump pest from 2.8.0 to 2.8.1
* Fix clippy warnings
* Use verifier-provided interval for continuous attestation timing
* Add meta object with seconds_to_next_attestation to evidence response
* Fix boot time retrieval
* Fix IMA log format (it must be ['text/plain']) (#1073)
* Remove unnecessary configuration fields
* cargo: Bump retry-policies to version 0.4.0
ModerateSUSE bug 1248006CVE-2025-55159 at SUSECVE-2025-55159 at NVDcpe:/o:suse:sle-micro:5.3Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.3
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227)
- CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)
ImportantSUSE bug 1245227SUSE bug 1246114CVE-2025-6199 at SUSECVE-2025-6199 at NVDCVE-2025-7345 at SUSECVE-2025-7345 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.3
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
ModerateSUSE bug 1232234SUSE bug 1246221CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
ModerateSUSE bug 1244925CVE-2025-50181 at SUSECVE-2025-50181 at NVDcpe:/o:suse:sle-micro:5.3Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ignition fixes the following issues:
- CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input (bsc#1248548)
ModerateSUSE bug 1248548CVE-2022-28948 at SUSECVE-2022-28948 at NVDcpe:/o:suse:sle-micro:5.3Security update for udisks2 (Important)SUSE Linux Enterprise Micro 5.3
This update for udisks2 fixes the following issues:
- CVE-2025-8067: Fixed missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502)
ImportantSUSE bug 1248502CVE-2025-8067 at SUSECVE-2025-8067 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-future (Important)SUSE Linux Enterprise Micro 5.3
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
ImportantSUSE bug 1248124CVE-2025-50817 at SUSECVE-2025-50817 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
| GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
| ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
| LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
| MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases:
All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
ImportantSUSE bug 1248438CVE-2025-20053 at SUSECVE-2025-20053 at NVDCVE-2025-20109 at SUSECVE-2025-20109 at NVDCVE-2025-22839 at SUSECVE-2025-22839 at NVDCVE-2025-22840 at SUSECVE-2025-22840 at NVDCVE-2025-22889 at SUSECVE-2025-22889 at NVDCVE-2025-26403 at SUSECVE-2025-26403 at NVDCVE-2025-32086 at SUSECVE-2025-32086 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Low)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2025-4945: Fixed Integer Overflow in Cookie Expiration Date Handling in libsoup (bsc#1243314).
LowSUSE bug 1243314CVE-2025-4945 at SUSECVE-2025-4945 at NVDcpe:/o:suse:sle-micro:5.3Security update for regionServiceClientConfigAzure (Critical)SUSE Linux Enterprise Micro 5.3
This update for regionServiceClientConfigAzure contains the following fixes:
- Update to version 3.0.0.(bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in
SLE 16. (bsc#1243419)
+ Replacing certificate for rgnsrv-azure-southeastasia to get
rid of weird chain cert
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.3Security update for regionServiceClientConfigEC2 (Critical)SUSE Linux Enterprise Micro 5.3
This update for regionServiceClientConfigEC2 contains the following fixes:
- Update to version 5.0.0. (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency to accomodate metadata binary package name change
in SLE 16. (bsc#1243419)
+ New 4096 certificate for rgnsrv-ec2-us-east1
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.3Security update for regionServiceClientConfigGCE (Critical)SUSE Linux Enterprise Micro 5.3
This update for regionServiceClientConfigGCE contains the following fixes:
- Update to version 5.0.0 (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update conditional to handle name change of metadata package
in SLE 16. (bsc#1242063)
+ Add noipv6 patch
CriticalSUSE bug 1242063SUSE bug 1246995cpe:/o:suse:sle-micro:5.3Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
ModerateSUSE bug 1246602SUSE bug 1246604SUSE bug 1247938SUSE bug 1247939CVE-2025-53905 at SUSECVE-2025-53905 at NVDCVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2025-55157 at SUSECVE-2025-55157 at NVDCVE-2025-55158 at SUSECVE-2025-55158 at NVDcpe:/o:suse:sle-micro:5.3Security update for net-tools (Moderate)SUSE Linux Enterprise Micro 5.3
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
ModerateSUSE bug 1243581SUSE bug 1246608SUSE bug 1248410SUSE bug 1248687SUSE bug 142461CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Important)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
ImportantSUSE bug 1230932SUSE bug 1246533SUSE bug 1249049SUSE bug 1249128CVE-2024-47175 at SUSECVE-2024-47175 at NVDCVE-2025-58060 at SUSECVE-2025-58060 at NVDCVE-2025-58364 at SUSECVE-2025-58364 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.3Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.3
This update for bluez fixes the following issues:
- CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections (bsc#1217877).
ModerateSUSE bug 1217877CVE-2023-45866 at SUSECVE-2023-45866 at NVDcpe:/o:suse:sle-micro:5.3Security update for cairo (Low)SUSE Linux Enterprise Micro 5.3
This update for cairo fixes the following issues:
- CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589).
LowSUSE bug 1247589CVE-2025-50422 at SUSECVE-2025-50422 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (jsc#PED-8240).
ImportantSUSE bug 1234896SUSE bug 1244824SUSE bug 1245970SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
ModerateSUSE bug 1233421CVE-2024-52615 at SUSECVE-2024-52615 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Low)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330).
- CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582).
- CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117).
LowSUSE bug 1247582SUSE bug 1248117SUSE bug 1248330CVE-2025-8534 at SUSECVE-2025-8534 at NVDCVE-2025-8961 at SUSECVE-2025-8961 at NVDCVE-2025-9165 at SUSECVE-2025-9165 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (bsc#1244824 jsc#PED-8240).
ImportantSUSE bug 1234896SUSE bug 1244824SUSE bug 1245970SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.3Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.3
This update for rsync fixes the following issues:
- Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities.
ModerateSUSE bug 1233760cpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
ImportantSUSE bug 1236460CVE-2022-49043 at SUSECVE-2022-49043 at NVDcpe:/o:suse:sle-micro:5.3Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ignition fixes the following issues:
CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518)
ModerateSUSE bug 1236518CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.3Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.3
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
- CVE-2025-23277: Fixed access memory outside bounds permitted under normal
use cases in NVIDIA Display Driver (bsc#1247528).
- CVE-2025-23278: Fixed improper index validation by issuing a call with
crafted parameters in NVIDIA Display Driver (bsc#1247529).
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530).
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest
in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
- CVE-2025-23279: Fixed race condition that lead to privileges escalations
in NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
- Added Requires to be provided by special versions of nvidia-modprobe and
nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
- Get rid of rule of older KMPs not to load nvidia_drm module, which
are still installed in parallel and therefore still active (bsc#1247923).
ImportantSUSE bug 1236658SUSE bug 1236746SUSE bug 1237208SUSE bug 1237308SUSE bug 1237585SUSE bug 1239139SUSE bug 1239653SUSE bug 1241231SUSE bug 1242054SUSE bug 1243192SUSE bug 1244614SUSE bug 1246010SUSE bug 1246327SUSE bug 1247528SUSE bug 1247529SUSE bug 1247530SUSE bug 1247531SUSE bug 1247532SUSE bug 1247907SUSE bug 1247923SUSE bug 1249235CVE-2025-23277 at SUSECVE-2025-23277 at NVDCVE-2025-23278 at SUSECVE-2025-23278 at NVDCVE-2025-23279 at SUSECVE-2025-23279 at NVDCVE-2025-23283 at SUSECVE-2025-23283 at NVDCVE-2025-23286 at SUSECVE-2025-23286 at NVDcpe:/o:suse:sle-micro:5.3Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
ModerateSUSE bug 1236619CVE-2025-24528 at SUSECVE-2025-24528 at NVDcpe:/o:suse:sle-micro:5.3Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.3
This update for open-vm-tools fixes the following issues:
- CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373).
ImportantSUSE bug 1250373CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.3Security update for orc (Important)SUSE Linux Enterprise Micro 5.3
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-9566: fixed an issue in kube play command that could cause overwriting host files (bsc#1249154)
ImportantSUSE bug 1249154CVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:sle-micro:5.3Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.3
This update for haproxy fixes the following issues:
- CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive
resource consumption when processing numbers with large exponents (bsc#1250983).
ModerateSUSE bug 1250983CVE-2025-11230 at SUSECVE-2025-11230 at NVDcpe:/o:suse:sle-micro:5.3Security update for samba (Critical)SUSE Linux Enterprise Micro 5.3
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
CriticalSUSE bug 1251279SUSE bug 1251280CVE-2025-10230 at SUSECVE-2025-10230 at NVDCVE-2025-9640 at SUSECVE-2025-9640 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Important)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer.
- Revert backported patches for bsc#1238160 because the CVSS less than 7.0
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers.
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206456SUSE bug 1206468SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213666SUSE bug 1213747SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1236104SUSE bug 1238160SUSE bug 1241353SUSE bug 1242573SUSE bug 1242846SUSE bug 1242960SUSE bug 1243539SUSE bug 1244337SUSE bug 1244732SUSE bug 1245110SUSE bug 1245498SUSE bug 1245499SUSE bug 1245666SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1247288SUSE bug 1247317SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249608SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249691SUSE bug 1249695SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249781SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249808SUSE bug 1249810SUSE bug 1249820SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249872SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250039SUSE bug 1250041SUSE bug 1250043SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250114SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250131SUSE bug 1250132SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250159SUSE bug 1250161SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250209SUSE bug 1250211SUSE bug 1250237SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250767SUSE bug 1250768SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250830SUSE bug 1250831SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250955SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53307 at SUSECVE-2023-53307 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53513 at SUSECVE-2023-53513 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-23155 at SUSECVE-2025-23155 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
ModerateSUSE bug 1236588SUSE bug 1236590CVE-2025-0167 at SUSECVE-2025-0167 at NVDCVE-2025-0725 at SUSECVE-2025-0725 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- Revert backported patches for bsc#1238160.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206456SUSE bug 1206468SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213666SUSE bug 1213747SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1236104SUSE bug 1238160SUSE bug 1241353SUSE bug 1242573SUSE bug 1242846SUSE bug 1242960SUSE bug 1243539SUSE bug 1244337SUSE bug 1245110SUSE bug 1245498SUSE bug 1245499SUSE bug 1245666SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1247288SUSE bug 1247317SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249608SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249695SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249781SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249808SUSE bug 1249810SUSE bug 1249820SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249872SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250039SUSE bug 1250041SUSE bug 1250043SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250114SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250131SUSE bug 1250132SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250159SUSE bug 1250161SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250209SUSE bug 1250211SUSE bug 1250237SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250767SUSE bug 1250768SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250830SUSE bug 1250831SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250955SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53307 at SUSECVE-2023-53307 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53513 at SUSECVE-2023-53513 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-23155 at SUSECVE-2025-23155 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.3Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.3
This update for protobuf fixes the following issues:
- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
messages can lead to crash due to a `RecursionError` (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.3Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
ModerateSUSE bug 1241219CVE-2025-3576 at SUSECVE-2025-3576 at NVDcpe:/o:suse:sle-micro:5.3Security update for afterburn (Important)SUSE Linux Enterprise Micro 5.3
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
ImportantSUSE bug 1196972SUSE bug 1242665SUSE bug 1243850SUSE bug 1244199SUSE bug 1244675SUSE bug 1250471CVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-5791 at SUSECVE-2025-5791 at NVDcpe:/o:suse:sle-micro:5.3Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
ModerateSUSE bug 1246974SUSE bug 1249375CVE-2025-8114 at SUSECVE-2025-8114 at NVDCVE-2025-8277 at SUSECVE-2025-8277 at NVDcpe:/o:suse:sle-micro:5.3Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.3
This update for chrony fixes the following issues:
- Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
ModerateSUSE bug 1246544cpe:/o:suse:sle-micro:5.3Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.3
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
ImportantSUSE bug 1251263CVE-2025-9187 at SUSECVE-2025-9187 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Important)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
- CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472)
ImportantSUSE bug 1248807SUSE bug 1251271CVE-2025-27466 at SUSECVE-2025-27466 at NVDCVE-2025-58142 at SUSECVE-2025-58142 at NVDCVE-2025-58143 at SUSECVE-2025-58143 at NVDCVE-2025-58147 at SUSECVE-2025-58147 at NVDCVE-2025-58148 at SUSECVE-2025-58148 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.3
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979)
- CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553)
ImportantSUSE bug 1250553SUSE bug 1251979CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.3Security update for colord (Moderate)SUSE Linux Enterprise Micro 5.3
This update for colord fixes the following issues:
- CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750).
ModerateSUSE bug 1250750CVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.3Security update for tiff (Important)SUSE Linux Enterprise Micro 5.3
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
ImportantSUSE bug 1250413CVE-2025-9900 at SUSECVE-2025-9900 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
ImportantSUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.3Security update for gpg2 (Low)SUSE Linux Enterprise Micro 5.3
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
LowSUSE bug 1239119CVE-2025-30258 at SUSECVE-2025-30258 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0> ImportantSUSE bug 1252110SUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
ImportantSUSE bug 1252376SUSE bug 1252543CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.3Security update for elfutils (Moderate)SUSE Linux Enterprise Micro 5.3
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh. ModerateSUSE bug 1237236SUSE bug 1237240SUSE bug 1237241SUSE bug 1237242CVE-2025-1352 at SUSECVE-2025-1352 at NVDCVE-2025-1372 at SUSECVE-2025-1372 at NVDCVE-2025-1376 at SUSECVE-2025-1376 at NVDCVE-2025-1377 at SUSECVE-2025-1377 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251047SUSE bug 1251052SUSE bug 1251057SUSE bug 1251059SUSE bug 1251061SUSE bug 1251063SUSE bug 1251064SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251154SUSE bug 1251159SUSE bug 1251164SUSE bug 1251166SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251310SUSE bug 1251312SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252069SUSE bug 1252265SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893SUSE bug 1252904SUSE bug 1252919CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53576 at SUSECVE-2023-53576 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40088 at SUSECVE-2025-40088 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
ModerateSUSE bug 1251198SUSE bug 1251199CVE-2025-61984 at SUSECVE-2025-61984 at NVDCVE-2025-61985 at SUSECVE-2025-61985 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076)
- CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850)
ModerateSUSE bug 1247850SUSE bug 1249076CVE-2025-8732 at SUSECVE-2025-8732 at NVDCVE-2025-9714 at SUSECVE-2025-9714 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251047SUSE bug 1251052SUSE bug 1251057SUSE bug 1251059SUSE bug 1251061SUSE bug 1251063SUSE bug 1251064SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251154SUSE bug 1251159SUSE bug 1251164SUSE bug 1251166SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251310SUSE bug 1251312SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252069SUSE bug 1252265SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893SUSE bug 1252904SUSE bug 1252919CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53576 at SUSECVE-2023-53576 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40088 at SUSECVE-2025-40088 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542)
ImportantSUSE bug 1253542CVE-2025-47913 at SUSECVE-2025-47913 at NVDcpe:/o:suse:sle-micro:5.3Security update for sssd (Important)SUSE Linux Enterprise Micro 5.3
This update for sssd fixes the following issues:
- CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due
to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827)
Other fixes:
- Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325)
ImportantSUSE bug 1244325SUSE bug 1251827CVE-2025-11561 at SUSECVE-2025-11561 at NVDcpe:/o:suse:sle-micro:5.3Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
ModerateSUSE bug 1252931SUSE bug 1252932SUSE bug 1252933SUSE bug 1252934SUSE bug 1252935CVE-2025-54771 at SUSECVE-2025-54771 at NVDCVE-2025-61661 at SUSECVE-2025-61661 at NVDCVE-2025-61662 at SUSECVE-2025-61662 at NVDCVE-2025-61663 at SUSECVE-2025-61663 at NVDCVE-2025-61664 at SUSECVE-2025-61664 at NVDcpe:/o:suse:sle-micro:5.3Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.3
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
ModerateSUSE bug 1254132CVE-2025-9820 at SUSECVE-2025-9820 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
ImportantSUSE bug 1253126SUSE bug 1253132CVE-2024-25621 at SUSECVE-2024-25621 at NVDCVE-2025-64329 at SUSECVE-2025-64329 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
ModerateSUSE bug 1234225SUSE bug 1244057SUSE bug 1253783CVE-2025-58436 at SUSECVE-2025-58436 at NVDCVE-2025-61915 at SUSECVE-2025-61915 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
ModerateSUSE bug 1253757CVE-2025-11563 at SUSECVE-2025-11563 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Important)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
ImportantSUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2021-3611: Fixed segmentation fault due to stack overflow (bsc#1193914).
Other fixes:
- qemu.spec: mark bridge.conf as noreplace (bsc#1201944).
ModerateSUSE bug 1193914SUSE bug 1201944CVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
ModerateSUSE bug 1249055CVE-2025-7039 at SUSECVE-2025-7039 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Low)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
LowSUSE bug 1251305SUSE bug 1252974CVE-2025-6075 at SUSECVE-2025-6075 at NVDCVE-2025-8291 at SUSECVE-2025-8291 at NVDcpe:/o:suse:sle-micro:5.3Security update for librsvg (Moderate)SUSE Linux Enterprise Micro 5.3
This update for librsvg fixes the following issues:
Update to version 2.52.12.
- CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode
labels that do not produce any non-ASCII output when decoded (bsc#1243867).
- CVE-2024-43806: rustix: unbounded memory explosion leading to an application OOM crash when using the `rustix::fs::Dir`
iterator with the `linux_raw` backend (bsc#1229950).
ModerateSUSE bug 1229950SUSE bug 1243867CVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:suse:sle-micro:5.3Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.3
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
ModerateSUSE bug 1244057SUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.3Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.3
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
ImportantSUSE bug 1254157SUSE bug 1254158SUSE bug 1254159SUSE bug 1254160SUSE bug 1254480CVE-2025-64505 at SUSECVE-2025-64505 at NVDCVE-2025-64506 at SUSECVE-2025-64506 at NVDCVE-2025-64720 at SUSECVE-2025-64720 at NVDCVE-2025-65018 at SUSECVE-2025-65018 at NVDCVE-2025-66293 at SUSECVE-2025-66293 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Important)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
- CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
- Backport security fixes for vendored tornado
* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
- Other changes and bugs fixed:
- Fixed TLS and x509 modules for OSes with older cryptography module
- Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
- Fixed payload signature verification on Tumbleweed (bsc#1251776)
- Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
- Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
- Improved SL Micro 6.2 detection with grains
- Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
- Set python-CherryPy as required for python-salt-testsuite
ImportantSUSE bug 1227207SUSE bug 1250520SUSE bug 1250755SUSE bug 1251776SUSE bug 1252244SUSE bug 1252285SUSE bug 1254256SUSE bug 1254257CVE-2025-62348 at SUSECVE-2025-62348 at NVDCVE-2025-62349 at SUSECVE-2025-62349 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
ImportantSUSE bug 1254297SUSE bug 1254662SUSE bug 1254878CVE-2025-13601 at SUSECVE-2025-13601 at NVDCVE-2025-14087 at SUSECVE-2025-14087 at NVDCVE-2025-14512 at SUSECVE-2025-14512 at NVDcpe:/o:suse:sle-micro:5.3Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.3
This update for ovmf fixes the following issues:
- CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. (bsc#1225889)
- CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages.
(bsc#1218879)
- CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880)
- CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881)
- CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882)
- CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883)
- CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message.
(bsc#1218884)
- CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message.
(bsc#1218885)
- CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network packages. (bsc#1218886)
- CVE-2023-45237: use of a weak pseudorandom number generator in edk2. (bsc#1218887)
ImportantSUSE bug 1218879SUSE bug 1218880SUSE bug 1218881SUSE bug 1218882SUSE bug 1218883SUSE bug 1218884SUSE bug 1218885SUSE bug 1218886SUSE bug 1218887SUSE bug 1225889CVE-2023-45229 at SUSECVE-2023-45229 at NVDCVE-2023-45230 at SUSECVE-2023-45230 at NVDCVE-2023-45231 at SUSECVE-2023-45231 at NVDCVE-2023-45232 at SUSECVE-2023-45232 at NVDCVE-2023-45233 at SUSECVE-2023-45233 at NVDCVE-2023-45234 at SUSECVE-2023-45234 at NVDCVE-2023-45235 at SUSECVE-2023-45235 at NVDCVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDCVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:suse:sle-micro:5.3Security update for libtasn1 (Important)SUSE Linux Enterprise Micro 5.3
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
ImportantSUSE bug 1236878CVE-2024-12133 at SUSECVE-2024-12133 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
ModerateSUSE bug 1236705CVE-2025-0938 at SUSECVE-2025-0938 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1230697SUSE bug 1231847SUSE bug 1233112SUSE bug 1233642SUSE bug 1234025SUSE bug 1234690SUSE bug 1234884SUSE bug 1234896SUSE bug 1234931SUSE bug 1235134SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235466SUSE bug 1235480SUSE bug 1235521SUSE bug 1235584SUSE bug 1235645SUSE bug 1235723SUSE bug 1235759SUSE bug 1235764SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Low)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
LowSUSE bug 1236282CVE-2025-0395 at SUSECVE-2025-0395 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1230697SUSE bug 1231847SUSE bug 1233112SUSE bug 1233642SUSE bug 1234025SUSE bug 1234690SUSE bug 1234884SUSE bug 1234896SUSE bug 1234931SUSE bug 1235134SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235466SUSE bug 1235480SUSE bug 1235521SUSE bug 1235584SUSE bug 1235645SUSE bug 1235723SUSE bug 1235759SUSE bug 1235764SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing
them to log files. (bsc#1227052)
- CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames
read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507)
ModerateSUSE bug 1227052SUSE bug 1236507CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.3Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.3
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
ImportantSUSE bug 1233606SUSE bug 1233608SUSE bug 1233609SUSE bug 1233610SUSE bug 1233612SUSE bug 1233613SUSE bug 1233614SUSE bug 1233615SUSE bug 1233616SUSE bug 1233617SUSE bug 1234958SUSE bug 1236316SUSE bug 1236317SUSE bug 1237002SUSE bug 1237006SUSE bug 1237008SUSE bug 1237009SUSE bug 1237010SUSE bug 1237011SUSE bug 1237012SUSE bug 1237013SUSE bug 1237014CVE-2024-45774 at SUSECVE-2024-45774 at NVDCVE-2024-45775 at SUSECVE-2024-45775 at NVDCVE-2024-45776 at SUSECVE-2024-45776 at NVDCVE-2024-45777 at SUSECVE-2024-45777 at NVDCVE-2024-45778 at SUSECVE-2024-45778 at NVDCVE-2024-45779 at SUSECVE-2024-45779 at NVDCVE-2024-45780 at SUSECVE-2024-45780 at NVDCVE-2024-45781 at SUSECVE-2024-45781 at NVDCVE-2024-45782 at SUSECVE-2024-45782 at NVDCVE-2024-45783 at SUSECVE-2024-45783 at NVDCVE-2024-56737 at SUSECVE-2024-56737 at NVDCVE-2025-0622 at SUSECVE-2025-0622 at NVDCVE-2025-0624 at SUSECVE-2025-0624 at NVDCVE-2025-0677 at SUSECVE-2025-0677 at NVDCVE-2025-0678 at SUSECVE-2025-0678 at NVDCVE-2025-0684 at SUSECVE-2025-0684 at NVDCVE-2025-0685 at SUSECVE-2025-0685 at NVDCVE-2025-0686 at SUSECVE-2025-0686 at NVDCVE-2025-0689 at SUSECVE-2025-0689 at NVDCVE-2025-0690 at SUSECVE-2025-0690 at NVDCVE-2025-1118 at SUSECVE-2025-1118 at NVDCVE-2025-1125 at SUSECVE-2025-1125 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
- CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
- CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
ModerateSUSE bug 1237096CVE-2024-31068 at SUSECVE-2024-31068 at NVDCVE-2024-36293 at SUSECVE-2024-36293 at NVDCVE-2024-37020 at SUSECVE-2024-37020 at NVDCVE-2024-39355 at SUSECVE-2024-39355 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
ModerateSUSE bug 1237040CVE-2025-26465 at SUSECVE-2025-26465 at NVDcpe:/o:suse:sle-micro:5.3Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.3
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
ImportantSUSE bug 1234415SUSE bug 1234450SUSE bug 1234453SUSE bug 1234455SUSE bug 1234456SUSE bug 1234459SUSE bug 1234460CVE-2024-47538 at SUSECVE-2024-47538 at NVDCVE-2024-47541 at SUSECVE-2024-47541 at NVDCVE-2024-47542 at SUSECVE-2024-47542 at NVDCVE-2024-47600 at SUSECVE-2024-47600 at NVDCVE-2024-47607 at SUSECVE-2024-47607 at NVDCVE-2024-47615 at SUSECVE-2024-47615 at NVDCVE-2024-47835 at SUSECVE-2024-47835 at NVDcpe:/o:suse:sle-micro:5.3Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.3
This update for ovmf fixes the following issues:
- PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084).
ImportantSUSE bug 1237084CVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDcpe:/o:suse:sle-micro:5.3Security update for gstreamer (Important)SUSE Linux Enterprise Micro 5.3
This update for gstreamer fixes the following issues:
- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)
ImportantSUSE bug 1234449CVE-2024-47606 at SUSECVE-2024-47606 at NVDcpe:/o:suse:sle-micro:5.3Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.3
This update for dnsmasq fixes the following issues:
- Version update to 2.90:
- CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823)
- CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826)
- CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232. (bsc#1209358)
ImportantSUSE bug 1200344SUSE bug 1207174SUSE bug 1209358SUSE bug 1214884SUSE bug 1219823SUSE bug 1219826CVE-2023-28450 at SUSECVE-2023-28450 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:sle-micro:5.3Security update for pam_pkcs11 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062).
- CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to
crash (bsc#1237058).
ModerateSUSE bug 1237058SUSE bug 1237062CVE-2025-24031 at SUSECVE-2025-24031 at NVDCVE-2025-24032 at SUSECVE-2025-24032 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
ModerateSUSE bug 1229685SUSE bug 1229822SUSE bug 1230078SUSE bug 1235695SUSE bug 1236151SUSE bug 1237137CVE-2024-43790 at SUSECVE-2024-43790 at NVDCVE-2024-43802 at SUSECVE-2024-43802 at NVDCVE-2024-45306 at SUSECVE-2024-45306 at NVDCVE-2025-1215 at SUSECVE-2025-1215 at NVDCVE-2025-22134 at SUSECVE-2025-22134 at NVDCVE-2025-24014 at SUSECVE-2025-24014 at NVDcpe:/o:suse:sle-micro:5.3Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.3
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
ModerateSUSE bug 1236974CVE-2024-12243 at SUSECVE-2024-12243 at NVDcpe:/o:suse:sle-micro:5.3Security update for procps (Important)SUSE Linux Enterprise Micro 5.3
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
ImportantSUSE bug 1214290SUSE bug 1236842CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
ImportantSUSE bug 1237363SUSE bug 1237370SUSE bug 1237418CVE-2024-56171 at SUSECVE-2024-56171 at NVDCVE-2025-24928 at SUSECVE-2025-24928 at NVDCVE-2025-27113 at SUSECVE-2025-27113 at NVDcpe:/o:suse:sle-micro:5.3Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libX11 fixes the following issues:
- CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in
XkbChangeTypesOfKey() (bsc#1237431).
ModerateSUSE bug 1237431CVE-2025-26597 at SUSECVE-2025-26597 at NVDcpe:/o:suse:sle-micro:5.3Security update for u-boot (Moderate)SUSE Linux Enterprise Micro 5.3
This update for u-boot fixes the following issues:
- CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284).
- CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).
ModerateSUSE bug 1237284SUSE bug 1237287CVE-2024-57256 at SUSECVE-2024-57256 at NVDCVE-2024-57258 at SUSECVE-2024-57258 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
ModerateSUSE bug 1234089SUSE bug 1237335CVE-2024-29018 at SUSECVE-2024-29018 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Important)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
ImportantSUSE bug 1237641CVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.3Recommended update for python3-M2Crypto (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3-M2Crypto fixes the following issues:
- Fix spelling of BSD-2-Clause license.
- Update to 0.44.0:
- The real license is BSD 2-Clause, not MIT.
- Remove python-M2Crypto.keyring, because PyPI broke GPG support
- Build for modern python stack on SLE/Leap
- require setuptools
- Make tests running again.
- Remove unnecessary fdupes call
- Add python-typing as a dependency
- SLE12 requires swig3 for a successful build, too ModerateSUSE bug 1205042SUSE bug 1231589SUSE bug 1236664CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1224700SUSE bug 1225742SUSE bug 1232905SUSE bug 1232919SUSE bug 1234154SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236661SUSE bug 1236675SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1224700SUSE bug 1225742SUSE bug 1232905SUSE bug 1232919SUSE bug 1234154SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236661SUSE bug 1236675SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.3Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libarchive fixes the following issues:
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).
ModerateSUSE bug 1238610CVE-2025-25724 at SUSECVE-2025-25724 at NVDcpe:/o:suse:sle-micro:5.3Security update for freetype2 (Important)SUSE Linux Enterprise Micro 5.3
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
ImportantSUSE bug 1239465CVE-2025-27363 at SUSECVE-2025-27363 at NVDcpe:/o:suse:sle-micro:5.3Security update for salt (Important)SUSE Linux Enterprise Micro 5.3
This update for salt fixes the following issues:
- Security issues fixed:
* CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904)
* CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400)
- Made syntax in httputil_test compatible with Python 3.6
- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Improved wheel key.finger call (bsc#1240532)
- Improved utils.find_json function (bsc#1246130)
- Extended warn_until period to 2027
ImportantSUSE bug 1240532SUSE bug 1246130SUSE bug 1254325SUSE bug 1254400SUSE bug 1254903SUSE bug 1254904SUSE bug 1254905CVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-67724 at SUSECVE-2025-67724 at NVDCVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.3Security update for systemd (Important)SUSE Linux Enterprise Micro 5.3
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user@.service
ImportantSUSE bug 1259418SUSE bug 1259650SUSE bug 1259697CVE-2026-29111 at SUSECVE-2026-29111 at NVDCVE-2026-4105 at SUSECVE-2026-4105 at NVDcpe:/o:suse:sle-micro:5.3Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
ModerateSUSE bug 1254670SUSE bug 1259619CVE-2025-70873 at SUSECVE-2025-70873 at NVDCVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
ModerateSUSE bug 1254867SUSE bug 1259829CVE-2025-66471 at SUSECVE-2025-66471 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ImportantSUSE bug 1257181CVE-2026-1299 at SUSECVE-2026-1299 at NVDcpe:/o:suse:sle-micro:5.3Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: Fixed crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
- CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052)
- CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053)
- CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054)
- CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault
- CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056)
ModerateSUSE bug 1246602SUSE bug 1258229SUSE bug 1259051SUSE bug 1259052SUSE bug 1259053SUSE bug 1259054SUSE bug 1259055SUSE bug 1259056CVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2026-26269 at SUSECVE-2026-26269 at NVDCVE-2026-28417 at SUSECVE-2026-28417 at NVDCVE-2026-28418 at SUSECVE-2026-28418 at NVDCVE-2026-28419 at SUSECVE-2026-28419 at NVDCVE-2026-28420 at SUSECVE-2026-28420 at NVDCVE-2026-28421 at SUSECVE-2026-28421 at NVDCVE-2026-28422 at SUSECVE-2026-28422 at NVDcpe:/o:suse:sle-micro:5.3Security update for containerd (Important)SUSE Linux Enterprise Micro 5.3
This update for containerd rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
(bsc#1256645).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non security issues were fixed:
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
ImportantSUSE bug 1220137SUSE bug 1220144SUSE bug 1223007SUSE bug 1231084SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1238917SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1252785SUSE bug 1253028SUSE bug 1253409SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254767SUSE bug 1255075SUSE bug 1255171SUSE bug 1256623SUSE bug 1256645SUSE bug 1256726SUSE bug 1256792SUSE bug 1257231SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1257749SUSE bug 1257771SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.3
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
ImportantSUSE bug 1259803CVE-2026-30922 at SUSECVE-2026-30922 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Important)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
ImportantSUSE bug 1259711SUSE bug 1259726SUSE bug 1259729CVE-2026-32776 at SUSECVE-2026-32776 at NVDCVE-2026-32777 at SUSECVE-2026-32777 at NVDCVE-2026-32778 at SUSECVE-2026-32778 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.3
This update for python-tornado fixes the following issues:
- CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
- incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes
(bsc#1259630).
ImportantSUSE bug 1254905SUSE bug 1259553SUSE bug 1259630CVE-2026-31958 at SUSECVE-2026-31958 at NVDcpe:/o:suse:sle-micro:5.3Security update for tar (Important)SUSE Linux Enterprise Micro 5.3
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
ImportantSUSE bug 1246399CVE-2025-45582 at SUSECVE-2025-45582 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issue:
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
ModerateSUSE bug 1256418CVE-2026-0716 at SUSECVE-2026-0716 at NVDcpe:/o:suse:sle-micro:5.3Security update for ignition (Important)SUSE Linux Enterprise Micro 5.3
This update for ignition fixes the following issue:
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260251)
ImportantSUSE bug 1260251CVE-2026-33186 at SUSECVE-2026-33186 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:sle-micro:5.3Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.3
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
ImportantSUSE bug 1259845CVE-2026-27135 at SUSECVE-2026-27135 at NVDcpe:/o:suse:sle-micro:5.3Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.3
This update for podman fixes the following issues:
- CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an
out-of-bounds read with non validated message size (bsc#1253993)
ModerateSUSE bug 1253993CVE-2025-47914 at SUSECVE-2025-47914 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:sle-micro:5.3Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.3
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
ImportantSUSE bug 1218680CVE-2022-36765 at SUSECVE-2022-36765 at NVDcpe:/o:suse:sle-micro:5.3Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.3
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
ImportantSUSE bug 1255715SUSE bug 1256244SUSE bug 1256246SUSE bug 1256390CVE-2025-68973 at SUSECVE-2025-68973 at NVDcpe:/o:suse:sle-micro:5.3Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.3
This update for kernel-firmware fixes the following issues:
- Update AMD CPU ucode to 20251203 (bsc#1256483)
ImportantSUSE bug 1256483cpe:/o:suse:sle-micro:5.3Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.3
This update for python-tornado fixes the following issues:
- CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905).
- CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904).
ImportantSUSE bug 1254904SUSE bug 1254905CVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
ModerateSUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDcpe:/o:suse:sle-micro:5.3Security update for libtasn1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
ModerateSUSE bug 1256341CVE-2025-13151 at SUSECVE-2025-13151 at NVDcpe:/o:suse:sle-micro:5.3Security update for net-snmp (Important)SUSE Linux Enterprise Micro 5.3
This update for net-snmp fixes the following issues:
- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491).
ImportantSUSE bug 1255491CVE-2025-68615 at SUSECVE-2025-68615 at NVDcpe:/o:suse:sle-micro:5.3Security update for net-snmp (Important)SUSE Linux Enterprise Micro 5.3
This update for net-snmp fixes the following issues:
- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491)
ImportantSUSE bug 1255491CVE-2025-68615 at SUSECVE-2025-68615 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
ImportantSUSE bug 1254876SUSE bug 1256399CVE-2025-14523 at SUSECVE-2025-14523 at NVDCVE-2026-0719 at SUSECVE-2026-0719 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
ModerateSUSE bug 1254400SUSE bug 1254401SUSE bug 1254997CVE-2025-12084 at SUSECVE-2025-12084 at NVDCVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-13837 at SUSECVE-2025-13837 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033)
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-3 (Critical)SUSE Linux Enterprise Micro 5.3
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
CriticalSUSE bug 1256830SUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-15467 at SUSECVE-2025-15467 at NVDCVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.3Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
ModerateSUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).
ModerateSUSE bug 1255764SUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDCVE-2025-69277 at SUSECVE-2025-69277 at NVDcpe:/o:suse:sle-micro:5.3Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libvirt fixes the following issues:
Security fixes:
- CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
- CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)
Other fixes:
- libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)
ModerateSUSE bug 1251822SUSE bug 1253278SUSE bug 1253703CVE-2025-12748 at SUSECVE-2025-12748 at NVDCVE-2025-13193 at SUSECVE-2025-13193 at NVDcpe:/o:suse:sle-micro:5.3Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.3
This update for xen fixes the following issues:
Security fixes:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
device unplug allow PV guests to access memory of devices no
longer assigned to it (XSA-476) (bsc#1252692)
Other fixes:
- Fixed virtxend service restart. Caused by a failure to start
xenstored (bsc#1254180)
ModerateSUSE bug 1252692SUSE bug 1254180SUSE bug 1256745SUSE bug 1256747CVE-2025-58149 at SUSECVE-2025-58149 at NVDCVE-2025-58150 at SUSECVE-2025-58150 at NVDCVE-2026-23553 at SUSECVE-2026-23553 at NVDcpe:/o:suse:sle-micro:5.3Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.3
This update for rsync fixes the following issues:
- CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441)
ModerateSUSE bug 1254441CVE-2025-10158 at SUSECVE-2025-10158 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
The following non security issues were fixed:
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1228015SUSE bug 1230185SUSE bug 1238896SUSE bug 1242006SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1249871SUSE bug 1250397SUSE bug 1252046SUSE bug 1252678SUSE bug 1253409SUSE bug 1253702SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254625SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254842SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254959SUSE bug 1254974SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255163SUSE bug 1255165SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255594SUSE bug 1255600SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255762SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255889SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255908SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255919SUSE bug 1255922SUSE bug 1255925SUSE bug 1255939SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256074SUSE bug 1256081SUSE bug 1256086SUSE bug 1256091SUSE bug 1256093SUSE bug 1256095SUSE bug 1256099SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256145SUSE bug 1256149SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256165SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256215SUSE bug 1256216SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256295SUSE bug 1256300SUSE bug 1256306SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256353SUSE bug 1256355SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432SUSE bug 1256582SUSE bug 1256612SUSE bug 1256641SUSE bug 1256744SUSE bug 1256779CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36348 at SUSECVE-2024-36348 at NVDCVE-2024-36349 at SUSECVE-2024-36349 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68771 at SUSECVE-2025-68771 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious
guest driver to crash the QEMU process on the host (bsc#1209554).
- CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious
privileged user to crash the QEMU process on the host (bsc#1227397).
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious
guest user to crash the QEMU process on the host (bsc#1253002).
Other updates and bugfixes:
- [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too.
- [openSUSE][RPM} spec: delete old specfile constructs.
- block/curl: fix curl internal handles handling (bsc#1252768).
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
ImportantSUSE bug 1209554SUSE bug 1227397SUSE bug 1252768SUSE bug 1253002SUSE bug 1254286CVE-2023-1544 at SUSECVE-2023-1544 at NVDCVE-2024-6505 at SUSECVE-2024-6505 at NVDCVE-2025-12464 at SUSECVE-2025-12464 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.3
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
ImportantSUSE bug 1256902CVE-2026-23490 at SUSECVE-2026-23490 at NVDcpe:/o:suse:sle-micro:5.3Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
ModerateSUSE bug 1248586SUSE bug 1254670CVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.3Security update for qemu (Important)SUSE Linux Enterprise Micro 5.3
This update for qemu fixes the following issues:
- CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984).
ImportantSUSE bug 1250984CVE-2025-11234 at SUSECVE-2025-11234 at NVDcpe:/o:suse:sle-micro:5.3Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for mozjs60 fixes the following issues:
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)
ModerateSUSE bug 1230036SUSE bug 1230037SUSE bug 1230038SUSE bug 1232602CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDCVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-urllib3_1 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
ModerateSUSE bug 1254866SUSE bug 1254867SUSE bug 1256331CVE-2025-66418 at SUSECVE-2025-66418 at NVDCVE-2025-66471 at SUSECVE-2025-66471 at NVDCVE-2026-21441 at SUSECVE-2026-21441 at NVDcpe:/o:suse:sle-micro:5.3Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.3
This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
ImportantSUSE bug 1257908CVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sle-micro:5.3Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.3
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
ImportantSUSE bug 1257049CVE-2026-0988 at SUSECVE-2026-0988 at NVDcpe:/o:suse:sle-micro:5.3Security update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda (Important)SUSE Linux Enterprise Micro 5.3
This update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
- updated CUDA variant to version 580.126.09
- update non-CUDA variant to version 580.126.09 (bsc#1255858)
- update non-CUDA variant to version 580.119.02 (bsc#1254801)
Changes in nvidia-persistenced.cuda:
- update to version 580.126.09
Changes in nvidia-modprobe.cuda:
- update to version 580.126.09
ImportantSUSE bug 1254801SUSE bug 1255858cpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer
overflow (bsc#1257598).
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
ImportantSUSE bug 1243422SUSE bug 1256418SUSE bug 1257598CVE-2025-4476 at SUSECVE-2025-4476 at NVDCVE-2026-0716 at SUSECVE-2026-0716 at NVDCVE-2026-1761 at SUSECVE-2026-1761 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
ModerateSUSE bug 1255731SUSE bug 1255732SUSE bug 1255733SUSE bug 1255734SUSE bug 1256105CVE-2025-14017 at SUSECVE-2025-14017 at NVDCVE-2025-14524 at SUSECVE-2025-14524 at NVDCVE-2025-14819 at SUSECVE-2025-14819 at NVDCVE-2025-15079 at SUSECVE-2025-15079 at NVDCVE-2025-15224 at SUSECVE-2025-15224 at NVDcpe:/o:suse:sle-micro:5.3Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.3
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
ModerateSUSE bug 1254666CVE-2025-14104 at SUSECVE-2025-14104 at NVDcpe:/o:suse:sle-micro:5.3Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.3
This update for protobuf fixes the following issues:
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.3Security update for libpcap (Low)SUSE Linux Enterprise Micro 5.3
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
LowSUSE bug 1255765CVE-2025-11961 at SUSECVE-2025-11961 at NVDcpe:/o:suse:sle-micro:5.3Security update for abseil-cpp (Moderate)SUSE Linux Enterprise Micro 5.3
This update for abseil-cpp fixes the following issues:
Update to version 20230802.3
- CVE-2025-0838: Fixed potential integer overflow in hash container create/resize (bsc#1237543).
ModerateSUSE bug 1237543CVE-2025-0838 at SUSECVE-2025-0838 at NVDcpe:/o:suse:sle-micro:5.3Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.3
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
ModerateSUSE bug 1256498SUSE bug 1256499SUSE bug 1256500CVE-2025-68276 at SUSECVE-2025-68276 at NVDCVE-2025-68468 at SUSECVE-2025-68468 at NVDCVE-2025-68471 at SUSECVE-2025-68471 at NVDcpe:/o:suse:sle-micro:5.3Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.3
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
ImportantSUSE bug 1256525SUSE bug 1256526SUSE bug 1257364SUSE bug 1257365SUSE bug 1258020CVE-2025-28162 at SUSECVE-2025-28162 at NVDCVE-2025-28164 at SUSECVE-2025-28164 at NVDCVE-2026-22695 at SUSECVE-2026-22695 at NVDCVE-2026-22801 at SUSECVE-2026-22801 at NVDCVE-2026-25646 at SUSECVE-2026-25646 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
ModerateSUSE bug 1250553SUSE bug 1256804SUSE bug 1256805SUSE bug 1256807SUSE bug 1256808SUSE bug 1256809SUSE bug 1256810SUSE bug 1256811SUSE bug 1256812SUSE bug 1257593SUSE bug 1257594SUSE bug 1257595CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2026-0989 at SUSECVE-2026-0989 at NVDCVE-2026-0990 at SUSECVE-2026-0990 at NVDCVE-2026-0992 at SUSECVE-2026-0992 at NVDCVE-2026-1757 at SUSECVE-2026-1757 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
The following non security issues were fixed:
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1220137SUSE bug 1220144SUSE bug 1223007SUSE bug 1228015SUSE bug 1230185SUSE bug 1231084SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1238896SUSE bug 1238917SUSE bug 1242006SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1249871SUSE bug 1250397SUSE bug 1252046SUSE bug 1252678SUSE bug 1252785SUSE bug 1253028SUSE bug 1253409SUSE bug 1253702SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254625SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254767SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254842SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254959SUSE bug 1254974SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255163SUSE bug 1255165SUSE bug 1255171SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255594SUSE bug 1255600SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255762SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255889SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255908SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255919SUSE bug 1255922SUSE bug 1255925SUSE bug 1255939SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256074SUSE bug 1256081SUSE bug 1256086SUSE bug 1256091SUSE bug 1256093SUSE bug 1256095SUSE bug 1256099SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256145SUSE bug 1256149SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256165SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256215SUSE bug 1256216SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256295SUSE bug 1256300SUSE bug 1256306SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256353SUSE bug 1256355SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432SUSE bug 1256582SUSE bug 1256612SUSE bug 1256623SUSE bug 1256641SUSE bug 1256726SUSE bug 1256744SUSE bug 1256779SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473SUSE bug 1257749SUSE bug 1257771SUSE bug 1257790CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36348 at SUSECVE-2024-36348 at NVDCVE-2024-36349 at SUSECVE-2024-36349 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDcpe:/o:suse:sle-micro:5.3Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.3
This update for protobuf fixes the following issues:i
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.3Security update for python3 (Important)SUSE Linux Enterprise Micro 5.3
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
ImportantSUSE bug 1257029SUSE bug 1257031SUSE bug 1257041SUSE bug 1257042SUSE bug 1257044SUSE bug 1257046CVE-2025-11468 at SUSECVE-2025-11468 at NVDCVE-2025-15282 at SUSECVE-2025-15282 at NVDCVE-2025-15366 at SUSECVE-2025-15366 at NVDCVE-2025-15367 at SUSECVE-2025-15367 at NVDCVE-2026-0672 at SUSECVE-2026-0672 at NVDCVE-2026-0865 at SUSECVE-2026-0865 at NVDcpe:/o:suse:sle-micro:5.3Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.3
This update for docker fixes the following issues:
- CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904)
ModerateSUSE bug 1253904CVE-2025-58181 at SUSECVE-2025-58181 at NVDcpe:/o:suse:sle-micro:5.3Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.3
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for
some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
ImportantSUSE bug 1229129SUSE bug 1258046CVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2025-31648 at SUSECVE-2025-31648 at NVDcpe:/o:suse:sle-micro:5.3Security update for gpg2 (Moderate)SUSE Linux Enterprise Micro 5.3
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
ModerateSUSE bug 1256389cpe:/o:suse:sle-micro:5.3Security update for shim (Moderate)SUSE Linux Enterprise Micro 5.3
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
ModerateSUSE bug 1240871SUSE bug 1247432CVE-2024-2312 at SUSECVE-2024-2312 at NVDcpe:/o:suse:sle-micro:5.3Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.3
This update for libxslt fixes the following issues:
- CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553).
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:sle-micro:5.3Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.3
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
ModerateSUSE bug 1258568CVE-2026-2781 at SUSECVE-2026-2781 at NVDcpe:/o:suse:sle-micro:5.3Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.3
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
ModerateSUSE bug 1257144SUSE bug 1257496CVE-2026-24515 at SUSECVE-2026-24515 at NVDCVE-2026-25210 at SUSECVE-2026-25210 at NVDcpe:/o:suse:sle-micro:5.3Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.3
This update for libsoup2 fixes the following issues:
- CVE-2025-32049: denial of service attack to websocket server (bsc#1240751).
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
ImportantSUSE bug 1240751SUSE bug 1257398SUSE bug 1257441SUSE bug 1257597SUSE bug 1258120SUSE bug 1258170SUSE bug 1258508CVE-2025-32049 at SUSECVE-2025-32049 at NVDCVE-2026-1467 at SUSECVE-2026-1467 at NVDCVE-2026-1539 at SUSECVE-2026-1539 at NVDCVE-2026-1760 at SUSECVE-2026-1760 at NVDCVE-2026-2369 at SUSECVE-2026-2369 at NVDCVE-2026-2443 at SUSECVE-2026-2443 at NVDCVE-2026-2708 at SUSECVE-2026-2708 at NVDcpe:/o:suse:sle-micro:5.3Security update for python-tornado (Moderate)SUSE Linux Enterprise Micro 5.3
This update for python-tornado fixes the following issue:
- CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903).
ModerateSUSE bug 1254903CVE-2025-67724 at SUSECVE-2025-67724 at NVDcpe:/o:suse:sle-micro:5.3Security update for glibc (Important)SUSE Linux Enterprise Micro 5.3
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
ImportantSUSE bug 1246965SUSE bug 1256766SUSE bug 1256822SUSE bug 1257005CVE-2025-15281 at SUSECVE-2025-15281 at NVDCVE-2025-8058 at SUSECVE-2025-8058 at NVDCVE-2026-0861 at SUSECVE-2026-0861 at NVDCVE-2026-0915 at SUSECVE-2026-0915 at NVDcpe:/o:suse:sle-micro:5.3Security update for curl (Important)SUSE Linux Enterprise Micro 5.3
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
ImportantSUSE bug 1259362SUSE bug 1259363SUSE bug 1259364SUSE bug 1259365CVE-2026-1965 at SUSECVE-2026-1965 at NVDCVE-2026-3783 at SUSECVE-2026-3783 at NVDCVE-2026-3784 at SUSECVE-2026-3784 at NVDCVE-2026-3805 at SUSECVE-2026-3805 at NVDcpe:/o:suse:sle-micro:5.3Security update for jq (Low)SUSE Linux Enterprise Micro 5.3
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
LowSUSE bug 1248600CVE-2025-9403 at SUSECVE-2025-9403 at NVDcpe:/o:suse:sle-micro:5.3Security update for runc (Important)SUSE Linux Enterprise Micro 5.3
This update for runc rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.3Security update for docker (Important)SUSE Linux Enterprise Micro 5.3
This update for docker rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.3Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.3
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
ModerateSUSE bug 1258859CVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:sle-micro:5.3Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.3
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1255075SUSE bug 1256645SUSE bug 1257231SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.3Security update for ceph (Important)SUSE Linux Enterprise Micro 5.4
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).
Bug fixes:
- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).
Fix in previous release:
- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
ImportantSUSE bug 1187748SUSE bug 1188911SUSE bug 1192838SUSE bug 1192840SUSE bug 1196046SUSE bug 1199183SUSE bug 1200262SUSE bug 1200317SUSE bug 1200501SUSE bug 1200978SUSE bug 1201604SUSE bug 1201797SUSE bug 1201837SUSE bug 1201976SUSE bug 1202077SUSE bug 1202292SUSE bug 1203375SUSE bug 1204430SUSE bug 1205025SUSE bug 1205436SUSE bug 1206158CVE-2022-0670 at SUSECVE-2022-0670 at NVDCVE-2022-3650 at SUSECVE-2022-3650 at NVDCVE-2022-3854 at SUSECVE-2022-3854 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
- CVE-2022-3523: Fixed use after free related to device private page handling (bsc#1204363).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed misinterpretation of the irtio_gpu_object_shmem_init() return value (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of the get_sg_table return value in arm/malidp_planes.c (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-After-Free in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
The following non-security bugs were fixed:
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- ascpi / x86: Add support for LPS0 callback handler (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too.
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfs4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv3: handle out-of-order write replies (bsc#1205544).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- pci/ioc: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- refresh suse/NFSv3-handle-out-of-order-write-replies. Careless typo - might cause bsc#1209457
- refresh suse/ice-clear-stale-Tx-queue-settings-before-configuring. Fix bug introduced by broken backport (bsc#1208628).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'hid: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605). Added bugzilla reference to fix already applied
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
ImportantSUSE bug 1177529SUSE bug 1193629SUSE bug 1197534SUSE bug 1197617SUSE bug 1198438SUSE bug 1200054SUSE bug 1202353SUSE bug 1202633SUSE bug 1203200SUSE bug 1203331SUSE bug 1204363SUSE bug 1204993SUSE bug 1205544SUSE bug 1205846SUSE bug 1206103SUSE bug 1206232SUSE bug 1206492SUSE bug 1206493SUSE bug 1206824SUSE bug 1206935SUSE bug 1207051SUSE bug 1207270SUSE bug 1207529SUSE bug 1207560SUSE bug 1207845SUSE bug 1207846SUSE bug 1208179SUSE bug 1208212SUSE bug 1208420SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208542SUSE bug 1208570SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208605SUSE bug 1208607SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208816SUSE bug 1208837SUSE bug 1208843SUSE bug 1208848SUSE bug 1209008SUSE bug 1209159SUSE bug 1209188SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209291SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504CVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDcpe:/o:suse:sle-micro:5.4Security update for sudo (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sudo fixes the following issue:
Security issues:
- CVE-2023-28486: Fixed sudo does not escape control characters in log messages. (bsc#1209362)
- CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. (bsc#1209361)
- CVE-2023-27320: Fixed a potential security issue with a double free with per-command chroot sudoers rules (bsc#1208595).
Bug fixes:
- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483)
- If NOPASSWD is specified, don't ask for password if command is not found (bsc#1206772).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
ModerateSUSE bug 1203201SUSE bug 1206483SUSE bug 1206772SUSE bug 1208595SUSE bug 1209361SUSE bug 1209362CVE-2023-27320 at SUSECVE-2023-27320 at NVDCVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:sle-micro:5.4Security update for libmicrohttpd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libmicrohttpd fixes the following issues:
- CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745).
ModerateSUSE bug 1208745CVE-2023-27371 at SUSECVE-2023-27371 at NVDcpe:/o:suse:sle-micro:5.4Security update for zstd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
ModerateSUSE bug 1209533CVE-2022-4899 at SUSECVE-2022-4899 at NVDcpe:/o:suse:sle-micro:5.4Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.4
This update for ldb, samba fixes the following issues:
ldb:
- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
samba:
- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
The following non-security bug were fixed:
- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
- Ship missing samba-winbind-libs-32bit package (bsc#1207996)
- Ship missing samba-libs to SLE Micro 5.3 (bsc#1207723)
ImportantSUSE bug 1201490SUSE bug 1207416SUSE bug 1207723SUSE bug 1207996SUSE bug 1209481SUSE bug 1209483SUSE bug 1209485CVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2023-0225 at SUSECVE-2023-0225 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDCVE-2023-0922 at SUSECVE-2023-0922 at NVDcpe:/o:suse:sle-micro:5.4Security update for shim (Important)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
- CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
The following non-security bugs were fixed:
- [infiniband] READ is 'data destination', not source... (git-fixes)
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi/x86: Add support for LPS0 callback handler (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- add cherry-picked id for nouveau patch
- alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- alsa: pci: lx6464es: fix a debug loop (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- asoc: Intel: boards: fix spelling in comments (git-fixes).
- asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch Resulted in an Oops / hang at boot (bsc#1209436)
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- fix page corruption caused by racy check in __free_pages (bsc#1208149).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Restore allocated resources on failed copyout (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- kABI workaround for hid quirks (git-fixes).
- kABI: pci: Reduce warnings on possible RW1C corruption (kabi).
- kABI: pci: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kabi fix for nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- kabi fix for: nfs: Further optimisations for 'ls -l' (git-fixes).
- kabi fix for: nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi fix for: nfsv4.1 query for fs_location attr on a new file system (Never, kabi).
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- move upstreamed i915 and media fixes into sorted section
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfcv3: handle out-of-order write replies (bsc#1205544).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized nfsv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- pci/iov: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- refresh patches.suse/NFSv3-handle-out-of-order-write-replies (bsc#1209457).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output.
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- runrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- supported.conf: Remove duplicate entry.
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- update internal module version number for cifs.ko (bsc#1193629).
- update suse/hid-bigben_probe-validate-report-count (bsc#1208605).
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration.
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: acpi: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: hoist refcount record merge predicates (bsc#1208183).
ImportantSUSE bug 1166486SUSE bug 1177529SUSE bug 1193629SUSE bug 1197534SUSE bug 1197617SUSE bug 1198438SUSE bug 1202353SUSE bug 1202633SUSE bug 1203200SUSE bug 1203331SUSE bug 1203332SUSE bug 1204363SUSE bug 1204993SUSE bug 1205544SUSE bug 1205846SUSE bug 1206103SUSE bug 1206224SUSE bug 1206232SUSE bug 1206459SUSE bug 1206492SUSE bug 1206493SUSE bug 1206640SUSE bug 1206824SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206889SUSE bug 1206894SUSE bug 1206935SUSE bug 1207051SUSE bug 1207270SUSE bug 1207328SUSE bug 1207529SUSE bug 1207560SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207613SUSE bug 1207615SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207628SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207638SUSE bug 1207639SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207651SUSE bug 1207653SUSE bug 1207770SUSE bug 1207773SUSE bug 1207845SUSE bug 1207875SUSE bug 1208149SUSE bug 1208153SUSE bug 1208179SUSE bug 1208183SUSE bug 1208212SUSE bug 1208290SUSE bug 1208420SUSE bug 1208428SUSE bug 1208429SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208570SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208603SUSE bug 1208605SUSE bug 1208607SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208816SUSE bug 1208837SUSE bug 1208843SUSE bug 1208848SUSE bug 1209008SUSE bug 1209159SUSE bug 1209188SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209291SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504CVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
ModerateSUSE bug 1207571SUSE bug 1207957SUSE bug 1207975SUSE bug 1208358CVE-2023-0687 at SUSECVE-2023-0687 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
ModerateSUSE bug 1209624CVE-2023-0464 at SUSECVE-2023-0464 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.4
This update for conmon fixes the following issues:
- rebuild against supported go 1.19 (bsc#1209307)
- no functional changes.
ModerateSUSE bug 1209307cpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
Update to version 4.4.4:
* libpod: always use direct mapping
* macos pkginstaller: do not fail when podman-mac-helper fails
* podman-mac-helper: install: do not error if already installed
- podman.spec: Bump required version for libcontainers-common (bsc#1209495)
Update to version 4.4.3:
* compat: /auth: parse server address correctly
* vendor github.com/containers/common@v0.51.1
* pkginstaller: bump Qemu to version 7.2.0
* podman machine: Adjust Chrony makestep config
* [v4.4] fix --health-on-failure=restart in transient unit
* podman logs passthrough driver support --cgroups=split
* journald logs: simplify entry parsing
* podman logs: read journald with passthrough
* journald: remove initializeJournal()
* netavark: only use aardvark ip as nameserver
* compat API: network create return 409 for duplicate
* fix 'podman logs --since --follow' flake
* system service --log-level=trace: support hijack
* podman-mac-helper: exit 1 on error
* bump golang.org/x/net to v0.8.0
* Fix package restore
* Quadlet - use the default runtime
Update to version 4.4.2:
* Revert 'CI: Temporarily disable all AWS EC2-based tasks'
* kube play: only enforce passthrough in Quadlet
* Emergency fix for man pages: check for broken includes
* CI: Temporarily disable all AWS EC2-based tasks
* quadlet system tests: add useful defaults, logging
* volume,container: chroot to source before exporting content
* install sigproxy before start/attach
* Update to c/image 5.24.1
* events + container inspect test: RHEL fixes
- podman.spec: add `crun` requirement for quadlet
- podman.spec: set PREFIX at build stage (bsc#1208510)
- CVE-2023-0778: Fixed symlink exchange attack in podman export volume (bsc#1208364)
Update to version 4.4.1:
* kube play: do not teardown unconditionally on error
* Resolve symlink path for qemu directory if possible
* events: document journald identifiers
* Quadlet: exit 0 when there are no files to process
* Cleanup podman-systemd.unit file
* Install podman-systemd.unit man page, make quadlet discoverable
* Add missing return after errors
* oci: bind mount /sys with --userns=(auto|pod:)
* docs: specify order preference for FROM
* Cirrus: Fix & remove GraphQL API tests
* test: adapt test to work on cgroupv1
* make hack/markdown-preprocess parallel-safe
* Fix default handling of pids-limit
* system tests: fix volume exec/noexec test
Update to version 4.4.0:
* Emergency fix for RHEL8 gating tests
* Do not mount /dev/tty into rootless containers
* Fixes port collision issue on use of --publish-all
* Fix usage of absolute windows paths with --image-path
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
* podman-events: document verbose create events
* Making gvproxy.exe optional for building Windows installer
* Add gvproxy to Windows packages
* Match VT device paths to be blocked from mounting exactly
* Clean up more language for inclusiveness
* Set runAsNonRoot=true in gen kube
* quadlet: Add device support for .volume files
* fix: running check error when podman is default in wsl
* fix: don't output 'ago' when container is currently up and running
* journald: podman logs only show logs for current user
* journald: podman events only show events for current user
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
* DB: make loading container states optional
* ps: do not sync container
* Allow --device-cgroup-rule to be passed in by docker API
* Create release notes for v4.4.0
* Cirrus: Update operating branch
* fix APIv2 python attach test flake
* ps: query health check in batch mode
* make example volume import, not import volume
* Correct output when inspecting containers created with --ipc
* Vendor containers/(storage, image, common, buildah)
* Get correct username in pod when using --userns=keep-id
* ps: get network data in batch mode
* build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
* add hack/perf for comparing two container engines
* systems: retrofit dns options test to honor other search domains
* ps: do not create copy of container config
* libpod: set search domain independently of nameservers
* libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
* podman: relay custom DNS servers to network stack
* (fix) mount_program is in storage.options.overlay
* Change example target to default in doc
* network create: do not allow `default` as name
* kube-play: add support for HostPID in podSpec
* build(deps): bump github.com/docker/docker
* Let's see if #14653 is fixed or not
* Add support for podman build --group-add
* vendor in latests containers/(storage, common, build, image)
* unskip network update test
* do not install swagger by default
* pasta: skip 'Local forwarder, IPv4' test
* add testbindings Makefile target
* update CI images to include pasta
* [CI:DOCS] Add CNI deprecation notices to documentation
* Cirrus: preserve podman-server logs
* waitPidStop: reduce sleep time to 10ms
* StopContainer: return if cleanup process changed state
* StopSignal: add a comment
* StopContainer: small refactor
* waitPidStop: simplify code
* e2e tests: reenable long-skipped build test
* Add openssh-clients to podmanimage
* Reworks Windows smoke test to tunnel through interactive session.
* fix bud-multiple-platform-with-base-as-default-arg flake
* Remove ReservedAnnotations from kube generate specification
* e2e: update test/README.md
* e2e: use isRootless() instead of rootless.IsRootless()
* Cleanup documentation on --userns=auto
* Vendor in latest c/common
* sig-proxy system test: bump timeout
* build(deps): bump github.com/containernetworking/plugins
* rootless: rename auth-scripts to preexec-hooks
* Docs: version-check updates
* commit: use libimage code to parse changes
* [CI:DOCS] Remove experimental mac tutorial
* man: Document the interaction between --systemd and --privileged
* Make rootless privileged containers share the same tty devices as rootfull ones
* container kill: handle stopped/exited container
* Vendor in latest containers/(image,ocicrypt)
* add a comment to container removal
* Vendor in latest containers/storage
* Cirrus: Run machine tests on PR merge
* fix flake in kube system test
* kube play: complete container spec
* E2E Tests: Use inspect instead of actual data to avoid UDP flake
* Use containers/storage/pkg/regexp in place of regexp
* Vendor in latest containers/storage
* Cirrus: Support using updated/latest NV/AV in PRs
* Limit replica count to 1 when deploying from kubernetes YAML
* Set StoppedByUser earlier in the process of stopping
* podman-play system test: refactor
* network: add support for podman network update and --network-dns-server
* service container: less verbose error logs
* Quadlet Kube - add support for PublishPort key
* e2e: fix systemd_activate_test
* Compile regex on demand not in init
* [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
* E2E Test: Play Kube set deadline to connection to avoid hangs
* Only prevent VTs to be mounted inside privileged systemd containers
* e2e: fix play_kube_test
* Updated error message for supported VolumeSource types
* Introduce pkg retry logic in win installer task
* logformatter: include base SHA, with history link
* Network tests: ping redhat.com, not podman.io
* cobra: move engine shutdown to Execute
* Updated options for QEMU on Windows hosts
* Update Mac installer to use gvproxy v0.5.0
* podman: podman rm -f doesn't leave processes
* oci: check for valid PID before kill(pid, 0)
* linux: add /sys/fs/cgroup if /sys is a bind mount
* Quadlet: Add support for ConfigMap key in Kube section
* remove service container _after_ pods
* Kube Play - allow setting and overriding published host ports
* oci: terminate all container processes on cleanup
* Update win-sshproxy to 0.5.0 gvisor tag
* Vendor in latest containers/common
* Fix a potential defer logic error around locking
* logformatter: nicer formatting for bats failures
* logformatter: refactor verbose line-print
* e2e tests: stop using UBI images
* k8s-file: podman logs --until --follow exit after time
* journald: podman logs --until --follow exit after time
* journald: seek to time when --since is used
* podman logs: journald fix --since and --follow
* Preprocess files in UTF-8 mode
* Vendor in latest containers/(common, image, storage)
* Switch to C based msi hooks for win installer
* hack/bats: improve usage message
* hack/bats: add --remote option
* hack/bats: fix root/rootless logic
* Describe copy volume options
* Support sig-proxy for podman-remote attach and start
* libpod: fix race condition rm'ing stopping containers
* e2e: fix run_volume_test
* Add support for Windows ARM64
* Add shared --compress to man pages
* Add container error message to ContainerState
* Man page checker: require canonical name in SEE ALSO
* system df: improve json output code
* kube play: fix the error logic with --quiet
* System tests: quadlet network test
* Fix: List container with volume filter
* adding -dryrun flag
* Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
* Kube Play: use passthrough as the default log-driver if service-container is set
* System tests: add missing cleanup
* System tests: fix unquoted question marks
* Build and use a newer systemd image
* Quadlet Network - Fix the name of the required network service
* System Test Quadlet - Volume dependency test did not test the dependency
* fix `podman system connection - tcp` flake
* vendor: bump c/storage to a747b27
* Fix instructions about setting storage driver on command-line
* Test README - point users to hack/bats
* System test: quadlet kube basic test
* Fixed `podman update --pids-limit`
* podman-remote,bindings: trim context path correctly when its emptydir
* Quadlet Doc: Add section for .kube files
* e2e: fix containers_conf_test
* Allow '/' to prefix container names to match Docker
* Remove references to qcow2
* Fix typos in man page regarding transient storage mode.
* make: Use PYTHON var for .install.pre-commit
* Add containers.conf read-only flag support
* Explain that relabeling/chowning of volumes can take along time
* events: support 'die' filter
* infra/abi: refactor ContainerRm
* When in transient store mode, use rundir for bundlepath
* quadlet: Support Type=oneshot container files
* hacks/bats: keep QUADLET env var in test env
* New system tests for conflicting options
* Vendor in latest containers/(buildah, image, common)
* Output Size and Reclaimable in human form for json output
* podman service: close duplicated /dev/null fd
* ginkgo tests: apply ginkgolinter fixes
* Add support for hostPath and configMap subpath usage
* export: use io.Writer instead of file
* rootless: always create userns with euid != 0
* rootless: inhibit copy mapping for euid != 0
* pkg/domain/infra/abi: introduce `type containerWrapper`
* vendor: bump to buildah ca578b290144 and use new cache API
* quadlet: Handle booleans that have defaults better
* quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
* Add podman-clean-transient.service service
* Stop recording annotations set to false
* Unify --noheading and -n to be consistent on all commands
* pkg/domain/infra/abi: add `getContainers`
* Update vendor of containters/(common, image)
* specfile: Drop user-add depedency from quadlet subpackage.
* quadlet: Default BINDIR to /usr/bin if tag not specified
* Quadlet: add network support
* Add comment for jsonMarshal command
* Always allow pushing from containers-storage
* libpod: move NetNS into state db instead of extra bucket
* Add initial system tests for quadlets
* quadlet: Add --user option
* libpod: remove CNI word were no longer applicable
* libpod: fix header length in http attach with logs
* podman-kube@ template: use `podman kube`
* build(deps): bump github.com/docker/docker
* wait: add --ignore option
* qudlet: Respect $PODMAN env var for podman binary
* e2e: Add assert-key-is-regex check to quadlet e2e testsuite
* e2e: Add some assert to quadlet test to make sure testcases are sane
* remove unmapped ports from inspect port bindings
* update podman-network-create for clarity
* Vendor in latest containers/common with default capabilities
* pkg/rootless: Change error text ...
* rootless: add cli validator
* rootless: define LIBEXECPODMAN
* doc: fix documentation for idmapped mounts
* bump golangci-lint to v1.50.1
* build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
* [CI:DOCS] podman-mount: s/umount/unmount/
* create/pull --help: list pull policies
* Network Create: Add --ignore flag to support idempotent script
* Make qemu security model none
* libpod: use OCI idmappings for mounts
* stop reporting errors removing containers that don't exist
* test: added test from wait endpoint with to long label
* quadlet: Default VolatileTmp to off
* build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
* docs/options/ipc: fix list syntax
* Docs: Add dedicated DOWNLOAD doc w/ links to bins
* Make a consistently-named windows installer
* checkpoint restore: fix --ignore-static-ip/mac
* add support for subpath in play kube for named volumes
* build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
* golangci-lint: remove three deprecated linters
* parse-localbenchmarks: separate standard deviation
* build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
* podman play kube support container startup probe
* Add podman buildx version support
* Cirrus: Collect benchmarks on machine instances
* Cirrus: Remove escape codes from log files
* [CI:DOCS] Clarify secret target behavior
* Fix typo on network docs
* podman-remote build add --volume support
* remote: allow --http-proxy for remote clients
* Cleanup kube play workloads if error happens
* health check: ignore dependencies of transient systemd units/timers
* fix: event read from syslog
* Fixes secret (un)marshaling for kube play.
* Remove 'you' from man pages
* build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
* [CI:DOCS] test/README.md: run tests with podman-remote
* e2e: keeps the http_proxy value
* Makefile: Add podman-mac-helper to darwin client zip
* test/e2e: enable 'podman run with ipam none driver' for nv
* [skip-ci] GHA/Cirrus-cron: Fix execution order
* kube sdnotify: run proxies for the lifespan of the service
* Update containers common package
* podman manpage: Use man-page links instead of file names
* e2e: fix e2e tests in proxy environment
* Fix test
* disable healthchecks automatically on non systemd systems
* Quadlet Kube: Add support for userns flag
* [CI:DOCS] Add warning about --opts,o with mount's -o
* Add podman system prune --external
* Add some tests for transient store
* runtime: In transient_store mode, move bolt_state.db to rundir
* runtime: Handle the transient store options
* libpod: Move the creation of TmpDir to an earlier time
* network create: support '-o parent=XXX' for ipvlan
* compat API: allow MacAddress on container config
* Quadlet Kube: Add support for relative path for YAML file
* notify k8s system test: move sending message into exec
* runtime: do not chown idmapped volumes
* quadlet: Drop ExecStartPre=rm %t/%N.cid
* Quadlet Kube: Set SyslogIdentifier if was not set
* Add a FreeBSD cross build to the cirrus alt build task
* Add completion for --init-ctr
* Fix handling of readonly containers when defined in kube.yaml
* Build cross-compilation fixes
* libpod: Track healthcheck API changes in healthcheck_unsupported.go
* quadlet: Use same default capability set as podman run
* quadlet: Drop --pull=never
* quadlet: Change default of ReadOnly to no
* quadlet: Change RunInit default to no
* quadlet: Change NoNewPrivileges default to false
* test: podman run with checkpoint image
* Enable 'podman run' for checkpoint images
* test: Add tests for checkpoint images
* CI setup: simplify environment passthrough code
* Init containers should not be restarted
* Update c/storage after https://github.com/containers/storage/pull/1436
* Set the latest release explicitly
* add friendly comment
* fix an overriding logic and load config problem
* Update the issue templates
* Update vendor of containers/(image, buildah)
* [CI:DOCS] Skip windows-smoke when not useful
* [CI:DOCS] Remove broken gate-container docs
* OWNERS: add Jason T. Greene
* hack/podmansnoop: print arguments
* Improve atomicity of VM state persistence on Windows
* [CI:BUILD] copr: enable podman-restart.service on rpm installation
* macos: pkg: Use -arm64 suffix instead of -aarch64
* linux: Add -linux suffix to podman-remote-static binaries
* linux: Build amd64 and arm64 podman-remote-static binaries
* container create: add inspect data to event
* Allow manual override of install location
* Run codespell on code
* Add missing parameters for checkpoint/restore endpoint
* Add support for startup healthchecks
* Add information on metrics to the `network create` docs
* Introduce podman machine os commands
* Document that ignoreRootFS depends on export/import
* Document ignoreVolumes in checkpoint/restore endpoint
* Remove leaveRunning from swagger restore endpoint
* libpod: Add checks to avoid nil pointer dereference if network setup fails
* Address golangci-lint issues
* Documenting Hyper-V QEMU acceleration settings
* Kube Play: fix the handling of the optional field of SecretVolumeSource
* Update Vendor of containers/(common, image, buildah)
* Fix swapped NetInput/-Output stats
* libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
* chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
* test/tools: rebuild when files are changed
* ginkgo tests: apply ginkgolinter fixes
* ginkgo: restructure install work flow
* Fix manpage emphasis
* specgen: support CDI devices from containers.conf
* vendor: update containers/common
* pkg/trust: Take the default policy path from c/common/pkg/config
* Add validate-in-container target
* Adding encryption decryption feature
* container restart: clean up healthcheck state
* Add support for podman-remote manifest annotate
* Quadlet: Add support for .kube files
* Update vendor of containers/(buildah, common, storage, image)
* specgen: honor user namespace value
* [CI:DOCS] Migrate OSX Cross to M1
* quadlet: Rework uid/gid remapping
* GHA: Fix cirrus re-run workflow for other repos.
* ssh system test: skip until it becomes a test
* shell completion: fix hard coded network drivers
* libpod: Report network setup errors properly on FreeBSD
* E2E Tests: change the registry for the search test to avoid authentication
* pkginstaller: install podman-mac-helper by default
* Fix language. Mostly spelling a -> an
* podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
* [CI:DOCS] Fix spelling and typos
* Modify man page of '--pids-limit' option to correct a default value.
* Update docs/source/markdown/podman-remote.1.md
* Update pkg/bindings/connection.go
* Add more documentation on UID/GID Mappings with --userns=keep-id
* support podman-remote to connect tcpURL with proxy
* Removing the RawInput from the API output
* fix port issues for CONTAINER_HOST
* CI: Package versions: run in the 'main' step
* build(deps): bump github.com/rootless-containers/rootlesskit
* pkg/domain: Make checkExecPreserveFDs platform-specific
* e2e tests: fix restart race
* Fix podman --noout to suppress all output
* remove pod if creation has failed
* pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
* Fix more podman-logs flakes
* healthcheck system tests: try to fix flake
* libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
* GHA: Configure workflows for reuse
* compat,build: handle docker's preconfigured cacheTo,cacheFrom
* docs: deprecate pasta network name
* utils: Enable cgroup utils for FreeBSD
* pkg/specgen: Disable kube play tests on FreeBSD
* libpod/lock: Fix build and tests for SHM locks on FreeBSD
* podman cp: fix copying with '.' suffix
* pkginstaller: bump Qemu to version 7.1.0
* specgen,wasm: switch to crun-wasm wherever applicable
* vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
* libpod: Make unit test for statToPercent Linux only
* Update vendor of containers/storage
* fix connection usage with containers.conf
* Add --quiet and --no-info flags to podman machine start
* Add hidden podman manifest inspect -v option
* Add podman volume create -d short option for driver
* Vendor in latest containers/(common,image,storage)
* Add podman system events alias to podman events
* Fix search_test to return correct version of alpine
* GHA: Fix undefined secret env. var.
* Release notes for 4.3.1
* GHA: Fix make_email-body script reference
* Add release keys to README
* GHA: Fix typo setting output parameter
* GHA: Fix typo.
* New tool, docs/version-check
* Formalize our compare-against-docker mechanism
* Add restart-sec for container service files
* test/tools: bump module to go 1.17
* contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
* build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
* libpod: Add FreeBSD support in packageVersion
* Allow podman manigest push --purge|-p as alias for --rm
* [CI:DOCS] Add performance tutorial
* [CI:DOCS] Fix build targets in build_osx.md.
* fix --format {{json .}} output to match docker
* remote: fix manifest add --annotation
* Skip test if `--events-backend` is necessary with podman-remote
* kube play: update the handling of PersistentVolumeClaim
* system tests: fix a system test in proxy environment
* Use single unqualified search registry on Windows
* test/system: Add, use tcp_port_probe() to check for listeners rather than binds
* test/system: Add tests for pasta(1) connectivity
* test/system: Move network-related helpers to helpers.network.bash
* test/system: Use procfs to find bound ports, with optional address and protocol
* test/system: Use port_is_free() from wait_for_port()
* libpod: Add pasta networking mode
* More log-flake work
* Fix test flakes caused by improper podman-logs
* fix incorrect systemd booted check
* Cirrus: Add tests for GHA scripts
* GHA: Update scripts to pass shellcheck
* Cirrus: Shellcheck github-action scripts
* Cirrus: shellcheck support for github-action scripts
* GHA: Fix cirrus-cron scripts
* Makefile: don't install to tmpfiles.d on FreeBSD
* Make sure we can build and read each line of docker py's api client
* Docker compat build api - make sure only one line appears per flush
* Run codespell on code
* Update vendor of containers/(image, storage, common)
* Allow namespace path network option for pods.
* Cirrus: Never skip running Windows Cross task
* GHA: Auto. re-run failed cirrus-cron builds once
* GHA: Migrate inline script to file
* GHA: Simplify script reference
* test/e2e: do not use apk in builds
* remove container/pod id file along with container/pod
* Cirrus: Synchronize windows image
* Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
* runtime: add check for valid pod systemd cgroup
* CI: set and verify DESIRED_NETWORK (netavark, cni)
* [CI:DOCS] troubleshooting: document keep-id options
* Man pages: refactor common options: --security-opt
* Cirrus: Guarantee CNI testing w/o nv/av present
* Cirrus: temp. disable all Ubuntu testing
* Cirrus: Update to F37beta
* buildah bud tests: better handling of remote
* quadlet: Warn in generator if using short names
* Add Windows Smoke Testing
* Add podman kube apply command
* docs: offer advice on installing test dependencies
* Fix documentation on read-only-tmpfs
* version bump to 4.4.0-dev
* deps: bump go-criu to v6
* Makefile: Add cross build targets for freebsd
* pkg/machine: Make this build on FreeBSD/arm64
* pkg/rctl: Remove unused cgo dependency
* man pages: assorted underscore fixes
* Upgrade GitHub actions packages from v2 to v3
* vendor github.com/godbus/dbus/v5@4b691ce
* [CI:DOCS] fix --tmpdir typos
* Do not report that /usr/share/containers/storage.conf has been edited.
* Eval symlinks on XDG_RUNTIME_DIR
* hack/podmansnoop
* rootless: support keep-id with one mapping
* rootless: add argument to GetConfiguredMappings
* Update vendor containers/(common,storage,buildah,image)
* Fix deadlock between 'podman ps' and 'container inspect' commands
* Add information about where the libpod/boltdb database lives
* Consolidate the dependencies for the IsTerminal() API
* Ensure that StartAndAttach locks while sending signals
* ginkgo testing: fix podman usernamespace join
* Test runners: nuke podman from $PATH before tests
* volumes: Fix idmap not working for volumes
* FIXME: Temporary workaround for ubi8 CI breakage
* System tests: teardown: clean up volumes
* update api versions on docs.podman.io
* system tests: runlabel: use podman-under-test
* system tests: podman network create: use random port
* sig-proxy test: bump timeout
* play kube: Allow the user to import the contents of a tar file into a volume
* Clarify the docs on DropCapability
* quadlet tests: Disable kmsg logging while testing
* quadlet: Support multiple Network=
* quadlet: Add support for Network=...
* Fix manpage for podman run --network option
* quadlet: Add support for AddDevice=
* quadlet: Add support for setting seccomp profile
* quadlet: Allow multiple elements on each Add/DropCaps line
* quadlet: Embed the correct binary name in the generated comment
* quadlet: Drop the SocketActivated key
* quadlet: Switch log-driver to passthrough
* quadlet: Change ReadOnly to default to enabled
* quadlet tests: Run the tests even for (exected) failed tests
* quadlet tests: Fix handling of stderr checks
* Remove unused script file
* notifyproxy: fix container watcher
* container/pod id file: truncate instead of throwing an error
* quadlet: Use the new podman create volume --ignore
* Add podman volume create --ignore
* logcollector: include aardvark-dns
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
* build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
* docs: generate systemd: point to kube template
* docs: kube play: mention restart policy
* Fixes: 15858 (podman system reset --force destroy machine)
* fix search flake
* use cached containers.conf
* adding regex support to the ancestor ps filter function
* Fix `system df` issues with `-f` and `-v`
* markdown-preprocess: cross-reference where opts are used
* Default qemu flags for Windows amd64
* build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
* Update main to reflect v4.3.0 release
* build(deps): bump github.com/docker/docker
* move quadlet packages into pkg/systemd
* system df: fix image-size calculations
* Add man page for quadlet
* Fix small typo
* testimage: add iproute2 & socat, for pasta networking
* Set up minikube for k8s testing
* Makefile: don't install systemd generator binaries on FreeBSD
* [CI:BUILD] copr: podman rpm should depend on containers-common-extra
* Podman image: Set default_sysctls to empty for rootless containers
* Don't use github.com/docker/distribution
* libpod: Add support for 'podman top' on FreeBSD
* libpod: Factor out jail name construction from stats_freebsd.go
* pkg/util: Add pid information descriptors for FreeBSD
* Initial quadlet version integrated in golang
* bump golangci-lint to v1.49.0
* Update vendor containers/(common,image,storage)
* Allow volume mount dups, iff source and dest dirs
* rootless: fix return value handling
* Change to correct break statements
* vendor containers/psgo@v1.8.0
* Clarify that MacOSX docs are client specific
* libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
* Add swagger install + allow version updates in CI
* Cirrus: Fix windows clone race
* build(deps): bump github.com/docker/docker
* kill: wait for the container
* generate systemd: set --stop-timeout for stopping containers
* hack/tree_status.sh: print diff at the end
* Fix markdown header typo
* markdown-preprocess: add generic include mechanism
* markdown-preprocess: almost complete OO rewrite
* Update tests for changed error messages
* Update c/image after https://github.com/containers/image/pull/1299
* Man pages: refactor common options (misc)
* Man pages: Refactor common options: --detach-keys
* vendor containers/storage@main
* Man pages: refactor common options: --attach
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
* KillContainer: improve error message
* docs: add missing options
* Man pages: refactor common options: --annotation (manifest)
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
* system tests: health-on-failure: fix broken logic
* build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
* build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
* ContainerEngine.SetupRootless(): Avoid calling container.Config()
* Container filters: Avoid use of ctr.Config()
* Avoid unnecessary calls to Container.Spec()
* Add and use Container.LinuxResource() helper
* play kube: notifyproxy: listen before starting the pod
* play kube: add support for configmap binaryData
* Add and use libpod/Container.Terminal() helper
* Revert 'Add checkpoint image tests'
* Revert 'cmd/podman: add support for checkpoint images'
* healthcheck: fix --on-failure=stop
* Man pages: Add mention of behavior due to XDG_CONFIG_HOME
* build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
* Avoid unnecessary timeout of 250msec when waiting on container shutdown
* health checks: make on-failure action retry aware
* libpod: Remove 100msec delay during shutdown
* libpod: Add support for 'podman pod' on FreeBSD
* libpod: Factor out cgroup validation from (*Runtime).NewPod
* libpod: Move runtime_pod_linux.go to runtime_pod_common.go
* specgen/generate: Avoid a nil dereference in MakePod
* libpod: Factor out cgroups handling from (*Pod).refresh
* Adds a link to OSX docs in CONTRIBUTING.md
* Man pages: refactor common options: --os-version
* Create full path to a directory when DirectoryOrCreate is used with play kube
* Return error in podman system service if URI scheme is not unix/tcp
* Man pages: refactor common options: --time
* man pages: document some --format options: images
* Clean up when stopping pods
* Update vendor of containers/buildah v1.28.0
* Proof of concept: nightly dependency treadmill
- Make the priority for picking the storage driver configurable (bsc#1197093)
ImportantSUSE bug 1197093SUSE bug 1208364SUSE bug 1208510SUSE bug 1209495CVE-2023-0778 at SUSECVE-2023-0778 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
Update to containerd v1.6.19:
Security fixes:
- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).
- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).
ModerateSUSE bug 1208423SUSE bug 1208426CVE-2023-25153 at SUSECVE-2023-25153 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:suse:sle-micro:5.4Security update for harfbuzz (Important)SUSE Linux Enterprise Micro 5.4
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:sle-micro:5.4Security update for wayland (Important)SUSE Linux Enterprise Micro 5.4
This update for wayland fixes the following issues:
- CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486)
ImportantSUSE bug 1190486CVE-2021-3782 at SUSECVE-2021-3782 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
The following non-security bugs were fixed:
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFS4trace: fix state manager flag printing (git-fixes).
- NFSD: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix race to check ls_layouts (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSD: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSD: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- NFSv4: provide mount option to toggle trunking discovery (git-fixes).
- NFSv4: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4: Fail client initialisation if state manager thread can't run (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB It grows and the build fails recently on SLE15-SP4/5.
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86: Annotate call_on_stack() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1189998SUSE bug 1193629SUSE bug 1194869SUSE bug 1203200SUSE bug 1206552SUSE bug 1207168SUSE bug 1207185SUSE bug 1207574SUSE bug 1208602SUSE bug 1208815SUSE bug 1208829SUSE bug 1208902SUSE bug 1209052SUSE bug 1209118SUSE bug 1209256SUSE bug 1209290SUSE bug 1209292SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209556SUSE bug 1209572SUSE bug 1209600SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209681SUSE bug 1209684SUSE bug 1209687SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1210050SUSE bug 1210203CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209873SUSE bug 1209878CVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:sle-micro:5.4Security update for dmidecode (Moderate)SUSE Linux Enterprise Micro 5.4
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:sle-micro:5.4Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- build the containerized-data-importer with a supported golang compiler (bsc#1208916)
ModerateSUSE bug 1208916cpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
- CVE-2023-26484: Limit operator secrets permission. (bsc#1209359)
kubevirt is also rebuilt with a supported GO compiler (bsc#1208916)
ImportantSUSE bug 1208916SUSE bug 1209359CVE-2023-26484 at SUSECVE-2023-26484 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
The following non-security bugs were fixed:
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Fix error path in pci-hyperv to unlock the mutex state_lock
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- NFSd: fix race to check ls_layouts (git-fixes).
- NFSd: shut down the NFSv4 state objects before the filecache (git-fixes).
- NFSd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- NFSd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: fix state manager flag printing (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- USB: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- USB: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- USB: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- USB: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- USB: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- USB: dwc3: Fix a typo in field name (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- USB: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- USB: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- USB: ucsi: Fix ucsi->connector race (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: xhci: tegra: fix sleep in atomic call (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- fotg210-udc: Add missing completion handler (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- kABI workaround for xhci (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kconfig: Update config changed flag before calling callback (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- struct dwc3: mask new member (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1189998SUSE bug 1193629SUSE bug 1194869SUSE bug 1198400SUSE bug 1203200SUSE bug 1206552SUSE bug 1207168SUSE bug 1207185SUSE bug 1207574SUSE bug 1208602SUSE bug 1208815SUSE bug 1208829SUSE bug 1208902SUSE bug 1209052SUSE bug 1209118SUSE bug 1209256SUSE bug 1209290SUSE bug 1209292SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209556SUSE bug 1209572SUSE bug 1209600SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209681SUSE bug 1209684SUSE bug 1209687SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1210050SUSE bug 1210203CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328).
ModerateSUSE bug 1210328CVE-2023-1981 at SUSECVE-2023-1981 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
Update to runc v1.1.5:
Security fixes:
- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).
Other fixes:
- Fix the inability to use `/dev/null` when inside a container.
- Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
- Fix rare runc exec/enter unshare error on older kernels.
- nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
ImportantSUSE bug 1168481SUSE bug 1208962SUSE bug 1209884SUSE bug 1209888CVE-2023-25809 at SUSECVE-2023-25809 at NVDCVE-2023-27561 at SUSECVE-2023-27561 at NVDCVE-2023-28642 at SUSECVE-2023-28642 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-ibmca (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-ibmca fixes the following issues:
Upgraded openssl-ibmca to version 2.4.0 (bsc#1210058)
- Provider: Adjustments for OpenSSL versions 3.1 and 3.2
- Provider: Support RSA blinding
- Provider: Constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding
- Provider: Support 'implicit rejection' option for RSA PKCS#1 v1.5 padding
- Provider: Adjustments in OpenSSL config generator and example configs
- Engine: EC: Cache ICA key in EC_KEY object (performance improvement)
- FIPS 140-3: Correct engine handling so only the ciphers selected in the config file are activated (bsc#1210359)
ModerateSUSE bug 1210058SUSE bug 1210359cpe:/o:suse:sle-micro:5.4Security update for libtpms (Important)SUSE Linux Enterprise Micro 5.4
This update for libtpms fixes the following issues:
- CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022).
- CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023).
ImportantSUSE bug 1206022SUSE bug 1206023CVE-2023-1017 at SUSECVE-2023-1017 at NVDCVE-2023-1018 at SUSECVE-2023-1018 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
The following non-security bug was fixed:
- Remove unneeded dependency (bsc#1209918).
ModerateSUSE bug 1209918SUSE bug 1210411SUSE bug 1210412CVE-2023-28484 at SUSECVE-2023-28484 at NVDCVE-2023-29469 at SUSECVE-2023-29469 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).
The following non-security bug was fixed:
- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).
ModerateSUSE bug 1209713SUSE bug 1209714SUSE bug 1210135CVE-2023-24593 at SUSECVE-2023-24593 at NVDCVE-2023-25180 at SUSECVE-2023-25180 at NVDcpe:/o:suse:sle-micro:5.4Security update for installation-images (Moderate)SUSE Linux Enterprise Micro 5.4
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:sle-micro:5.4Security update for shim (Important)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
- CVE-2022-28737 was missing as reference previously.
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
Logic was added that is using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
ImportantSUSE bug 1210382CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1443, fixes the following security problems
- CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042).
- CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
ModerateSUSE bug 1208828SUSE bug 1209042SUSE bug 1209187CVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1264 at SUSECVE-2023-1264 at NVDCVE-2023-1355 at SUSECVE-2023-1355 at NVDcpe:/o:suse:sle-micro:5.4Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
ModerateSUSE bug 1210434CVE-2023-29491 at SUSECVE-2023-29491 at NVDcpe:/o:suse:sle-micro:5.4Security update for ignition (Important)SUSE Linux Enterprise Micro 5.4
This update of ignition fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
The following non-security bugs were fixed:
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798).
- sched/fair: Limit sched slice duration (bsc#1189999).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
kernel-default-base changed:
- Do not ship on s390x (bsc#1210729)
- Add exfat (bsc#1208822)
- Add _diag modules for included socket types (bsc#1204042)
ImportantSUSE bug 1142685SUSE bug 1155798SUSE bug 1174777SUSE bug 1189999SUSE bug 1194869SUSE bug 1203039SUSE bug 1203325SUSE bug 1204042SUSE bug 1206649SUSE bug 1206891SUSE bug 1206992SUSE bug 1207088SUSE bug 1208076SUSE bug 1208822SUSE bug 1208845SUSE bug 1209615SUSE bug 1209693SUSE bug 1209739SUSE bug 1209871SUSE bug 1209927SUSE bug 1209999SUSE bug 1210034SUSE bug 1210158SUSE bug 1210202SUSE bug 1210206SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210439SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210499SUSE bug 1210506SUSE bug 1210629SUSE bug 1210630SUSE bug 1210725SUSE bug 1210729SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210793SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210943SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Important)SUSE Linux Enterprise Micro 5.4
This update of conmon fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
ImportantSUSE bug 1211230SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233CVE-2023-28319 at SUSECVE-2023-28319 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2235: A use-after-free vulnerability in the Performance Events system can be exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL checking against IS_ERR in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2019: A flaw was found in the netdevsim device driver, more specifically within the scheduling of events. This issue results from the improper management of a reference count and may lead to a denial of service (bsc#1210454).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
The following non-security bugs were fixed:
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- arm64: enable jump-label jump-label was disabled on arm64 by a backport error.
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cifs: fix negotiate context parsing (bsc#1210301).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- config: arm64: enable ERRATUM_843419 Config option was incorrectly replaced by the rt-refresh-configs script
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users.
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- locking/rwbase: Mitigate indefinite writer starvation.
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)).
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759)
- supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759)
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
ImportantSUSE bug 1142685SUSE bug 1155798SUSE bug 1174777SUSE bug 1189999SUSE bug 1194869SUSE bug 1203039SUSE bug 1203325SUSE bug 1206649SUSE bug 1206891SUSE bug 1206992SUSE bug 1207088SUSE bug 1208076SUSE bug 1208845SUSE bug 1209615SUSE bug 1209693SUSE bug 1209739SUSE bug 1209871SUSE bug 1209927SUSE bug 1209999SUSE bug 1210034SUSE bug 1210158SUSE bug 1210202SUSE bug 1210206SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210439SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210506SUSE bug 1210629SUSE bug 1210725SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210793SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210943SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2019 at SUSECVE-2023-2019 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- CVE-2021-38578: Fixed potential underflow in SmmEntryPointwhen computing BufferSize (bsc#1196741).
- CVE-2019-14560: Fixed potential secure boot bypass caused by improper check of GetEfiGlobalVariable2() return value (bsc#1174246).
- revert a patch to fix xen boot problems (bsc#1205613)
ImportantSUSE bug 1174246SUSE bug 1196741SUSE bug 1205613CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382).
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)
ImportantSUSE bug 1210298cpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update of runc fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.4
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
Fixed multiple out of bounds read/write security issues:
CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228),
CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231),
CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234),
CVE-2023-0804 (bsc#1208236).
ModerateSUSE bug 1208226SUSE bug 1208227SUSE bug 1208228SUSE bug 1208229SUSE bug 1208230SUSE bug 1208231SUSE bug 1208232SUSE bug 1208233SUSE bug 1208234SUSE bug 1208236CVE-2023-0795 at SUSECVE-2023-0795 at NVDCVE-2023-0796 at SUSECVE-2023-0796 at NVDCVE-2023-0797 at SUSECVE-2023-0797 at NVDCVE-2023-0798 at SUSECVE-2023-0798 at NVDCVE-2023-0799 at SUSECVE-2023-0799 at NVDCVE-2023-0800 at SUSECVE-2023-0800 at NVDCVE-2023-0801 at SUSECVE-2023-0801 at NVDCVE-2023-0802 at SUSECVE-2023-0802 at NVDCVE-2023-0803 at SUSECVE-2023-0803 at NVDCVE-2023-0804 at SUSECVE-2023-0804 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:sle-micro:5.4Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libvirt fixes the following issues:
- CVE-2023-2700: Fixed a memory leak that could be triggered by
repeatedly querying an SR-IOV PCI device's capabilities
(bsc#1211390).
Non-security fixes:
- Fixed a potential crash during driver cleanup (bsc#1209861).
- Added Apparmor support for SUSE edk2 firmware paths (boo#1208567).
- Fixed lxc container initialization with systemd and hybrid groups
(boo#1183247).
- Added the option to specify the virtual CPU address size in bits for
qemu (bsc#1199583).
ModerateSUSE bug 1183247SUSE bug 1199583SUSE bug 1208567SUSE bug 1209861SUSE bug 1211390CVE-2023-2700 at SUSECVE-2023-2700 at NVDcpe:/o:suse:sle-micro:5.4Security update for openldap2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
ModerateSUSE bug 1211795CVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
ModerateSUSE bug 1211894CVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:suse:sle-micro:5.4Security update for Salt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:sle-micro:5.4Security update for salt and python-pyzmq (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt and python-pyzmq fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-pyzmq:
- Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945)
ModerateSUSE bug 1186945SUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).
Bug fixes:
- Fixed build problem with grpc 1.54 (bsc#1210695).
ModerateSUSE bug 1210695SUSE bug 1212143CVE-2023-20867 at SUSECVE-2023-20867 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Important)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Important)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
ImportantSUSE bug 1212230CVE-2023-34241 at SUSECVE-2023-34241 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).
ImportantSUSE bug 1210996SUSE bug 1211256SUSE bug 1211257CVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect the testsuite (bsc#1201627).
ModerateSUSE bug 1201627SUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm-hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1172073SUSE bug 1191731SUSE bug 1193629SUSE bug 1195655SUSE bug 1195921SUSE bug 1203906SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1206578SUSE bug 1207553SUSE bug 1208604SUSE bug 1208758SUSE bug 1209287SUSE bug 1209288SUSE bug 1209856SUSE bug 1209982SUSE bug 1210165SUSE bug 1210294SUSE bug 1210449SUSE bug 1210450SUSE bug 1210498SUSE bug 1210533SUSE bug 1210551SUSE bug 1210647SUSE bug 1210741SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210806SUSE bug 1210940SUSE bug 1210947SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211847SUSE bug 1211855SUSE bug 1211960CVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:sle-micro:5.4Security update for libcap (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
ModerateSUSE bug 1211418SUSE bug 1211419CVE-2023-2602 at SUSECVE-2023-2602 at NVDCVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-35828: Fixed a use-after-free flaw inside renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35823: Fixed a use-after-free in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-1249: Fixed a use-after-free flaw inside the core dump subsystem, that could have been used to crash the system (bsc#1209039).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes).
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions (git-fixes).
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- Input: fix open count when closing inhibited device (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not hypercall before EL2 init (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- jfs: Fix fortify moan in symlink (git-fixes).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414).
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qede: Fix scheduling while atomic (git-fixes).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (bsc#1210947)
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390: Hard lockups are observed while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- supported.conf: mark mana_ib supported
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1152489SUSE bug 1160435SUSE bug 1172073SUSE bug 1189998SUSE bug 1191731SUSE bug 1193629SUSE bug 1194869SUSE bug 1195655SUSE bug 1195921SUSE bug 1203906SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1206578SUSE bug 1207553SUSE bug 1208050SUSE bug 1208410SUSE bug 1208600SUSE bug 1208604SUSE bug 1208758SUSE bug 1209039SUSE bug 1209287SUSE bug 1209288SUSE bug 1209367SUSE bug 1209856SUSE bug 1209982SUSE bug 1210165SUSE bug 1210294SUSE bug 1210449SUSE bug 1210450SUSE bug 1210498SUSE bug 1210533SUSE bug 1210551SUSE bug 1210647SUSE bug 1210741SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210806SUSE bug 1210940SUSE bug 1210947SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211410SUSE bug 1211414SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211847SUSE bug 1211852SUSE bug 1211855SUSE bug 1211960SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212350SUSE bug 1212448SUSE bug 1212494SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592CVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
The following non-security bugs were fixed:
- Get module prefix from kmod (bsc#1212835).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- elf: correct note name comment (git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- pstore/ram: Add check for kstrdup (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
ImportantSUSE bug 1187829SUSE bug 1194869SUSE bug 1210335SUSE bug 1212051SUSE bug 1212265SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drop dvb-core fix patch due to a bug (bsc#1205758).
- Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796).
- Generalize kernel-doc build requirements.
- Get module prefix from kmod (bsc#1212835).
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- Update the Mellanox/Nvidia mlx5_core driver (jsc#SLE-19253).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- elf: correct note name comment (git-fixes).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- gfs2: Do not deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: google: add jewel USB id (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: hold uring mutex around poll removal (bsc#1212838 CVE-2023-3389).
- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- jfs: Fix fortify moan in symlink (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sched: tcindex: Do not use perfect hashing (bsc#1210335 CVE-2023-1829).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- pstore/ram: Add check for kstrdup (git-fixes).
- qed/qede: Fix scheduling while atomic (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- regmap: Account for register length when chunking (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: octeon: delete my name from TODO contact (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1152489SUSE bug 1160435SUSE bug 1187829SUSE bug 1189998SUSE bug 1194869SUSE bug 1205758SUSE bug 1208410SUSE bug 1208600SUSE bug 1209039SUSE bug 1209367SUSE bug 1210335SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211410SUSE bug 1211449SUSE bug 1211796SUSE bug 1211852SUSE bug 1212051SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212265SUSE bug 1212350SUSE bug 1212448SUSE bug 1212494SUSE bug 1212495SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
ModerateSUSE bug 1211674CVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:sle-micro:5.4Security update for dbus-1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
ModerateSUSE bug 1212126CVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:suse:sle-micro:5.4Security update for perl (Important)SUSE Linux Enterprise Micro 5.4
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
ModerateSUSE bug 1213237CVE-2023-32001 at SUSECVE-2023-32001 at NVDcpe:/o:suse:sle-micro:5.4Security update for samba (Important)SUSE Linux Enterprise Micro 5.4
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ImportantSUSE bug 1213171SUSE bug 1213172SUSE bug 1213173SUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDCVE-2023-34966 at SUSECVE-2023-34966 at NVDCVE-2023-34967 at SUSECVE-2023-34967 at NVDCVE-2023-34968 at SUSECVE-2023-34968 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Important)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
ImportantSUSE bug 1186673SUSE bug 1209536SUSE bug 1213004SUSE bug 1213008SUSE bug 1213504CVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
ModerateSUSE bug 1213487CVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Important)SUSE Linux Enterprise Micro 5.4
This update for conmon fixes the following issues:
conmon was updated to version 2.1.7:
- Bumped go version to 1.19 (bsc#1209307).
Bugfixes:
- Fixed leaking symbolic links in the opt_socket_path directory.
- Fixed cgroup oom issues (bsc#1208737).
- Fixed OOM watcher for cgroupv2 `oom_kill` events.
ImportantSUSE bug 1208737SUSE bug 1209307cpe:/o:suse:sle-micro:5.4Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
This update rebuilds containerized-data-importer against the current GO security release.
Moderatecpe:/o:suse:sle-micro:5.4Security update for librsvg (Important)SUSE Linux Enterprise Micro 5.4
This update for librsvg fixes the following issues:
librsvg was updated to version 2.52.10:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
ImportantSUSE bug 1213502CVE-2023-38633 at SUSECVE-2023-38633 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
- CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).
ModerateSUSE bug 1213286CVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
This update rebuilds the kubevirt stack with the current GO release.
Moderatecpe:/o:suse:sle-micro:5.4Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update fixes the following issues:
python-tornado:
- Security fixes:
* CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
* Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
spacecmd:
- Version 4.3.22-1
* Bypass traditional systems check on older SUMA instances (bsc#1208612)
ModerateSUSE bug 1208612SUSE bug 1211741SUSE bug 1212279CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
ModerateSUSE bug 1210994SUSE bug 1211591SUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- Fix documentation of panic_on_warn (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- Update config and supported.conf files due to renaming.
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- security: keys: Modify mismatched function name (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1207894SUSE bug 1208788SUSE bug 1210565SUSE bug 1210584SUSE bug 1210853SUSE bug 1211243SUSE bug 1211811SUSE bug 1211867SUSE bug 1212301SUSE bug 1212846SUSE bug 1212905SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213134SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213286SUSE bug 1213523SUSE bug 1213524SUSE bug 1213543SUSE bug 1213705CVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128).
- CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131).
ImportantSUSE bug 1213128SUSE bug 1213131CVE-2023-37327 at SUSECVE-2023-37327 at NVDCVE-2023-37328 at SUSECVE-2023-37328 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2023-2861: Fixed improper access control on special files in 9pfs (bsc#1212968).
- CVE-2023-3301: Fixed NULL pointer dereference in vhost_vdpa_get_vhost_net() (bsc#1213414).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
ImportantSUSE bug 1212968SUSE bug 1213001SUSE bug 1213414CVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2023-3255 at SUSECVE-2023-3255 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2021-41229: Fix leaking buffers stored in cstates cache. (bsc#1192760)
ModerateSUSE bug 1192760CVE-2021-41229 at SUSECVE-2021-41229 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.4Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
ModerateSUSE bug 1212928CVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- afs: Fix access after dec in put functions (git-fixes).
- afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: Fix dynamic root getattr (git-fixes).
- afs: Fix fileserver probe RTT handling (git-fixes).
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: Fix lost servers_outstanding count (git-fixes).
- afs: Fix server->active leak in afs_put_server (git-fixes).
- afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: Fix updating of i_size with dv jump from server (git-fixes).
- afs: Fix vlserver probe RTT handling (git-fixes).
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
- afs: Use refcount_t rather than atomic_t (git-fixes).
- afs: Use the operation issue time instead of the reply time for callbacks (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
- block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Handle PPS start time programming for past time values (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901).
- net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes).
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- regmap: Account for register length in SMBus I/O limits (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes (git-fixes).
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: Count reschedule IPIs (git-fixes).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: Prevent page release when nothing was received (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: Fix build errors as symbol undefined (git-fixes).
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: Fix memory leak in do_rename (git-fixes).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: Fix to add refcount once page is set private (git-fixes).
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: Free memory for tmpfile name (git-fixes).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: Rename whiteout atomically (git-fixes).
- ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost: support PACKED when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: Maintain reverse cleanup order (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
ImportantSUSE bug 1206418SUSE bug 1207129SUSE bug 1210627SUSE bug 1210780SUSE bug 1211131SUSE bug 1211738SUSE bug 1212502SUSE bug 1212604SUSE bug 1212901SUSE bug 1213167SUSE bug 1213272SUSE bug 1213287SUSE bug 1213304SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213620SUSE bug 1213653SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213842SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- add module_firmware() for firmware_tg357766 (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- afs: fix access after dec in put functions (git-fixes).
- afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: fix dynamic root getattr (git-fixes).
- afs: fix fileserver probe rtt handling (git-fixes).
- afs: fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: fix lost servers_outstanding count (git-fixes).
- afs: fix server->active leak in afs_put_server (git-fixes).
- afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: fix updating of i_size with dv jump from server (git-fixes).
- afs: fix vlserver probe rtt handling (git-fixes).
- afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
- afs: use refcount_t rather than atomic_t (git-fixes).
- afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: fireface: make read-only const array for model names static (git-fixes).
- alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
- alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
- alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
- alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
- alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
- alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
- alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
- alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/realtek: whitespace fix (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- alsa: oxfw: make read-only const array models static (git-fixes).
- alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)
- arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
- asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
- asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: tegra: fix adx byte map (git-fixes).
- asoc: tegra: fix amx byte map (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- can: bcm: fix uaf in bcm_proc_show() (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in debugdata (bsc#1193629).
- cifs: print client_guid in debugdata (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes).
- clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
- coda: avoid partial allocation of sig_inputargs (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- crypto: kpp - add helper to set reqsize (git-fixes).
- crypto: qat - use helper to set reqsize (git-fixes).
- delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705.
- devlink: fix kernel-doc notation warnings (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- docs: networking: update codeaurora references for rmnet (git-fixes).
- documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- documentation: timers: hrtimers: make hybrid union historical (git-fixes).
- drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
- drm/amd/display: disable mpc split by default on special asic (git-fixes).
- drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes).
- drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: validate vm ioctl flags (git-fixes).
- drm/atomic: allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
- drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
- drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915: fix one wrong caching mode enum usage (git-fixes).
- drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
- drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes).
- drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
- drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes).
- drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/ttm: do not leak a resource on swapout move error (git-fixes).
- drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)
- dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes).
- enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#PED-4758)
- ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling mmp (bsc#1213100).
- ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: fix warning in ext4_update_inline_data (bsc#1213012).
- ext4: fix warning in mb_find_extent (bsc#1213099).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the may_inline_data flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- file: always lock position for fmode_atomic_pos (bsc#1213759).
- fix documentation of panic_on_warn (git-fixes).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -eagain or error returns (git-fixes).
- fs: dlm: return positive pid value for f_getlk (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
- fuse: ioctl: translate enosys in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- gve: set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) allow setting sample averaging (git-fixes).
- hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes).
- hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes).
- i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: do not try to handle more interrupt events after error (git-fixes).
- iavf: fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix use-after-free in free_netdev (git-fixes).
- iavf: use internal state to free traffic irqs (git-fixes).
- ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
- igc: check if hardware tx timestamping is enabled earlier (git-fixes).
- igc: enable and fix rx hash usage by netstack (git-fixes).
- igc: fix inserting of empty frame for launchtime (git-fixes).
- igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
- igc: fix launchtime before start of cycle (git-fixes).
- igc: fix race condition in ptp tx code (git-fixes).
- igc: handle pps start time programming for past time values (git-fixes).
- igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
- igc: remove delay during tx ring configuration (git-fixes).
- igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: work around hw bug causing missing timestamps (git-fixes).
- inotify: avoid reporting event with invalid wd (bsc#1213025).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
- kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: i2c: ch7322: also select regmap (git-fixes).
- media: i2c: correct format propagation for st-mipid02 (git-fixes).
- media: staging: atomisp: select v4l2_fwnode (git-fixes).
- media: usb: check az6007_read() return value (git-fixes).
- media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: fix align() of non power of two (git-fixes).
- media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
- mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: add support for vlan tagging (bsc#1212301).
- net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901).
- net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- ocfs2: switch to security_inode_init_security() (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: add additional check for mcam rules (git-fixes).
- opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
- pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
- phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
- pinctrl: amd: do not show `invalid config param` errors (git-fixes).
- pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
- pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes).
- powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: fix vas mm use after free (bsc#1194869).
- powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: fix kernel config grep (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pwm: ab8500: fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
- regmap: account for register length in smbus i/o limits (git-fixes).
- regmap: drop initial version of maximum transfer length fixes (git-fixes).
- revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes)
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revert 'xhci: add quirk for host controllers that do not update endpoint dcs' (git-fixes).
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rpm: update dependency to match current kmod.
- rsi: remove kernel-doc comment marker (git-fixes).
- rxrpc, afs: fix selection of abort codes (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715).
- s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: count reschedule ipis (git-fixes).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: fix debug && !schedstats warn (git-fixes)
- scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756).
- scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756).
- scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
- scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756).
- scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756).
- scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
- scsi: qla2xxx: array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: correct the index of array (bsc#1213747).
- scsi: qla2xxx: drop useless list_head (bsc#1213747).
- scsi: qla2xxx: fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
- scsi: qla2xxx: fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: fix end of loop test (bsc#1213747).
- scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
- scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
- scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: fix tmf leak through (bsc#1213747).
- scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
- scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747).
- scsi: qla2xxx: silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
- security: keys: modify mismatched function name (git-fixes).
- selftests: mptcp: depend on syn_cookies (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add conntrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
- signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
- signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in smb2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in cifsfindfirst() (bsc#1193629).
- smb: client: fix warning in cifsfindnext() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve dfs mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: prevent page release when nothing was received (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tpm_tis: explicitly check for error code (git-fixes).
- tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: fix build errors as symbol undefined (git-fixes).
- ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: fix memory leak in do_rename (git-fixes).
- ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: fix to add refcount once page is set private (git-fixes).
- ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: free memory for tmpfile name (git-fixes).
- ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
- ubifs: reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes).
- udf: avoid double brelse() in udf_rename() (bsc#1213032).
- udf: define efscorrupted error code (bsc#1213038).
- udf: detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: discard preallocation before extending file with a hole (bsc#1213036).
- udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035).
- udf: do not bother merging very long extents (bsc#1213040).
- udf: do not update file length for failed writes to inline files (bsc#1213041).
- udf: fix error handling in udf_new_inode() (bsc#1213112).
- udf: fix extending file within last block (bsc#1213037).
- udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: preserve link count of system files (bsc#1213113).
- udf: truncate added extents on failed expansion (bsc#1213039).
- update config and supported.conf files due to renaming.
- update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604). added bug reference.
- usb: dwc2: fix some error handling paths (git-fixes).
- usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: serial: option: add lara-r6 01b pids (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost: support packed when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: maintain reverse cleanup order (git-fixes).
- virtio_net: fix error unwinding of xdp initialization (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- x86/pvh: obtain vga console info in dom0 (git-fixes).
- x86: fix .brk attribute in linker script (git-fixes).
- xen/blkfront: only check req_fua for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: ail needs asynchronous cil forcing (bsc#1211811).
- xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: cil work is serialised, not pipelined (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk ail insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from cil commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the cil workqueue to the cil (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order cil checkpoint start records (bsc#1211811).
- xfs: pass a cil context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down ail (bsc#1211811).
- xfs: xlog_state_ioerror must die (bsc#1211811).
- xhci: fix resume issue of some zhaoxin hosts (git-fixes).
- xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
- xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1206418SUSE bug 1207129SUSE bug 1207894SUSE bug 1208788SUSE bug 1210565SUSE bug 1210584SUSE bug 1210627SUSE bug 1210780SUSE bug 1210853SUSE bug 1211131SUSE bug 1211243SUSE bug 1211738SUSE bug 1211811SUSE bug 1211867SUSE bug 1212301SUSE bug 1212502SUSE bug 1212604SUSE bug 1212846SUSE bug 1212901SUSE bug 1212905SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213134SUSE bug 1213167SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213272SUSE bug 1213286SUSE bug 1213287SUSE bug 1213304SUSE bug 1213523SUSE bug 1213524SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213620SUSE bug 1213653SUSE bug 1213705SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:suse:sle-micro:5.4Security update for pcre2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
ModerateSUSE bug 1213514CVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
- CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287)
ModerateSUSE bug 1213287CVE-2023-20569 at SUSECVE-2023-20569 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
ImportantSUSE bug 1214054CVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-configobj (Low)SUSE Linux Enterprise Micro 5.4
This update for python-configobj fixes the following issues:
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).
LowSUSE bug 1210070CVE-2023-26112 at SUSECVE-2023-26112 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
- CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure.
- CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure.
- CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege.
ImportantSUSE bug 1206418SUSE bug 1214099CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
ModerateSUSE bug 1027519SUSE bug 1213616SUSE bug 1214082SUSE bug 1214083CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
- Don't pass zero length input to EVP_Cipher because s390x assembler optimized AES cannot handle zero size. (bsc#1213517)
ModerateSUSE bug 1213517SUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:sle-micro:5.4Feature update for LibreOffice and xmlsec1 (Important)SUSE Linux Enterprise Micro 5.4
This update for LibreOffice and xmlsec1 fixes the following issue:
libreoffice:
- Version update from 7.4.3.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#3549):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintained and will be removed in the future (boo#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* gpgme version update from 1.16.0 to 1.18.0
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:suse:sle-micro:5.4Security update for gawk (Low)SUSE Linux Enterprise Micro 5.4
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
LowSUSE bug 1214025CVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:suse:sle-micro:5.4Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.4
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
ImportantSUSE bug 1214248cpe:/o:suse:sle-micro:5.4Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
ModerateSUSE bug 1210419CVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102).
ModerateSUSE bug 1214102CVE-2023-40225 at SUSECVE-2023-40225 at NVDcpe:/o:suse:sle-micro:5.4Security update for procps (Low)SUSE Linux Enterprise Micro 5.4
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
LowSUSE bug 1214290CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).
This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421)
ImportantSUSE bug 1214566CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
ModerateSUSE bug 1210797SUSE bug 1212368SUSE bug 1213120SUSE bug 1213229SUSE bug 1213500SUSE bug 1214107SUSE bug 1214108SUSE bug 1214109CVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527)
ImportantSUSE bug 1214527CVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:suse:sle-micro:5.4Security update for icu73_2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for icu73_2 fixes the following issues:
- Update to release 73.2
* CLDR extends the support for “short” Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine
- Update to release 73.1
* Improved Japanese and Korean short-text line breaking
* Reduction of C++ memory use in date formatting
- Update to release 72.1
* Support for Unicode 15, including new characters, scripts,
emoji, and corresponding API constants.
* Support for CLDR 42 locale data with various additions and
corrections.
* Shift to tzdb 2022e. Pre-1970 data for a number of timezones
has been removed.
- bump library packagename to libicu71 to match the version.
- update to 71.1:
* updates to CLDR 41 locale data with various additions and corrections.
* phrase-based line breaking for Japanese. Existing line breaking methods
follow standards and conventions for body text but do not work well for
short Japanese text, such as in titles and headings. This new feature is
optimized for these use cases.
* support for Hindi written in Latin letters (hi_Latn). The CLDR data for
this increasingly popular locale has been significantly revised and
expanded. Note that based on user expectations, hi_Latn incorporates a
large amount of English, and can also be referred to as “Hinglish”.
* time zone data updated to version 2022a. Note that pre-1970 data for a
number of time zones has been removed, as has been the case in the upstream
tzdata release since 2021b.
- ICU-21793 Fix ucptrietest golden diff [bsc#1192935]
- Update to release 70.1:
* Unicode 14 (new characters, scripts, emoji, and API constants)
* CLDR 40 (many additions and corrections)
* Fixes for measurement unit formatting
* Can now be built with up to C++20 compilers
- ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder
- Update to release 69.1
* CLDR 39
* For Norwegian, 'no' is back to being the canonical code, with
'nb' treated as equivalent. This aligns handling of Norwegian
with other macro language codes.
* Binary prefixes in measurement units (KiB, MiB, etc.)
* Time zone offsets from local time: New APIs
BasicTimeZone::getOffsetFromLocal() (C++) and
ucal_getTimeZoneOffsetFromLocal()
- Backport ICU-21366 (bsc#1182645)
- Update to release 68.2
* Fix memory problem in FormattedStringBuilder
* Fix assertion when setKeywordValue w/ long value.
* Fix UBSan breakage on 8bit of rbbi
* fix int32_t overflow in listFormat
* Fix memory handling in MemoryPool::operator=()
* Fix memory leak in AliasReplacer
- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
Update to release 68.1:
* CLDR 38
* Measurement unit preferences
* PluralRules selection for ranges of numbers
* Locale ID canonicalization now conforms to the CLDR spec
including edge cases
* DateIntervalFormat supports output options such as capitalization
* Measurement units are normalized in skeleton string output
* Time zone data (tzdata) version 2020d
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
Update to version 67.1:
* Unicode 13 (ICU-20893, same as in ICU 66)
+ Total of 5930 new characters
+ 4 new scripts
+ 55 new emoji characters, plus additional new sequences
+ New CJK extension, first characters in plane 3: U+30000..U+3134A
* CLDR 37
+ New language at Modern coverage: Nigerian Pidgin
+ New languages at Basic coverage: Fulah (Adlam), Maithili,
Manipuri, Santali, Sindhi (Devanagari), Sundanese
+ Region containment: EU no longer includes GB
+ Unicode 13 root collation data and Chinese data for collation and transliteration
* DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442)
* Various other improvements for ECMA-402 conformance
* Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418)
* Currency formatting options for formal and other currency display name variants (ICU-20854)
* ListFormatter: new public API to select the style & type (ICU-12863)
* ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
* Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
* LocaleMatcher: New option to ignore one-way matches (ICU-20936),
and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
* acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
* Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073)
* Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
* and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
* Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
* Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531).
Update to version 66.1:
* Unicode 13 support
* Fix uses of u8'literals' broken by C++20 introduction of
incompatible char8_t type. (ICU-20972)
* use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- Remove /usr/lib(64)/icu/current [bsc#1158955].
Update to release 65.1 (jsc#SLE-11118):
* Updated to CLDR 36 locale data with many additions and
corrections, and some new measurement units.
* The Java LocaleMatcher API is improved, and ported to C++.
ModerateSUSE bug 1030253SUSE bug 1095425SUSE bug 1103893SUSE bug 1112183SUSE bug 1146907SUSE bug 1158955SUSE bug 1159131SUSE bug 1161007SUSE bug 1162882SUSE bug 1166844SUSE bug 1167603SUSE bug 1182252SUSE bug 1182645SUSE bug 1192935SUSE bug 1193951SUSE bug 354372SUSE bug 437293SUSE bug 824262CVE-2020-10531 at SUSECVE-2020-10531 at NVDCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Low)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
LowSUSE bug 1214806CVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:suse:sle-micro:5.4Security update for gcc12 (Important)SUSE Linux Enterprise Micro 5.4
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
ImportantSUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
ImportantSUSE bug 1215026CVE-2023-38039 at SUSECVE-2023-38039 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
ImportantSUSE bug 1215145SUSE bug 1215474CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDcpe:/o:suse:sle-micro:5.4Securitys update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
ImportantSUSE bug 1205927SUSE bug 1214850CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base
name. (bsc#1214797, bsc#1193948)
Bugs fixed:
- Create minion_id with reproducible mtime
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'salt_version' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses
(bsc#1213960, bsc#1213630, bsc#1213257)
ModerateSUSE bug 1193948SUSE bug 1210994SUSE bug 1212794SUSE bug 1212844SUSE bug 1212855SUSE bug 1213257SUSE bug 1213441SUSE bug 1213630SUSE bug 1213960SUSE bug 1214796SUSE bug 1214797SUSE bug 1215489CVE-2023-20897 at SUSECVE-2023-20897 at NVDCVE-2023-20898 at SUSECVE-2023-20898 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.4Security update for mdadm (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
ModerateSUSE bug 1214244SUSE bug 1214245CVE-2023-28736 at SUSECVE-2023-28736 at NVDCVE-2023-28938 at SUSECVE-2023-28938 at NVDcpe:/o:suse:sle-micro:5.4Security update for libeconf (Important)SUSE Linux Enterprise Micro 5.4
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
ImportantSUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033CVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: hold rtnl lock during mtu update via netlink (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y gone with a82baa8083b
- config_printk_safe_log_buf_shift=13 gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/atomic-helper: update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/msm: update dev core dump to not print backwards (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: adv7511: fix low refresh rate register for adv7533/5 (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: delete error messages for failed memory allocations (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix crash by keep old cfg when update tcs more than queues (git-fixes).
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update patches.suse/cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1205462SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1212091SUSE bug 1212142SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- Drop amdgpu patch causing spamming (bsc#1215523)
- acpi: processor: perflib: avoid updating frequency qos unnecessarily (git-fixes).
- acpi: processor: perflib: use the 'no limit' frequency qos (git-fixes).
- acpi: x86: s2idle: fix a logic error parsing amd constraints table (git-fixes).
- alsa: ac97: fix possible error value of *rac97 (git-fixes).
- alsa: hda/cs8409: support new dell dolphin variants (git-fixes).
- alsa: hda/realtek - remodified 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for hp victus 16-d1xxx to enable mute led (git-fixes).
- alsa: hda/realtek: add quirk for mute leds on hp envy x360 15-eu0xxx (git-fixes).
- alsa: hda/realtek: add quirks for hp g11 laptops (git-fixes).
- alsa: hda/realtek: switch dell oasis models to use spi (git-fixes).
- alsa: pcm: fix missing fixup call in compat hw_refine ioctl (git-fixes).
- alsa: usb-audio: add support for mythware xa001au capture and playback interfaces (git-fixes).
- alsa: usb-audio: fix init call orders for uac1 (git-fixes).
- alsa: ymfpci: fix the missing snd_card_free() call at probe error (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard phy reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: disable hs400 for emmc on rock pi 4 (git-fixes).
- arm: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix usb related warnings (git-fixes).
- arm: dts: imx6sll: fixup of operating points (git-fixes).
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- asoc: lower 'no backend dais enabled for ... port' log severity (git-fixes).
- asoc: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- asoc: rt5665: add missed regulator_bulk_disable (git-fixes).
- asoc: sof: intel: fix soundwire/hdaudio mutual exclusion (git-fixes).
- asoc: stac9766: fix build errors with regmap_ac97 (git-fixes).
- asoc: tegra: fix sfc conversion for few rates (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: compare against struct fb_info.device (git-fixes).
- batman-adv: do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: do not increase mtu when set by user (git-fixes).
- batman-adv: fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: fix tt global entry leak when client roamed back (git-fixes).
- batman-adv: trigger events for auto adjusted mtu (git-fixes).
- bluetooth: btusb: add mt7922 bluetooth id for the asus ally (git-fixes).
- bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- bluetooth: fix potential use-after-free when clear keys (git-fixes).
- bluetooth: l2cap: fix use-after-free (git-fixes).
- bluetooth: l2cap: fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- bluetooth: remove unused declaration amp_read_loc_info() (git-fixes).
- bnx2x: fix page fault following eeh recovery (bsc#1214299).
- bpf: disable preemption in bpf_event_output (git-fixes).
- bus: ti-sysc: fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: fix cast to enum warning (git-fixes).
- bus: ti-sysc: flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count rx overflow errors also in case of oom (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on mds stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore builtin_return_address_strips_pac (bsc#1214380). gcc7 on sle 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure pll for 393216000/361267200hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- config_nvme_verbose_errors=y gone with a82baa8083b
- config_printk_safe_log_buf_shift=13 gone with 7e152d55123
- cpu/smt: allow enabling partial smt states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/smt: store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: adjust balance_performance epp for sapphire rapids (bsc#1214659).
- cpufreq: intel_pstate: enable hwp io boost for all servers (bsc#1208949 jsc#ped-6003 jsc#ped-6004).
- cpufreq: intel_pstate: fix scaling for hybrid-capable systems with disabled e-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: rework hwp calibration (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: hybrid: use known scaling factor for p-cores (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- cpufreq: intel_pstate: read all msrs on the target cpu (bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- created new preempt kernel flavor configs are cloned from the respective $arch/default configs. all changed configs appart from config_preempt->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. tree_rcu has been also changed to preempt_rcu which is the default implementation for preempt kernel.
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - properly handle pm_runtime_get failing (git-fixes).
- dma-buf/sw_sync: avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: fix docs syntax (git-fixes).
- dmaengine: idxd: modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: return dma_paused when transaction is paused (git-fixes).
- dmaengine: ste_dma40: add missing irq check in d40_probe (git-fixes).
- docs/process/howto: replace c89 with c11 (bsc#1214756).
- docs: kernel-parameters: refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: fix hex printing of signed values (git-fixes).
- documentation: devices.txt: fix minors for ttycpm* (git-fixes).
- documentation: devices.txt: remove ttyioc* (git-fixes).
- documentation: devices.txt: remove ttysioc* (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on dcn3+ (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: use rmw accessors for changing lnkctl (git-fixes).
- drm/armada: fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: fix dram init on ast2200 (git-fixes).
- drm/bridge: anx7625: drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: fix -wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active mmu context (git-fixes).
- drm/mediatek: fix dereference before null check (git-fixes).
- drm/mediatek: fix potential memory leak if vmap() fail (git-fixes).
- drm/msm/a2xx: call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: do not leak some plane state (git-fixes).
- drm/nouveau/disp: revert a null check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/panel: simple: add missing connector type and pixel format for auo t215hvn01 (git-fixes).
- drm/panel: simple: fix auo g121ean01 panel timings according to the docs (git-fixes).
- drm/qxl: fix uaf on handle creation (git-fixes).
- drm/radeon: use rmw accessors for changing lnkctl (git-fixes).
- drm/rockchip: do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/tegra: dpaux: fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned bos for eviction&swap (git-fixes).
- drm/vmwgfx: fix shader stage validation (git-fixes).
- drm: xlnx: zynqmp_dpsub: add missing check for dma_set_mask (git-fixes).
- drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: fix typos in comments (jsc#ped-5738).
- e1000: remove unnecessary use of kmap_atomic() (jsc#ped-5738).
- e1000: switch to napi_build_skb() (jsc#ped-5738).
- e1000: switch to napi_consume_skb() (jsc#ped-5738).
- enable analog devices industrial ethernet phy driver (jsc#ped-4759)
- exfat: fix unexpected eof while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: do not assign to struct fb_info.dev (git-fixes).
- fbdev: fix potential oob read in fast_imageblit() (git-fixes).
- fbdev: fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: improve performance of sys_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: drop of node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential null pointer dereference (git-fixes).
- firmware: stratix10-svc: fix an null vs is_err() bug in probe (git-fixes).
- fs/sysv: null check to prevent null-ptr-deref bug (git-fixes).
- ftrace: fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: make tps68470_gpio_output() always set the initial value (git-fixes).
- hid: add quirk for 03f0:464a hp elite presenter mouse (git-fixes).
- hid: logitech-dj: fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: logitech-hidpp: add usb and bluetooth ids for the logitech g915 tkl keyboard (git-fixes).
- hid: multitouch: correct devm device reference for hidinput input_dev name (git-fixes).
- hid: wacom: remove the battery when the ekr is off (git-fixes).
- hwmon: (pmbus/bel-pfe) enable pmbus_skip_status_check for pfe1100 (git-fixes).
- hwmon: (tmp513) fix the channel number in tmp51x_is_visible() (git-fixes).
- hwpoison: offline support: fix spelling in documentation/abi/ (git-fixes).
- hwrng: iproc-rng200 - implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: bcm-iproc: fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: correct length byte validation logic (git-fixes).
- i2c: designware: handle invalid smbus block data response length value (git-fixes).
- i2c: hisi: only handle the interrupt of the driver's transfer (git-fixes).
- i2c: improve size determinations (git-fixes).
- i2c: nomadik: remove a useless call in the remove function (git-fixes).
- i2c: nomadik: remove unnecessary goto label (git-fixes).
- i2c: nomadik: use devm_clk_get_enabled() (git-fixes).
- i40e: fix an null vs is_err() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for fdir filters (git-fixes).
- ib/hfi1: fix possible panic during hotplug remove (git-fixes)
- ib/uverbs: fix an potential error pointer dereference (git-fixes)
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: fix rdma vsi removal during queue rebuild (git-fixes).
- iio: adc: ina2xx: avoid null pointer dereference on of device match (git-fixes).
- iio: adc: stx104: implement and utilize register structures (git-fixes).
- iio: adc: stx104: utilize iomap interface (git-fixes).
- iio: cros_ec: fix the allocation size for cros_ec_command (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#ped-5738).
- intel: remove unused macros (jsc#ped-5738).
- iommu/amd: add pci segment support for ivrs_ commands (git-fixes).
- iommu/amd: fix compile warning in init code (git-fixes).
- iommu/amd: fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu-v3: make default domain type of hisilicon ptt device to identity (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: initialize dart_streams_enable (git-fixes).
- iommu/dma: fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: add a quirk to allow pgtable pa up to 35bit (git-fixes).
- iommu/iova: fix module config properly (git-fixes).
- iommu/omap: fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/sun50i: consider all fault sources for reset (git-fixes).
- iommu/sun50i: fix flush size (git-fixes).
- iommu/sun50i: fix r/w permission check (git-fixes).
- iommu/sun50i: fix reset release (git-fixes).
- iommu/sun50i: implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: remove iommu_domain_identity (git-fixes).
- iommu/vt-d: add rpls to quirk list to skip te disabling (git-fixes).
- iommu/vt-d: check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: correctly calculate sagaw value of iommu (git-fixes).
- iommu/vt-d: fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: fix pci device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: fix pci device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: preset access bit for iova in fl non-leaf paging entries (git-fixes).
- iommu/vt-d: set sre bit only when hardware has srs cap (git-fixes).
- ipmi:ssif: add check for kstrdup (git-fixes).
- ipmi:ssif: fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: ignore newly added srso mitigation functions
- kabi: allow extra bugsints (bsc#1213927).
- kbuild: add -wno-shift-negative-value where -wextra is used (bsc#1214756).
- kbuild: move to -std=gnu11 (bsc#1214756).
- kernel-binary: common dependencies cleanup common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: drop code for kerntypes support kerntypes was a suse-specific feature dropped before sle 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- kvm: s390: fix sthyi error handling (git-fixes bsc#1214370).
- leds: fix bug_on check for led_color_id_multi that is always false (git-fixes).
- leds: multicolor: use rounded division when calculating color components (git-fixes).
- leds: pwm: fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: do not use led_on/off constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order max_order (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: remove redundant if statement (git-fixes).
- media: i2c: ccs: check rules is non-null (git-fixes).
- media: i2c: rdacm21: fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: fix ov2680_bayer_order() (git-fixes).
- media: ov2680: fix ov2680_set_fmt() which == v4l2_subdev_format_try not working (git-fixes).
- media: ov2680: fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: fix vflip / hflip set functions (git-fixes).
- media: ov2680: remove video_v4l2_subdev_api ifdef-s (git-fixes).
- media: ov5640: enable mipi interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for h.264 (git-fixes).
- media: v4l2-core: fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: only consider sys_idle_indicator on v1 (git-fixes).
- media: venus: hfi_venus: write to vidc_ctrl_init after unmasking interrupts (git-fixes).
- misc: rtsx: judge aspm mode to set petxcfg reg (git-fixes).
- mkspec: allow unsupported kmps (bsc#1214386)
- mlxsw: pci: add shutdown method in pci driver (git-fixes).
- mmc: block: fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- move upstreamed hid patch into sorted section
- move upstreamed powerpc patches into sorted section
- mtd: rawnand: brcmnand: fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: check bus width while setting qe bit (git-fixes).
- mtd: spinand: toshiba: fix ecc_get_status (git-fixes).
- n_tty: rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: stop leaking skb's (git-fixes).
- net: mana: fix mana vf unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for ar8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix irq-based wake-on-lan over hibernate / power off (git-fixes).
- net: usb: lan78xx: reorder cleanup operations to avoid uaf bugs (git-fixes).
- net: usbnet: fix warning in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nilfs2: fix warning in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: fix srso mess (git-fixes).
- objtool/x86: fixup frame-pointer vs rethunk (git-fixes).
- objtool: union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: drop 2.6 kernels. 2.6 based kernels are eol, upgrading from them is no longer suported.
- pci/aspm: avoid link retraining race (git-fixes).
- pci/aspm: factor out pcie_wait_for_retrain() (git-fixes).
- pci/aspm: return 0 or -etimedout from pcie_retrain_link() (git-fixes).
- pci: acpiphp: reassign resources on bridge if necessary (git-fixes).
- pci: acpiphp: use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- pci: mark nvidia t4 gpus to avoid bus reset (git-fixes).
- pci: meson: remove cast between incompatible function type (git-fixes).
- pci: microchip: correct the ded and sec interrupt bit offsets (git-fixes).
- pci: microchip: remove cast between incompatible function type (git-fixes).
- pci: pciehp: use rmw accessors for changing lnkctl (git-fixes).
- pci: rockchip: remove writes to unused registers (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (git-fixes).
- pci: tegra194: fix possible array out of bounds access (git-fixes).
- pcmcia: rsrc_nonstatic: fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- phy: qcom-snps: use dev_err_probe() to simplify code (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: fix reference leak (git-fixes).
- pm / devfreq: fix leak in devfreq_dev_release() (git-fixes).
- powerpc/64e: fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to dma_mapping_error (bsc#1212091 ltc#199106).
- powerpc/iommu: fix iommu_table_in_use for a small default dma window case (bsc#1212091 ltc#199106).
- powerpc/iommu: incorrect ddw table is referenced for sr-iov device (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/iommu: tces are incorrectly manipulated with dlpar add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: allow ddw windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: create huge dma window if no mmio32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: find existing ddw with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: make use of ddw for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: honour current smt state when dlpar onlining cpus (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: initialise cpu hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with mmu enabled (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: fix speculation_store_bypass reporting on power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: add hotplug_smt support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). update config files.
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc: move dma64_propname define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: check start of empty przs during init (git-fixes).
- pwm: add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: fix handling of period/duty if greater than uint_max (git-fixes).
- pwm: meson: simplify duplicated per-channel tracking (git-fixes).
- qed: fix scheduling in a tasklet while getting stats (git-fixes).
- rdma/bnxt_re: fix error handling in probe failure path (git-fixes)
- rdma/bnxt_re: fix max_qp count for virtual functions (git-fixes)
- rdma/efa: fix wrong resources deallocation order (git-fixes)
- rdma/hns: fix cq and qp cache affinity (git-fixes)
- rdma/hns: fix incorrect post-send with direct wqe of wr-list (git-fixes)
- rdma/hns: fix port active speed (git-fixes)
- rdma/irdma: prevent zero-length stag registration (git-fixes)
- rdma/irdma: replace one-element array with flexible-array member (git-fixes)
- rdma/mlx5: return the firmware result upon destroying qp/rq (git-fixes)
- rdma/qedr: remove a duplicate assignment in irdma_query_ah() (git-fixes)
- rdma/siw: balance the reference of cep->kref in the error path (git-fixes)
- rdma/siw: correct wrong debug message (git-fixes)
- rdma/umem: set iova in odp flow (git-fixes)
- readme.branch: add miroslav franc as a sle15-sp4 co-maintainer.
- regmap: rbtree: use alloc_flags for memory allocations (git-fixes).
- revert 'ib/isert: fix incorrect release of isert connection' (git-fixes)
- revert 'tracing: add '(fault)' name injection to kernel probes' (git-fixes).
- ring-buffer: do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: fix wrong stat of cpu_buffer->read (git-fixes).
- rpmsg: glink: add check for kstrdup (git-fixes).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- sched/fair: fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for psi trigger polling (bsc#1209799).
- scsi: bsg: increase number of devices (bsc#1210048).
- scsi: core: do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: rdma/srp: fix residual handling (git-fixes)
- scsi: sg: increase number of devices (bsc#1210048).
- scsi: storvsc: always set no_report_opcodes (git-fixes).
- scsi: storvsc: fix handling of virtual fibre channel timeouts (git-fixes).
- scsi: storvsc: handle srb status value 0x30 (git-fixes).
- scsi: storvsc: limit max_sectors for virtual fibre channel devices (git-fixes).
- scsi: zfcp: defer fc_rport blocking until after adisc response (git-fixes bsc#1214371).
- selftests/futex: order calls to futex_lock_pi (git-fixes).
- selftests/harness: actually report skip for signal tests (git-fixes).
- selftests/resctrl: close perf value read fd on errors (git-fixes).
- selftests/resctrl: do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: unmount resctrl fs if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: ethtool: skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: skip when using veth pairs (git-fixes).
- selftests: forwarding: skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: switch off timeout (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_actions: use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_flower: relax success criterion (git-fixes).
- selftests: mirror_gre_changes: tighten up the ttl test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting gpio direction (git-fixes).
- serial: sprd: assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: fix dma buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- smb3: do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set ntlmssp_version flag for negotiate not auth request (bsc#1193629).
- smb: client: fix -wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: read retimer nvm authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- tracing/histograms: add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: fix not to count error code to total length (git-fixes).
- tracing/probes: fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing: fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the uaf caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add i.mxrt1050 support (git-fixes).
- tty: serial: fsl_lpuart: clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce rx watermark to 0 on ls1028a (git-fixes).
- ubifs: fix memleak when insert_old_idx() failed (git-fixes).
- update cpufreq-intel_pstate-fix-cpu-pstate.turbo_freq-initi (git-fixes bsc#1212526 bsc#1214368 jsc#ped-4927 jsc#ped-4929).
- usb-storage: alauda: fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing usb phy dpdm wakeup setting (git-fixes).
- usb: chipidea: imx: do not request qos for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: fix typos in gadget.c (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: dwc3: properly handle processing of pending events (git-fixes).
- usb: gadget: f_mass_storage: fix unused variable warning (git-fixes).
- usb: gadget: fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: u_serial: avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for focusrite scarlett (git-fixes).
- usb: serial: option: add quectel ec200a module support (git-fixes).
- usb: serial: option: support quectel em060k_128 (git-fixes).
- usb: serial: simple: add kaufmann rks+can vcp (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: fix response to vsafe0v event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: add id for a-300/b-500/c-700 (git-fixes).
- watchdog: sp5100_tco: support hygon fch/sch (server controller hub) (git-fixes).
- wifi: ath10k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath11k: use rmw accessors for changing lnkctl (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect wmi command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use is_err() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for ap_vlan (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 ghz on first phy of mt7615d (dbdc) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: testmode: add nla_policy for mt76_tm_attr_tx_length (git-fixes).
- wifi: mwifiex: avoid possible null skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in pcie buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: mwifiex: fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: fix oob and integer underflow when rx packets (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for bss color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/alternative: make custom return thunk unconditional (git-fixes).
- x86/cpu/amd: disable xsaves on amd family 0x17 (git-fixes).
- x86/cpu/kvm: provide untrain_ret_vm (git-fixes).
- x86/cpu: clean up srso return thunk mess (git-fixes).
- x86/cpu: cleanup the untrain mess (git-fixes).
- x86/cpu: fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: rename original retbleed methods (git-fixes).
- x86/cpu: rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/mce: make sure logged mces are processed after sysfs update (git-fixes).
- x86/retpoline,kprobes: fix position of thunk sections with config_lto_clang (git-fixes).
- x86/retpoline,kprobes: skip optprobe check for indirect jumps with retpolines and ibt (git-fixes).
- x86/retpoline: do not clobber rflags during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: add cpu_show_gds() prototype (git-fixes).
- x86/speculation: mark all skylake cpus as vulnerable to gds (git-fixes).
- x86/srso: correct the mitigation status when smt is disabled (git-fixes).
- x86/srso: disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: explain the untraining sequences a bit more (git-fixes).
- x86/srso: fix build breakage with the llvm linker (git-fixes).
- x86/srso: fix return thunks in generated code (git-fixes).
- x86/static_call: fix __static_call_fixup() (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1205462SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1212091SUSE bug 1212142SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:suse:sle-micro:5.4Security update for conmon (Important)SUSE Linux Enterprise Micro 5.4
This update for conmon fixes the following issues:
conmon was rebuilt using go1.21 (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
ImportantSUSE bug 1215888SUSE bug 1215889CVE-2023-38545 at SUSECVE-2023-38545 at NVDCVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2023-3180: Fixed a buffer overflow in the virtio-crypto device
(bsc#1213925).
- CVE-2021-3750: Fixed a DMA reentrancy in the USB EHCI device that
could lead to use-after-free (bsc#1190011).
- CVE-2021-3638: Fixed a buffer overflow in the ati-vga device
(bsc#1188609).
- CVE-2023-3354: Fixed an issue when performing a TLS handshake that
could lead to remote denial of service via VNC connection
(bsc#1212850).
- CVE-2023-0330: Fixed a DMA reentrancy issue in the lsi53c895a device
that could lead to a stack overflow (bsc#1207205).
Non-security fixes:
- Fixed a potential build issue in the librm subcomponent
(bsc#1215311).
- Fixed a potential crash during VM migration (bsc#1213663).
- Fixed potential issues during installation on a Xen host
(bsc#1179993, bsc#1181740).
ImportantSUSE bug 1179993SUSE bug 1181740SUSE bug 1188609SUSE bug 1190011SUSE bug 1207205SUSE bug 1212850SUSE bug 1213663SUSE bug 1213925SUSE bug 1215311CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2021-3750 at SUSECVE-2021-3750 at NVDCVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:suse:sle-micro:5.4Security update for samba (Important)SUSE Linux Enterprise Micro 5.4
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
ImportantSUSE bug 1213940SUSE bug 1215904SUSE bug 1215905SUSE bug 1215908CVE-2023-4091 at SUSECVE-2023-4091 at NVDCVE-2023-4154 at SUSECVE-2023-4154 at NVDCVE-2023-42669 at SUSECVE-2023-42669 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pNFS: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1202845SUSE bug 1213808SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214988SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Important)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-4563: Fixed an use-after-free flaw in the nftables sub-component. This vulnerability could allow a local attacker to crash the system or lead to a kernel information leak problem. (bsc#1214727)
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1202845SUSE bug 1213808SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214988SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:suse:sle-micro:5.4Security update for cni (Important)SUSE Linux Enterprise Micro 5.4
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.4Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.4
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.4Security update for suse-module-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for suse-module-tools fixes the following issues:
- Updated to version 15.4.18:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
ImportantSUSE bug 1205767SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)
ImportantSUSE bug 1201300SUSE bug 1215935SUSE bug 1215936CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDcpe:/o:suse:sle-micro:5.4Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.4
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163)
- CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853)
ImportantSUSE bug 1213853SUSE bug 1216163CVE-2023-3817 at SUSECVE-2023-3817 at NVDCVE-2023-5363 at SUSECVE-2023-5363 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:sle-micro:5.4Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.4
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:sle-micro:5.4Security update for zchunk (Important)SUSE Linux Enterprise Micro 5.4
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
ImportantSUSE bug 1216268CVE-2023-46228 at SUSECVE-2023-46228 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Fix metadata references
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
- Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
ImportantSUSE bug 1211307SUSE bug 1212423SUSE bug 1213772SUSE bug 1215955SUSE bug 1216062SUSE bug 1216512CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
kubevirt is rebuilt against the current GO security release.
- Set cache mode on hotplugged disks
- Delete VMI prior to NFS server pod in tests
Importantcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
ModerateSUSE bug 1212535SUSE bug 1212881SUSE bug 1212883SUSE bug 1212888SUSE bug 1213273SUSE bug 1213274SUSE bug 1213589SUSE bug 1213590SUSE bug 1214574CVE-2020-18768 at SUSECVE-2020-18768 at NVDCVE-2023-25433 at SUSECVE-2023-25433 at NVDCVE-2023-26966 at SUSECVE-2023-26966 at NVDCVE-2023-2908 at SUSECVE-2023-2908 at NVDCVE-2023-3316 at SUSECVE-2023-3316 at NVDCVE-2023-3576 at SUSECVE-2023-3576 at NVDCVE-2023-3618 at SUSECVE-2023-3618 at NVDCVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-38289 at SUSECVE-2023-38289 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
ImportantSUSE bug 1208788SUSE bug 1210778SUSE bug 1211307SUSE bug 1212423SUSE bug 1212649SUSE bug 1213705SUSE bug 1213772SUSE bug 1214842SUSE bug 1215095SUSE bug 1215104SUSE bug 1215518SUSE bug 1215955SUSE bug 1215956SUSE bug 1215957SUSE bug 1215986SUSE bug 1216062SUSE bug 1216345SUSE bug 1216510SUSE bug 1216511SUSE bug 1216512SUSE bug 1216621CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.4
This update for containerized-data-importer fixes the following issue:
- rebuild with current go compiler
Importantcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Moderate)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security issues fixed:
- CVE-2023-31022: Fixed NULL ptr deref in kernel module layer
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 535.129.03
Changes in nvidia-open-driver-G06-signed:
- Update to version 535.129.03
ModerateSUSE bug 1216826CVE-2023-31022 at SUSECVE-2023-31022 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747).
- CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746).
- CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748).
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1215145SUSE bug 1215474SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748SUSE bug 1216654SUSE bug 1216807CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDCVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947).
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
ModerateSUSE bug 1215947SUSE bug 1216419CVE-2023-38470 at SUSECVE-2023-38470 at NVDCVE-2023-38473 at SUSECVE-2023-38473 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-setuptools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:suse:sle-micro:5.4Security update for fdo-client (Moderate)SUSE Linux Enterprise Micro 5.4
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
ModerateSUSE bug 1216293cpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: Integer Overflow in :history command (bsc#1216696)
ImportantSUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:suse:sle-micro:5.4Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.4
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:sle-micro:5.4Security update for traceroute (Moderate)SUSE Linux Enterprise Micro 5.4
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
ModerateSUSE bug 1216591CVE-2023-46316 at SUSECVE-2023-46316 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
ModerateSUSE bug 1217653CVE-2023-45539 at SUSECVE-2023-45539 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
Bug fixes:
- The default /etc/ssl/openssl3.cnf file will include any configuration files that
other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/.
- Create the two new necessary directores for the above. [bsc#1194187, bsc#1207472]
ImportantSUSE bug 1194187SUSE bug 1207472SUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
ModerateSUSE bug 1217573SUSE bug 1217574CVE-2023-46218 at SUSECVE-2023-46218 at NVDCVE-2023-46219 at SUSECVE-2023-46219 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:sle-micro:5.4Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.4
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:suse:sle-micro:5.4Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.4
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
This update rebuilds containerized-data-importer and its containers against updated
GO and updated base images.
Importantcpe:/o:suse:sle-micro:5.4Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container (Important)SUSE Linux Enterprise Micro 5.4
This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container fixes the following issues:
Kubevirt is rebuilt against updated dependencies to fix security issues.
Importantcpe:/o:suse:sle-micro:5.4Security update for catatonit, containerd, runc (Important)SUSE Linux Enterprise Micro 5.4
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Disable Loongson drivers Loongson is a mips architecture, it does not make sense to build Loongson drivers on other architectures.
- Documentation: networking: correct possessive 'its' (bsc#1215458).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- Ensure ia32_emulation is always enabled for kernel-obs-build If ia32_emulation is disabled by default, ensure it is enabled back for OBS kernel to allow building 32bit binaries (jsc#PED-3184) [ms: Always pass the parameter, no need to grep through the config which may not be very reliable]
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) The rxrpc module is built since SLE15-SP3 but it is not shipped as part of any SLE product, only in Leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed Requires(pre) adds dependency for the specific sciptlet. However, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. Add plain Requires as well.
- kernel-source: Move provides after sources
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1189998SUSE bug 1210447SUSE bug 1214286SUSE bug 1214976SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216584SUSE bug 1216693SUSE bug 1216759SUSE bug 1216761SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217124SUSE bug 1217140SUSE bug 1217195SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1210447SUSE bug 1214286SUSE bug 1214976SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216584SUSE bug 1216693SUSE bug 1216759SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217124SUSE bug 1217140SUSE bug 1217195SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-cryptography (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Important)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
ImportantSUSE bug 1199483SUSE bug 1210231SUSE bug 1211478SUSE bug 1212398SUSE bug 1214680CVE-2022-1622 at SUSECVE-2022-1622 at NVDCVE-2022-40090 at SUSECVE-2022-40090 at NVDCVE-2023-1916 at SUSECVE-2023-1916 at NVDCVE-2023-26965 at SUSECVE-2023-26965 at NVDCVE-2023-2731 at SUSECVE-2023-2731 at NVDcpe:/o:suse:sle-micro:5.4Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).
ModerateSUSE bug 1216853CVE-2023-38472 at SUSECVE-2023-38472 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Important)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker, rootlesskit (Important)SUSE Linux Enterprise Micro 5.4
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:suse:sle-micro:5.4Security update for ppp (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ModerateSUSE bug 1218251CVE-2022-4603 at SUSECVE-2022-4603 at NVDcpe:/o:suse:sle-micro:5.4Security update for jbigkit (Low)SUSE Linux Enterprise Micro 5.4
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
ModerateSUSE bug 1217277CVE-2023-5981 at SUSECVE-2023-5981 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881)
ModerateSUSE bug 1204425SUSE bug 1208881CVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption due to invalidly changed immutable object (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Docker was updated to 20.10.23-ce.
See upstream changelog at https://docs.docker.com/engine/release-notes/#201023
Docker was updated to 20.10.21-ce (bsc#1206065)
See upstream changelog at https://docs.docker.com/engine/release-notes/#201021
Security issues fixed:
- CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375)
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
ModerateSUSE bug 1205375SUSE bug 1206065CVE-2022-36109 at SUSECVE-2022-36109 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
ImportantSUSE bug 1203355SUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
- CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207).
ModerateSUSE bug 1180207SUSE bug 1185000CVE-2020-14394 at SUSECVE-2020-14394 at NVDCVE-2021-3507 at SUSECVE-2021-3507 at NVDcpe:/o:suse:sle-micro:5.4Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.4
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
ModerateSUSE bug 1209282cpe:/o:suse:sle-micro:5.4Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
ImportantSUSE bug 1220770SUSE bug 1220771CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
ModerateSUSE bug 1216594SUSE bug 1216598CVE-2023-38469 at SUSECVE-2023-38469 at NVDCVE-2023-38471 at SUSECVE-2023-38471 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.4Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libvirt fixes the following issues:
- CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815)
The following non-security bug was fixed:
- Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() (bsc#1221749).
ModerateSUSE bug 1221749SUSE bug 1221815CVE-2024-2494 at SUSECVE-2024-2494 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
ModerateSUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
ImportantSUSE bug 1219559SUSE bug 1221289CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-28757 at SUSECVE-2024-28757 at NVDcpe:/o:suse:sle-micro:5.4Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:suse:sle-micro:5.4Security update for c-ares (Moderate)SUSE Linux Enterprise Micro 5.4
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:suse:sle-micro:5.4Security update for buildah (Important)SUSE Linux Enterprise Micro 5.4
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
ImportantSUSE bug 1219563SUSE bug 1220568SUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:suse:sle-micro:5.4Security update for util-linux (Important)SUSE Linux Enterprise Micro 5.4
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1207987SUSE bug 1220117SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:suse:sle-micro:5.4Security update for less (Important)SUSE Linux Enterprise Micro 5.4
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.16.6 (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
- CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747)
Other fixes:
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread (bsc#1221242)
ModerateSUSE bug 1221242SUSE bug 1221746SUSE bug 1221747CVE-2024-28834 at SUSECVE-2024-28834 at NVDCVE-2024-28835 at SUSECVE-2024-28835 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Build in the correct KOTD repository with multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184) With multibuild setting repository flags is no longer supported for individual spec files - see https://github.com/openSUSE/open-build-service/issues/3574 Add ExclusiveArch conditional that depends on a macro set up by bs-upload-kernel instead. With that each package should build only in one repository - either standard or QA. Note: bs-upload-kernel does not interpret rpm conditionals, and only uses the first ExclusiveArch line to determine the architectures to enable.
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584, jsc#PED-3459).
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- libceph: use kernel_connect() (bsc#1217981).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1193285SUSE bug 1211162SUSE bug 1211226SUSE bug 1212584SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218139SUSE bug 1218184SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218447SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218659CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- group-source-files.pl: Quote filenames (boo#1221077).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
ImportantSUSE bug 1212514SUSE bug 1220237SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220790SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220885SUSE bug 1220898SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221048SUSE bug 1221055SUSE bug 1221058SUSE bug 1221077SUSE bug 1221276SUSE bug 1221551SUSE bug 1221553SUSE bug 1221725SUSE bug 1222073SUSE bug 1222619CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
ImportantSUSE bug 1200599SUSE bug 1209635SUSE bug 1212514SUSE bug 1213456SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220790SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220885SUSE bug 1220898SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221048SUSE bug 1221055SUSE bug 1221058SUSE bug 1221077SUSE bug 1221276SUSE bug 1221551SUSE bug 1221553SUSE bug 1221725SUSE bug 1222073SUSE bug 1222619CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:suse:sle-micro:5.4Security update for shim (Important)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134)
- CVE-2024-3446: Fixed DM reentrancy issue that could lead to double free vulnerability (bsc#1222843)
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
ImportantSUSE bug 1213269SUSE bug 1218889SUSE bug 1220134SUSE bug 1222843SUSE bug 1222845CVE-2023-3019 at SUSECVE-2023-3019 at NVDCVE-2023-6683 at SUSECVE-2023-6683 at NVDCVE-2024-24474 at SUSECVE-2024-24474 at NVDCVE-2024-3446 at SUSECVE-2024-3446 at NVDCVE-2024-3447 at SUSECVE-2024-3447 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
ImportantSUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:suse:sle-micro:5.4Security update for cockpit-wicked (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cockpit-wicked fixes the following issues:
- CVE-2023-26364: Fixed denial of service due to improper input validation during CSS parsing (bsc#1217325)
Other fixes:
- Upgrade to version 4.5
ModerateSUSE bug 1217325CVE-2023-26364 at SUSECVE-2023-26364 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-idna (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:suse:sle-micro:5.4Security update for rpm (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
ModerateSUSE bug 1189495SUSE bug 1191175SUSE bug 1218686CVE-2021-3521 at SUSECVE-2021-3521 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- KVM: s390/mm: Properly reset no-dat (bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (bsc#1217933).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NLM: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- Updated SPI patches for NVIDIA Grace enablement (bsc#1212584 jsc#PED-3459)
- block: fix revalidate performance regression (bsc#1216057).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- libceph: use kernel_connect() (bsc#1217981).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- s390/vx: fix save/restore of fpu kernel context (bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (bsc#1217036).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1193285SUSE bug 1211162SUSE bug 1211226SUSE bug 1212584SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218139SUSE bug 1218184SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218447SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218659CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.4Security update for sssd (Important)SUSE Linux Enterprise Micro 5.4
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:suse:sle-micro:5.4Security update for less (Important)SUSE Linux Enterprise Micro 5.4
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:suse:sle-micro:5.4Security update for tpm2-0-tss (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tpm2-0-tss fixes the following issues:
- CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).
ModerateSUSE bug 1223690CVE-2024-29040 at SUSECVE-2024-29040 at NVDcpe:/o:suse:sle-micro:5.4Security update for tpm2.0-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tpm2.0-tools fixes the following issues:
- CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687).
- CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689).
ModerateSUSE bug 1223687SUSE bug 1223689CVE-2024-29038 at SUSECVE-2024-29038 at NVDCVE-2024-29039 at SUSECVE-2024-29039 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for google-cloud SDK (Moderate)SUSE Linux Enterprise Micro 5.4
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-26816: Ignore relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
ImportantSUSE bug 1192145SUSE bug 1209657SUSE bug 1215221SUSE bug 1216223SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220703SUSE bug 1220761SUSE bug 1220883SUSE bug 1221044SUSE bug 1221061SUSE bug 1221088SUSE bug 1221293SUSE bug 1221299SUSE bug 1221612SUSE bug 1221725SUSE bug 1221830SUSE bug 1222117SUSE bug 1222422SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222503SUSE bug 1222536SUSE bug 1222559SUSE bug 1222585SUSE bug 1222618SUSE bug 1222624SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1223016SUSE bug 1223187SUSE bug 1223380SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223479SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223522SUSE bug 1223523SUSE bug 1223705SUSE bug 1223824CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2023-52607: Fixed NULL pointer dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
The following non-security bugs were fixed:
- Call flush_delayed_fput() from nfsd main-loop (bsc#1223380).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1192354SUSE bug 1192837SUSE bug 1193629SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1206881SUSE bug 1209657SUSE bug 1215221SUSE bug 1216223SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220703SUSE bug 1220761SUSE bug 1220883SUSE bug 1221044SUSE bug 1221061SUSE bug 1221088SUSE bug 1221293SUSE bug 1221299SUSE bug 1221612SUSE bug 1221830SUSE bug 1222117SUSE bug 1222422SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222503SUSE bug 1222536SUSE bug 1222559SUSE bug 1222585SUSE bug 1222618SUSE bug 1222624SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1223016SUSE bug 1223187SUSE bug 1223380SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223479SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223522SUSE bug 1223523SUSE bug 1223705SUSE bug 1223824CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.4Security update for cairo (Low)SUSE Linux Enterprise Micro 5.4
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
LowSUSE bug 1122321CVE-2019-6462 at SUSECVE-2019-6462 at NVDcpe:/o:suse:sle-micro:5.4Security update for perl (Important)SUSE Linux Enterprise Micro 5.4
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
ImportantSUSE bug 1224806CVE-2024-4453 at SUSECVE-2024-4453 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
- CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388).
ModerateSUSE bug 1222548SUSE bug 1224388CVE-2024-2511 at SUSECVE-2024-2511 at NVDCVE-2024-4603 at SUSECVE-2024-4603 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
ImportantSUSE bug 1223179SUSE bug 1225365CVE-2024-35235 at SUSECVE-2024-35235 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
ImportantSUSE bug 1223356CVE-2024-0090 at SUSECVE-2024-0090 at NVDCVE-2024-0091 at SUSECVE-2024-0091 at NVDCVE-2024-0092 at SUSECVE-2024-0092 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- supported.conf: support tcp_dctcp module (jsc#PED-8111)
ImportantSUSE bug 1065729SUSE bug 1174585SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1211592SUSE bug 1213863SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1218917SUSE bug 1220492SUSE bug 1220783SUSE bug 1221044SUSE bug 1221645SUSE bug 1221958SUSE bug 1222011SUSE bug 1222619SUSE bug 1222721SUSE bug 1222976SUSE bug 1223057SUSE bug 1223084SUSE bug 1223111SUSE bug 1223138SUSE bug 1223191SUSE bug 1223384SUSE bug 1223390SUSE bug 1223481SUSE bug 1223501SUSE bug 1223512SUSE bug 1223520SUSE bug 1223532SUSE bug 1223626SUSE bug 1223715SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224085SUSE bug 1224099SUSE bug 1224137SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224488SUSE bug 1224494SUSE bug 1224511SUSE bug 1224592SUSE bug 1224611SUSE bug 1224664SUSE bug 1224678SUSE bug 1224682SUSE bug 1224685SUSE bug 1224730SUSE bug 1224736SUSE bug 1224763SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224931SUSE bug 1224932SUSE bug 1224937SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225044SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225482SUSE bug 1225483SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225508SUSE bug 1225510SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225595SUSE bug 1225599CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
ModerateSUSE bug 1212233CVE-2023-3164 at SUSECVE-2023-3164 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Important)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
ImportantSUSE bug 1218300SUSE bug 1218301CVE-2023-50229 at SUSECVE-2023-50229 at NVDCVE-2023-50230 at SUSECVE-2023-50230 at NVDcpe:/o:suse:sle-micro:5.4Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.4
This update for gdk-pixbuf fixes the following issues:
gdk-pixbuf was updated to version 2.42.12:
- Security issues fixed:
* CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276)
- Changes in version 2.42.12:
+ ani: Reject files with multiple INA or IART chunks,
+ ani: validate chunk size,
+ Updated translations.
- Enable other image loaders such as xpm and xbm (bsc#1223903)
- Changes in version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Changes in version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Fixed loading of larger images
- Avoid Bash specific syntax in baselibs postscript (bsc#1195391)
ImportantSUSE bug 1195391SUSE bug 1219276SUSE bug 1223903CVE-2022-48622 at SUSECVE-2022-48622 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.4Security update for libarchive (Important)SUSE Linux Enterprise Micro 5.4
This update for libarchive fixes the following issues:
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971).
ImportantSUSE bug 1225971CVE-2024-20696 at SUSECVE-2024-20696 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
The following non-security bugs were fixed:
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- filemap: remove use of wait bookmarks (bsc#1224085).
- idpf: extend tx watchdog timeout (bsc#1224137).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
ImportantSUSE bug 1065729SUSE bug 1174585SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1210335SUSE bug 1211592SUSE bug 1213863SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1218917SUSE bug 1220492SUSE bug 1220783SUSE bug 1221044SUSE bug 1221645SUSE bug 1221958SUSE bug 1222011SUSE bug 1222559SUSE bug 1222619SUSE bug 1222721SUSE bug 1222976SUSE bug 1223057SUSE bug 1223084SUSE bug 1223111SUSE bug 1223138SUSE bug 1223191SUSE bug 1223384SUSE bug 1223390SUSE bug 1223481SUSE bug 1223501SUSE bug 1223505SUSE bug 1223512SUSE bug 1223520SUSE bug 1223532SUSE bug 1223626SUSE bug 1223715SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224085SUSE bug 1224099SUSE bug 1224137SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224488SUSE bug 1224494SUSE bug 1224511SUSE bug 1224592SUSE bug 1224611SUSE bug 1224664SUSE bug 1224678SUSE bug 1224682SUSE bug 1224685SUSE bug 1224730SUSE bug 1224736SUSE bug 1224763SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224931SUSE bug 1224932SUSE bug 1224937SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225044SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225508SUSE bug 1225510SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225595SUSE bug 1225599CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed a potential leak of sensitive information on
HTTP log file (bsc#1227052).
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:suse:sle-micro:5.4Security update for libndp (Important)SUSE Linux Enterprise Micro 5.4
This update for libndp fixes the following issues:
- CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771)
ImportantSUSE bug 1225771CVE-2024-5564 at SUSECVE-2024-5564 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:suse:sle-micro:5.4Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
ModerateSUSE bug 1218571CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- mkspec-dtb: add toplevel symlinks also on arm
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ImportantSUSE bug 1195775SUSE bug 1216124SUSE bug 1218148SUSE bug 1219224SUSE bug 1220492SUSE bug 1222015SUSE bug 1222254SUSE bug 1222678SUSE bug 1224020SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1225098SUSE bug 1225467SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1226270SUSE bug 1226587SUSE bug 1226595SUSE bug 1226634SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226953SUSE bug 1226962CVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDcpe:/o:suse:sle-micro:5.4Security update for oniguruma (Moderate)SUSE Linux Enterprise Micro 5.4
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075SUSE bug 1226447SUSE bug 1226448CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:suse:sle-micro:5.4Security update for cockpit (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cockpit fixes the following issues:
- CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). ModerateSUSE bug 1226040CVE-2024-6126 at SUSECVE-2024-6126 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
The following non-security bugs were fixed:
- Revert 'build initrd without systemd' (bsc#1195775)'
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212).
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270).
ImportantSUSE bug 1195775SUSE bug 1216124SUSE bug 1218148SUSE bug 1219224SUSE bug 1220492SUSE bug 1222015SUSE bug 1222254SUSE bug 1222678SUSE bug 1223384SUSE bug 1224020SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1225098SUSE bug 1225467SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1226270SUSE bug 1226587SUSE bug 1226595SUSE bug 1226634SUSE bug 1226758SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226953SUSE bug 1226962CVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
ModerateSUSE bug 1222693CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Important)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.4Security update for gtk2 (Important)SUSE Linux Enterprise Micro 5.4
This update for gtk2 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.4Security update for gtk3 (Important)SUSE Linux Enterprise Micro 5.4
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:suse:sle-micro:5.4Security update for orc (Important)SUSE Linux Enterprise Micro 5.4
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
ModerateSUSE bug 1218851CVE-2023-46839 at SUSECVE-2023-46839 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added 'Provides: nss' so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1223724SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118SUSE bug 1227918CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.4Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.4
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1209636SUSE bug 1213123SUSE bug 1215587SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1222728SUSE bug 1222809SUSE bug 1222810SUSE bug 1223635SUSE bug 1223863SUSE bug 1224495SUSE bug 1224671SUSE bug 1225573SUSE bug 1226168SUSE bug 1226226SUSE bug 1226519SUSE bug 1226537SUSE bug 1226539SUSE bug 1226550SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226580SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226614SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226650SUSE bug 1226653SUSE bug 1226662SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226705SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226762SUSE bug 1227090SUSE bug 1227383SUSE bug 1227487SUSE bug 1227549SUSE bug 1227716SUSE bug 1227750SUSE bug 1227764SUSE bug 1227808SUSE bug 1227810SUSE bug 1227823SUSE bug 1227829SUSE bug 1227836SUSE bug 1227917SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227948SUSE bug 1227949SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228114SUSE bug 1228247SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228680SUSE bug 1228743SUSE bug 1228801CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-35901: net: mana: Fix Rx DMA datasize and skb_over_panic (bsc#1224495).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
The following non-security bugs were fixed:
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1226226 bsc#1223863).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kernel-binary: vdso: Own module_dir
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1209636SUSE bug 1213123SUSE bug 1215587SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1221044SUSE bug 1222011SUSE bug 1222728SUSE bug 1222809SUSE bug 1222810SUSE bug 1223635SUSE bug 1223863SUSE bug 1224488SUSE bug 1224495SUSE bug 1224671SUSE bug 1225573SUSE bug 1225829SUSE bug 1226168SUSE bug 1226226SUSE bug 1226519SUSE bug 1226537SUSE bug 1226539SUSE bug 1226550SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226580SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226614SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226650SUSE bug 1226653SUSE bug 1226662SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226705SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226758SUSE bug 1226762SUSE bug 1226785SUSE bug 1227090SUSE bug 1227383SUSE bug 1227487SUSE bug 1227549SUSE bug 1227716SUSE bug 1227750SUSE bug 1227764SUSE bug 1227808SUSE bug 1227810SUSE bug 1227823SUSE bug 1227829SUSE bug 1227836SUSE bug 1227917SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227948SUSE bug 1227949SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228114SUSE bug 1228247SUSE bug 1228328SUSE bug 1228440SUSE bug 1228561SUSE bug 1228644SUSE bug 1228680SUSE bug 1228743SUSE bug 1228801CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:suse:sle-micro:5.4Security update for keepalived (Moderate)SUSE Linux Enterprise Micro 5.4
This update for keepalived fixes the following issues:
- CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123)
ModerateSUSE bug 1228123CVE-2024-41184 at SUSECVE-2024-41184 at NVDcpe:/o:suse:sle-micro:5.4Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.4
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
ModerateSUSE bug 1229465CVE-2024-6119 at SUSECVE-2024-6119 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)
ModerateSUSE bug 1228924CVE-2024-7006 at SUSECVE-2024-7006 at NVDcpe:/o:suse:sle-micro:5.4Security update for buildah, docker (Critical)SUSE Linux Enterprise Micro 5.4
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.4Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for systemd fixes the following issues:
- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)
Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).
ModerateSUSE bug 1218297SUSE bug 1221479SUSE bug 1226414SUSE bug 1228091CVE-2023-7008 at SUSECVE-2023-7008 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpcap (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
ModerateSUSE bug 1230093CVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Low)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203360SUSE bug 1206006SUSE bug 1206258SUSE bug 1207158SUSE bug 1216834SUSE bug 1221326SUSE bug 1221645SUSE bug 1223191SUSE bug 1224105SUSE bug 1227832SUSE bug 1228020SUSE bug 1228466SUSE bug 1228516SUSE bug 1228576SUSE bug 1228718SUSE bug 1228801SUSE bug 1228959SUSE bug 1229042SUSE bug 1229292SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229522SUSE bug 1229526SUSE bug 1229528SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229554SUSE bug 1229557SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229581SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229617SUSE bug 1229619SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229664SUSE bug 1229707SUSE bug 1229792CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-dnspython fixes the following issue:
- Fix CVE-2023-29483 (bsc#1230353).
ModerateSUSE bug 1230353CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
ImportantSUSE bug 1227322SUSE bug 1230363CVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-45003: Don't evict inode under the inode lru traversing context. (bsc#1230245)
The following non-security bugs were fixed:
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'. (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage'. (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'. (bsc#1230413)
ImportantSUSE bug 1230245SUSE bug 1230413CVE-2024-45003 at SUSECVE-2024-45003 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203360SUSE bug 1206006SUSE bug 1206258SUSE bug 1207158SUSE bug 1216834SUSE bug 1221326SUSE bug 1221645SUSE bug 1223191SUSE bug 1224105SUSE bug 1227832SUSE bug 1228020SUSE bug 1228114SUSE bug 1228466SUSE bug 1228489SUSE bug 1228516SUSE bug 1228576SUSE bug 1228718SUSE bug 1228801SUSE bug 1228959SUSE bug 1229042SUSE bug 1229292SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229522SUSE bug 1229526SUSE bug 1229528SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229554SUSE bug 1229557SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229581SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229617SUSE bug 1229619SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229664SUSE bug 1229707SUSE bug 1229792SUSE bug 1230245SUSE bug 1230413CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355)
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ImportantSUSE bug 1222453SUSE bug 1227355SUSE bug 1228574SUSE bug 1228575SUSE bug 1230366CVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDCVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDCVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:suse:sle-micro:5.4Security update for opensc (Low)SUSE Linux Enterprise Micro 5.4
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596SUSE bug 1230227CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
ImportantSUSE bug 1230698CVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:suse:sle-micro:5.4Security update for Mesa (Moderate)SUSE Linux Enterprise Micro 5.4
This update for Mesa fixes the following issues:
- CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041).
- CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040).
- CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#CVE-2023-45922).
ModerateSUSE bug 1222040SUSE bug 1222041SUSE bug 1222042CVE-2023-45913 at SUSECVE-2023-45913 at NVDCVE-2023-45919 at SUSECVE-2023-45919 at NVDCVE-2023-45922 at SUSECVE-2023-45922 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
ImportantSUSE bug 1216223SUSE bug 1223600SUSE bug 1223958SUSE bug 1225272SUSE bug 1227487SUSE bug 1228466SUSE bug 1229407SUSE bug 1229633SUSE bug 1229662SUSE bug 1229947SUSE bug 1230015SUSE bug 1230398SUSE bug 1230434SUSE bug 1230507SUSE bug 1230767SUSE bug 1231016CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
The following non-security bugs were fixed:
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272 bsc#1231016).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: smartpqi: Expose SAS address for SATA drives (bsc#1223958).
ImportantSUSE bug 1216223SUSE bug 1223600SUSE bug 1223958SUSE bug 1225272SUSE bug 1227487SUSE bug 1229407SUSE bug 1229633SUSE bug 1229662SUSE bug 1229947SUSE bug 1230015SUSE bug 1230398SUSE bug 1230434SUSE bug 1230507SUSE bug 1230767SUSE bug 1231016CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
ImportantSUSE bug 1230778CVE-2024-7254 at SUSECVE-2024-7254 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
- CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)
ImportantSUSE bug 1220262SUSE bug 1230698CVE-2023-50782 at SUSECVE-2023-50782 at NVDCVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
ModerateSUSE bug 1232528CVE-2024-9681 at SUSECVE-2024-9681 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216223SUSE bug 1216813SUSE bug 1218562SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226666SUSE bug 1228743SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1230429SUSE bug 1230442SUSE bug 1230454SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230903SUSE bug 1231016SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231929SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231972SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1232001SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232097SUSE bug 1232108SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232133SUSE bug 1232136SUSE bug 1232145SUSE bug 1232150SUSE bug 1232163SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232229SUSE bug 1232237SUSE bug 1232260SUSE bug 1232262SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622).
- CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624).
Bug fixes:
- Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542).
ImportantSUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (bsc#1232036).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216223SUSE bug 1216813SUSE bug 1218562SUSE bug 1220382SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226666SUSE bug 1228743SUSE bug 1229345SUSE bug 1229452SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1230429SUSE bug 1230442SUSE bug 1230454SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230903SUSE bug 1231016SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231929SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231972SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1232001SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232097SUSE bug 1232108SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232133SUSE bug 1232136SUSE bug 1232145SUSE bug 1232150SUSE bug 1232163SUSE bug 1232165SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232224SUSE bug 1232229SUSE bug 1232237SUSE bug 1232260SUSE bug 1232262SUSE bug 1232281SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232436SUSE bug 1232519SUSE bug 1233117CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Low)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.4Security update for socat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
ModerateSUSE bug 1225462CVE-2024-54661 at SUSECVE-2024-54661 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007)
- CVE-2024-8354: Fixed assertion failure in usb_ep_get() in usb (bsc#1230834)
- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915)
ImportantSUSE bug 1229007SUSE bug 1230834SUSE bug 1230915CVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8354 at SUSECVE-2024-8354 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
ImportantSUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1222590SUSE bug 1229345SUSE bug 1229808SUSE bug 1230220SUSE bug 1231646SUSE bug 1232165SUSE bug 1232187SUSE bug 1232224SUSE bug 1232312SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233214SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233463SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557SUSE bug 1233561SUSE bug 1233977CVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
ImportantSUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1222590SUSE bug 1229808SUSE bug 1230220SUSE bug 1231646SUSE bug 1232187SUSE bug 1232312SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233214SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233463SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557SUSE bug 1233561SUSE bug 1233977CVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:suse:sle-micro:5.4Security update for installation-images (Important)SUSE Linux Enterprise Micro 5.4
This update updates installation-images and tftpboot images to contain the latest shim for secure boot.
ImportantSUSE bug 1233813cpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Important)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
ModerateSUSE bug 1226586SUSE bug 1233420CVE-2024-52616 at SUSECVE-2024-52616 at NVDcpe:/o:suse:sle-micro:5.4Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.4
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:suse:sle-micro:5.4Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.4
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kernel-source: Fix description typo
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
ImportantSUSE bug 1108281SUSE bug 1177529SUSE bug 1209834SUSE bug 1212091SUSE bug 1215885SUSE bug 1216016SUSE bug 1216702SUSE bug 1217217SUSE bug 1217670SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218689SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218929SUSE bug 1218930SUSE bug 1218968SUSE bug 1219053SUSE bug 1219120SUSE bug 1219128SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
ImportantSUSE bug 1108281SUSE bug 1177529SUSE bug 1209834SUSE bug 1212091SUSE bug 1215275SUSE bug 1215885SUSE bug 1216016SUSE bug 1216702SUSE bug 1217217SUSE bug 1217670SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218689SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218929SUSE bug 1218930SUSE bug 1218968SUSE bug 1219053SUSE bug 1219120SUSE bug 1219128SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690)
- CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. (bsc#1218810)
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1218690SUSE bug 1218810SUSE bug 1219243CVE-2023-6129 at SUSECVE-2023-6129 at NVDCVE-2023-6237 at SUSECVE-2023-6237 at NVDCVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.4Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:
* Add StdcppWaiter to the end of the list of waiter implementations
Update to 20230802.0
What's New:
* Added the nullability library for designating the expected
nullability of pointers. Currently these serve as annotations
only, but it is expected that compilers will one day be able
to use these annotations for diagnostic purposes.
* Added the prefetch library as a portable layer for moving data
into caches before it is read.
* Abseil's hash tables now detect many more programming errors
in debug and sanitizer builds.
* Abseil's synchronization objects now differentiate absolute
waits (when passed an absl::Time) from relative waits (when
passed an absl::Duration) when the underlying platform supports
differentiating these cases. This only makes a difference when
system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that
make it easier to use when another library also expects to be
able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may
use this library without depending on the much larger
@com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional<T>.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository.
See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
Update to release 1.59.2
* Fixes for CVE-2023-44487
Update to version 1.59.1:
* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).
Update to version 1.59.0:
* xds ssa: Remove environment variable protection for stateful
affinity (gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket
that still has data left in its read buffer
(gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion
timeline (gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to
fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
- replace strdup with gpr_strdup (gh#grpc/grpc#34177).
- drop ruby 2.6 support (gh#grpc/grpc#34198).
Update to release 1.58.1
* Reintroduced c-ares 1.14 or later support
Update to release 1.58
* ruby extension: remove unnecessary background thread startup
wait logic that interferes with forking
Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.
Update to release 1.56.2
* Improve server handling of file descriptor exhaustion
Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
* C++/Authz: support customizable audit functionality for
authorization policy.
Update to release 1.54.1
* Bring declarations and definitions to be in sync
Update to release 1.54 (CVE-2023-32732, bsc#1212182)
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
Update to release 1.51.1
* Only a macOS/aarch64-related change
Update to release 1.51
* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS
Update to release 1.50.0
* Core
- Derive EventEngine from std::enable_shared_from_this. (#31060)
- Revert 'Revert '[chttp2] fix stream leak with queued flow control
update and absence of writes (#30907)' (#30991)'. (#30992)
- [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907)
- Remove gpr_codegen. (#30899)
- client_channel: allow LB policy to communicate update errors to resolver. (#30809)
- FaultInjection: Fix random number generation. (#30623)
* C++
- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)
* C#
- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)
- Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411)
- Grpc.Tools document AdditionalImportDirs. (#30405)
- Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1
* All
- Update protobuf to v21.6 on 1.49.x. (#31028)
* Ruby
- Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053)
Update to release 1.49.0
* Core
- Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654)
- Bump core version. (#30588)
- Update OpenCensus to HEAD. (#30567)
- Update protobuf submodule to 3.21.5. (#30548)
- Update third_party/protobuf to 3.21.4. (#30377)
- [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
- HTTP2: Fix keepalive time throttling. (#30164)
- Use AnyInvocable in EventEngine APIs. (#30220)
* Python
- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1
* Backport EventEngine Forkables
Update to release 1.48.0
* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio
Update to release 1.46.3
* backport: xds: use federation env var to guard new-style
resource name parsing (#29725) #29727
Update to release 1.46
* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway
Update to release 1.45.2
* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when
receiving GOAWAY
Update to release 1.45.1
* Switched to epoll1 as a default polling engine for Linux
Update to version 1.45.0:
* Core:
- Backport 'Include ADS stream error in XDS error updates
(#29014)' to 1.45.x [gh#grpc/grpc#29121].
- Bump core version to 23.0.0 for upcoming release
[gh#grpc/grpc#29026].
- Fix memory leak in HTTP request security handshake
cancellation [gh#grpc/grpc#28971].
- CompositeChannelCredentials: Comparator implementation
[gh#grpc/grpc#28902].
- Delete custom iomgr [gh#grpc/grpc#28816].
- Implement transparent retries [gh#grpc/grpc#28548].
- Uniquify channel args keys [gh#grpc/grpc#28799].
- Set trailing_metadata_available for recv_initial_metadata
ops when generating a fake status [gh#grpc/grpc#28827].
- Eliminate gRPC insecure build [gh#grpc/grpc#25586].
- Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
- InsecureCredentials: singleton object [gh#grpc/grpc#28777].
- Add http cancel api [gh#grpc/grpc#28354].
- Memory leak fix on windows in grpc_tcp_create()
[gh#grpc/grpc#27457].
- xDS: Rbac filter updates [gh#grpc/grpc#28568].
* C++
- Bump the minimum gcc to 5 [gh#grpc/grpc#28786].
- Add experimental API for CRL checking support to gRPC C++
TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0
* Add a trace to list which filters are contained in a
channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.
Update to version 1.43.2:
* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).
Changes from version 1.43.0:
* Core:
- Remove redundant work serializer usage in c-ares windows
code (gh#grpc/grpc#28016).
- Support RDS updates on the server (gh#grpc/grpc#27851).
- Use WorkSerializer in XdsClient to propagate updates in a
synchronized manner (gh#grpc/grpc#27975).
- Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
- Reintroduce the EventEngine default factory
(gh#grpc/grpc#27920).
- Assert Android API >= v21 (gh#grpc/grpc#27943).
- Add support for abstract unix domain sockets
(gh#grpc/grpc#27906).
* C++:
- OpenCensus: Move metadata storage to arena
(gh#grpc/grpc#27948).
* [C#] Add nullable type attributes to Grpc.Core.Api
(gh#grpc/grpc#27887).
- Update package name libgrpc++1 to libgrpc++1_43 in keeping with
updated so number.
Update to release 1.41.0
* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider
plugin instance config.
* xDS server serving status: Use a struct to allow more fields
to be added in the future.
Update to release 1.39.1
* Fix C# protoc plugin argument parsing on 1.39.x
Update to version 1.39.0:
* Core
- Initialize tcp_posix for CFStream when needed
(gh#grpc/grpc#26530).
- Update boringssl submodule (gh#grpc/grpc#26520).
- Fix backup poller races (gh#grpc/grpc#26446).
- Use default port 443 in HTTP CONNECT request
(gh#grpc/grpc#26331).
* C++
- New iomgr implementation backed by the EventEngine API
(gh#grpc/grpc#26026).
- async_unary_call: add a Destroy method, called by
std::default_delete (gh#grpc/grpc#26389).
- De-experimentalize C++ callback API (gh#grpc/grpc#25728).
* PHP: stop reading composer.json file just to read the version
string (gh#grpc/grpc#26156).
* Ruby: Set XDS user agent in ruby via macros
(gh#grpc/grpc#26268).
Update to release 1.38.0
* Invalidate ExecCtx now before computing timeouts in all
repeating timer events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/
Update to release 1.37.1
* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify
subchannel refcounting
Update to release 1.36.4
* A fix for DNS SRV lookups on Windows
Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds
Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
* Backport 'do not use <PublicSign>true</PublicSign> on
non-windows' to 1.34.x (gh#grpc/grpc#24995).
Update to version 1.34.0:
* Core:
- Protect xds security code with the environment variable
'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT'
(gh#grpc/grpc#24782).
- Add support for 'unix-abstract:' URIs to support abstract
unix domain sockets (gh#grpc/grpc#24500).
- Increment Index when parsing not plumbed SAN fields
(gh#grpc/grpc#24601).
- Revert 'Revert 'Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS''
(gh#grpc/grpc#24518).
- xds: Set status code to INVALID_ARGUMENT when NACKing
(gh#grpc/grpc#24516).
- Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
- xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
- Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
- Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd
(gh#grpc/grpc#24362).
Update to release 1.33.2
* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.
Update to version 1.33.1
* Core
- Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).
- Expose Cronet error message to the application layer
(gh#grpc/grpc#24083).
- Remove grpc_channel_ping from surface API
(gh#grpc/grpc#23894).
- Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).
* C++
- Makefile: only support building deps from submodule
(gh#grpc/grpc#23957).
- Add new subpackages - libupb and upb-devel. Currently, grpc
sources include also upb sources. Before this change, libupb and
upb-devel used to be included in a separate package - upb.
Update to version 1.32.0:
* Core
- Remove stream from stalled lists on remove_stream
(gh#grpc/grpc#23984).
- Do not cancel RPC if send metadata size if larger than
peer's limit (gh#grpc/grpc#23806).
- Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
- Keepalive throttling (gh#grpc/grpc#23313).
- Include the target_uri in 'target uri is not valid' error
messages (gh#grpc/grpc#23782).
- Fix 'cannot send compressed message large than 1024B' in
cronet_transport (gh#grpc/grpc#23219).
- Receive SETTINGS frame on clients before declaring
subchannel READY (gh#grpc/grpc#23636).
- Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
- Experimental xDS v3 support (gh#grpc/grpc#23281).
* C++
- Upgrade bazel used for all tests to 2.2.0
(gh#grpc/grpc#23902).
- Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
- Fix repeated builds broken by re2's cmake
(gh#grpc/grpc#23587).
- Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:
- Update to version 0.3.0+git.20200721:
* Bump version to 0.3.0
* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)
- Update to version 0.2.1+git.20190826:
* Remove grpc_java dependency and java_proto rules. (#214)
* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)
- Update to version 0.2.1:
* Add grpc-gateway for metrics service. (#205)
* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert 'Start 0.3.0 development cycle (#167)' (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality. (#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should. (#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven. (#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)
- Initial version 20180523
protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
C++:
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split('/')
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
UPB (Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C:
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler:
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java:
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp:
* [C#] Replace regex that validates descriptor names
update to 22.5:
C++:
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++:
* Fix libprotoc: export useful symbols from .so
Python:
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other:
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension):
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
update to 22.2:
Java:
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip 'src' from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:
* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
update to 21.11:
* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
update to 21.10::
* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
update to 21.9:
* Ruby:
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other:
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++:
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java:
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private 'parsing
constructor' to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP:
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++:
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:
- C++:
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java:
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python:
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP:
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby:
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other:
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Update to 3.20.1:
- PHP:
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby:
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other:
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby:
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java:
- Revert 'Standardize on Array copyOf' (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin:
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python:
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
--pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add 'ensure_ascii' parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler:
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas:
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++:
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP:
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#:
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C:
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)
Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++:
* Remove the ::pb namespace (alias) (#8423)
Ruby:
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby:
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP:
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++:
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python:
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP:
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby:
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java:
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#:
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
Update to v3.14.0
Protocol Compiler:
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++:
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python:
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP:
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
Update to version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler:
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C:
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++:
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby:
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java:
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka 'cpp api v2') that
replaces the old ('cpp api v1') one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
- Release notes for 0.15.0
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
- Release notes for 0.14.1
* Top-level LICENSE file is now exported in bazel.
- Release notes for 0.14.0
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert 'Fix prefork handler register's default behavior'
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package 'xds_protos'
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
ModerateSUSE bug 1133277SUSE bug 1182659SUSE bug 1203378SUSE bug 1208794SUSE bug 1212180SUSE bug 1212182SUSE bug 1214148SUSE bug 1215334CVE-2023-32731 at SUSECVE-2023-32731 at NVDCVE-2023-32732 at SUSECVE-2023-32732 at NVDCVE-2023-33953 at SUSECVE-2023-33953 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-4785 at SUSECVE-2023-4785 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Important)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
ModerateSUSE bug 1219213CVE-2023-52356 at SUSECVE-2023-52356 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Important)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ImportantSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).
ModerateSUSE bug 1218862SUSE bug 1218865CVE-2024-0553 at SUSECVE-2024-0553 at NVDCVE-2024-0567 at SUSECVE-2024-0567 at NVDcpe:/o:suse:sle-micro:5.4Security update for tar (Low)SUSE Linux Enterprise Micro 5.4
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14
* Added vGPU Host and vGPU Guest support. For vGPU Host, please
refer to the README.vgpu packaged in the vGPU Host Package for
more details.
Security issues fixed:
* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
- create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks
also during modprobing the nvidia module; this changes the issue
of not having access to /dev/nvidia${devid}, when gfxcard has
been replaced by a different gfx card after installing the driver
- provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
* this makes it easy to replace the package from nVidia's
CUDA repository with this presigned package
ImportantSUSE bug 1220552CVE-2022-42265 at SUSECVE-2022-42265 at NVDCVE-2024-0074 at SUSECVE-2024-0074 at NVDCVE-2024-0075 at SUSECVE-2024-0075 at NVDcpe:/o:suse:sle-micro:5.4Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.4
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:suse:sle-micro:5.4Security update for vim (Important)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).
Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:suse:sle-micro:5.4Security update for sudo (Important)SUSE Linux Enterprise Micro 5.4
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
ImportantSUSE bug 1221134SUSE bug 1221151CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
The following non-security bugs were fixed:
- bpf: Fix verification of indirect var-off stack access (git-fixes).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1211515SUSE bug 1213456SUSE bug 1214064SUSE bug 1218195SUSE bug 1218216SUSE bug 1218562SUSE bug 1218915SUSE bug 1219073SUSE bug 1219126SUSE bug 1219127SUSE bug 1219146SUSE bug 1219295SUSE bug 1219633SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220350SUSE bug 1220364SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220797SUSE bug 1220825SUSE bug 1220845SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
ImportantSUSE bug 1214691SUSE bug 1219666CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1219885CVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:suse:sle-micro:5.4Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.4
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
ModerateSUSE bug 1144060SUSE bug 1176006SUSE bug 1188307SUSE bug 1203823SUSE bug 1205502SUSE bug 1206627SUSE bug 1210507SUSE bug 1213189CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
ModerateSUSE bug 1213590SUSE bug 1214686SUSE bug 1214687SUSE bug 1221187CVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-40745 at SUSECVE-2023-40745 at NVDCVE-2023-41175 at SUSECVE-2023-41175 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- drop 2 git-fixes patches which are suspicious to introduce regression reported in bsc#1219073
- fix unresolved hunks in readme.branch
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- readme.branch: use correct mail for roy
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add the removed mds_user_clear symbol to kabi severities as it is exposed just for kvm module and is generally a core kernel component so removing it is low risk.
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1211515SUSE bug 1213456SUSE bug 1214064SUSE bug 1218195SUSE bug 1218216SUSE bug 1218562SUSE bug 1218915SUSE bug 1219073SUSE bug 1219126SUSE bug 1219127SUSE bug 1219146SUSE bug 1219295SUSE bug 1219633SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220350SUSE bug 1220364SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220797SUSE bug 1220825SUSE bug 1220845SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
ModerateSUSE bug 1238879CVE-2025-27516 at SUSECVE-2025-27516 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- initcall_blacklist: Does not allow kernel_lockdown be blacklisted (bsc#1237521).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1206048SUSE bug 1206049SUSE bug 1207593SUSE bug 1207640SUSE bug 1210050SUSE bug 1211263SUSE bug 1217339SUSE bug 1228483SUSE bug 1228708SUSE bug 1228779SUSE bug 1228966SUSE bug 1237521SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237807SUSE bug 1237808SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237817SUSE bug 1237818SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238006SUSE bug 1238007SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238030SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238115SUSE bug 1238116SUSE bug 1238120SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238343SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238400SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238423SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238804SUSE bug 1238805SUSE bug 1238808SUSE bug 1238809SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238821SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238916SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238943SUSE bug 1238945SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115CVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
ImportantSUSE bug 1239330CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Low)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
LowSUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker, docker-stable (Important)SUSE Linux Enterprise Micro 5.4
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
ImportantSUSE bug 1237367SUSE bug 1239185SUSE bug 1239322CVE-2024-23650 at SUSECVE-2024-23650 at NVDCVE-2024-29018 at SUSECVE-2024-29018 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.4
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
ImportantSUSE bug 1238591SUSE bug 1239625SUSE bug 1239637CVE-2023-40403 at SUSECVE-2023-40403 at NVDCVE-2024-55549 at SUSECVE-2024-55549 at NVDCVE-2025-24855 at SUSECVE-2025-24855 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-41092: drm/i915/gt: Fix potential UAF by revoke of fence registers (bsc#1228483).
- CVE-2024-42098: crypto: ecdh - explicitly zeroize private_key (bsc#1228779).
- CVE-2024-42229: crypto: aead,cipher - zeroize key buffer after use (bsc#1228708).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
- CVE-2025-21839: kABI: Fix kABI after backport od CVE-2025-21839 (bsc#1239061).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197227SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1206048SUSE bug 1206049SUSE bug 1207034SUSE bug 1207186SUSE bug 1207593SUSE bug 1207640SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1210050SUSE bug 1210647SUSE bug 1211263SUSE bug 1213167SUSE bug 1217339SUSE bug 1225742SUSE bug 1228483SUSE bug 1228708SUSE bug 1228779SUSE bug 1228966SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1233558SUSE bug 1234464SUSE bug 1235528SUSE bug 1237029SUSE bug 1237521SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237807SUSE bug 1237808SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237817SUSE bug 1237818SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237875SUSE bug 1237877SUSE bug 1237890SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237918SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238006SUSE bug 1238007SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238030SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238115SUSE bug 1238116SUSE bug 1238120SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238343SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238400SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238423SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238804SUSE bug 1238805SUSE bug 1238808SUSE bug 1238809SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238821SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238911SUSE bug 1238916SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238943SUSE bug 1238945SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239016SUSE bug 1239035SUSE bug 1239036SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239061SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240195SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2024-58083 at SUSECVE-2024-58083 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21714 at SUSECVE-2025-21714 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21732 at SUSECVE-2025-21732 at NVDCVE-2025-21753 at SUSECVE-2025-21753 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDcpe:/o:suse:sle-micro:5.4Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.4
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
ModerateSUSE bug 1234452cpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-58083: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (bsc#1239036).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21714: RDMA/mlx5: Fix implicit ODP use after free (bsc#1237890).
- CVE-2025-21732: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (bsc#1237877).
- CVE-2025-21753: btrfs: fix use-after-free when attempting to join an aborted transaction (bsc#1237875).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (bsc#1240195).
- net: mana: Support holes in device list reply msg (bsc#1240133).
ImportantSUSE bug 1193629SUSE bug 1197227SUSE bug 1207034SUSE bug 1207186SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1210647SUSE bug 1213167SUSE bug 1225742SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1233558SUSE bug 1234464SUSE bug 1235528SUSE bug 1237029SUSE bug 1237530SUSE bug 1237875SUSE bug 1237877SUSE bug 1237890SUSE bug 1237918SUSE bug 1238911SUSE bug 1238919SUSE bug 1239016SUSE bug 1239036SUSE bug 1239061SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240195SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-58083 at SUSECVE-2024-58083 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21714 at SUSECVE-2025-21714 at NVDCVE-2025-21732 at SUSECVE-2025-21732 at NVDCVE-2025-21753 at SUSECVE-2025-21753 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
ImportantSUSE bug 1239618CVE-2024-8176 at SUSECVE-2024-8176 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
ModerateSUSE bug 1232234CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2025-32464: Fixed heap-based buffer overflow in sample_conv_regsub. (bsc#1240971)
ModerateSUSE bug 1240971CVE-2025-32464 at SUSECVE-2025-32464 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
ModerateSUSE bug 1239749CVE-2024-40635 at SUSECVE-2024-40635 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozjs60 fixes the following issues:
- CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837).
ModerateSUSE bug 1234837CVE-2024-56431 at SUSECVE-2024-56431 at NVDcpe:/o:suse:sle-micro:5.4Security update for cifs-utils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cifs-utils fixes the following issues:
- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
ModerateSUSE bug 1239680CVE-2025-2312 at SUSECVE-2025-2312 at NVDcpe:/o:suse:sle-micro:5.4Security update for augeas (Low)SUSE Linux Enterprise Micro 5.4
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
LowSUSE bug 1239909CVE-2025-2588 at SUSECVE-2025-2588 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
ModerateSUSE bug 1241453SUSE bug 1241551CVE-2025-32414 at SUSECVE-2025-32414 at NVDCVE-2025-32415 at SUSECVE-2025-32415 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
ModerateSUSE bug 1241020SUSE bug 1241078SUSE bug 1241189CVE-2025-29087 at SUSECVE-2025-29087 at NVDCVE-2025-29088 at SUSECVE-2025-29088 at NVDCVE-2025-3277 at SUSECVE-2025-3277 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750)
- CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
- CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
- CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
- CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
- CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164)
- CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
- CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688)
ImportantSUSE bug 1240750SUSE bug 1240752SUSE bug 1240756SUSE bug 1240757SUSE bug 1241164SUSE bug 1241222SUSE bug 1241686SUSE bug 1241688CVE-2025-2784 at SUSECVE-2025-2784 at NVDCVE-2025-32050 at SUSECVE-2025-32050 at NVDCVE-2025-32052 at SUSECVE-2025-32052 at NVDCVE-2025-32053 at SUSECVE-2025-32053 at NVDCVE-2025-32907 at SUSECVE-2025-32907 at NVDCVE-2025-32914 at SUSECVE-2025-32914 at NVDCVE-2025-46420 at SUSECVE-2025-46420 at NVDCVE-2025-46421 at SUSECVE-2025-46421 at NVDcpe:/o:suse:sle-micro:5.4Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.4
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
ModerateSUSE bug 1241678CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22029: exec: fix the racy usage of fs_struct->in_exec (bsc#1241378).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
ImportantSUSE bug 1201855SUSE bug 1230771SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239968SUSE bug 1240188SUSE bug 1240195SUSE bug 1240553SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241378SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21886 at SUSECVE-2025-21886 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22029 at SUSECVE-2025-22029 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
ModerateSUSE bug 1228634SUSE bug 1232533SUSE bug 1241012SUSE bug 1241045CVE-2025-32728 at SUSECVE-2025-32728 at NVDcpe:/o:suse:sle-micro:5.4Security update for brltty (Moderate)SUSE Linux Enterprise Micro 5.4
This update for brltty fixes the following issues:
- Avoid having brlapi.key temporarily world-readable during creation (bsc#1235438).
ModerateSUSE bug 1235438cpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
ModerateSUSE bug 1240897CVE-2025-3360 at SUSECVE-2025-3360 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
The following non-security bugs were fixed:
- scsi: smartpqi: Add ctrl ready timeout module parameter (jsc#PED-1557, bsc#1201855, bsc#1240553).
ImportantSUSE bug 1201855SUSE bug 1230771SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239968SUSE bug 1240188SUSE bug 1240195SUSE bug 1240553SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21886 at SUSECVE-2025-21886 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDcpe:/o:suse:sle-micro:5.4Security update for s390-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for s390-tools rebuilds the existing package with the new 4k RSA secure boot key.
Security issues fixed:
- CVE-2025-3416: Fixed Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate. (bsc#1242622)
Other issues:
- Added the new IBM z17 (9175) processor type
ModerateSUSE bug 1242622CVE-2025-3416 at SUSECVE-2025-3416 at NVDcpe:/o:suse:sle-micro:5.4Security update for rsync (Important)SUSE Linux Enterprise Micro 5.4
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
ImportantSUSE bug 1234101SUSE bug 1234102SUSE bug 1234103SUSE bug 1234104SUSE bug 1235475SUSE bug 1235895CVE-2024-12085 at SUSECVE-2024-12085 at NVDCVE-2024-12086 at SUSECVE-2024-12086 at NVDCVE-2024-12087 at SUSECVE-2024-12087 at NVDCVE-2024-12088 at SUSECVE-2024-12088 at NVDCVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)
- CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
- Updates for functional issues.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2)
| ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2)
| GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6
| LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3
| EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5
| GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3
| MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores
| TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile
| TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile
ModerateSUSE bug 1243123CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-43420 at SUSECVE-2024-43420 at NVDCVE-2024-45332 at SUSECVE-2024-45332 at NVDCVE-2025-20012 at SUSECVE-2025-20012 at NVDCVE-2025-20054 at SUSECVE-2025-20054 at NVDCVE-2025-20103 at SUSECVE-2025-20103 at NVDCVE-2025-20623 at SUSECVE-2025-20623 at NVDCVE-2025-24495 at SUSECVE-2025-24495 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
- Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
ModerateSUSE bug 1237147SUSE bug 1237180SUSE bug 1241938SUSE bug 1243106CVE-2025-22247 at SUSECVE-2025-22247 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issues:
- CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service
(bsc#1243268).
ImportantSUSE bug 1243268CVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.4Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for iputils fixes the following issues:
Security fixes:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300).
Other bug fixes:
- Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284).
ModerateSUSE bug 1242300SUSE bug 1243284CVE-2025-47268 at SUSECVE-2025-47268 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
ImportantSUSE bug 1234128SUSE bug 1243317CVE-2025-4802 at SUSECVE-2025-4802 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.4
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
ImportantSUSE bug 1243313CVE-2025-47273 at SUSECVE-2025-47273 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332)
- CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423)
- CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263)
- CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226)
- CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252)
- CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238)
- CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214)
- CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162)
ImportantSUSE bug 1241162SUSE bug 1241214SUSE bug 1241226SUSE bug 1241238SUSE bug 1241252SUSE bug 1241263SUSE bug 1243332SUSE bug 1243423CVE-2025-32906 at SUSECVE-2025-32906 at NVDCVE-2025-32909 at SUSECVE-2025-32909 at NVDCVE-2025-32910 at SUSECVE-2025-32910 at NVDCVE-2025-32911 at SUSECVE-2025-32911 at NVDCVE-2025-32912 at SUSECVE-2025-32912 at NVDCVE-2025-32913 at SUSECVE-2025-32913 at NVDCVE-2025-4948 at SUSECVE-2025-4948 at NVDCVE-2025-4969 at SUSECVE-2025-4969 at NVDcpe:/o:suse:sle-micro:5.4Security update for sysstat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
ModerateSUSE bug 1202473SUSE bug 1205224SUSE bug 1211507CVE-2022-39377 at SUSECVE-2022-39377 at NVDCVE-2023-33204 at SUSECVE-2023-33204 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919)
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1240177SUSE bug 1240802SUSE bug 1241525SUSE bug 1241526SUSE bug 1241640SUSE bug 1241648SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242284SUSE bug 1242285SUSE bug 1242289SUSE bug 1242294SUSE bug 1242305SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242402SUSE bug 1242403SUSE bug 1242409SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242493SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242749SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243649SUSE bug 1243660SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21888 at SUSECVE-2025-21888 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-22060 at SUSECVE-2025-22060 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
ModerateSUSE bug 1244039CVE-2024-47081 at SUSECVE-2024-47081 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam_u2f (Important)SUSE Linux Enterprise Micro 5.4
This update for pam_u2f fixes the following issues:
- CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)
ImportantSUSE bug 1233517SUSE bug 1235961CVE-2025-23013 at SUSECVE-2025-23013 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Important)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
ImportantSUSE bug 1243226SUSE bug 1244509CVE-2025-6018 at SUSECVE-2025-6018 at NVDCVE-2025-6020 at SUSECVE-2025-6020 at NVDcpe:/o:suse:sle-micro:5.4Security update for screen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for screen fixes the following issues:
Security issues fixed:
- CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session
allows for TTY hijacking (bsc#1242269).
Other issues fixed:
- Use TTY file descriptor passing after a suspend (`MSG_CONT`).
- Fix resume after suspend in multi-user mode.
ModerateSUSE bug 1242269CVE-2025-46802 at SUSECVE-2025-46802 at NVDcpe:/o:suse:sle-micro:5.4Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
ModerateSUSE bug 1244079CVE-2025-40909 at SUSECVE-2025-40909 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358)
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1190358SUSE bug 1190428SUSE bug 1209798SUSE bug 1215304SUSE bug 1222878SUSE bug 1228466SUSE bug 1230697SUSE bug 1232436SUSE bug 1233070SUSE bug 1233642SUSE bug 1234281SUSE bug 1234282SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1235004SUSE bug 1235035SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam_pkcs11 (Important)SUSE Linux Enterprise Micro 5.4
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.4Security update for ignition (Important)SUSE Linux Enterprise Micro 5.4
This update for ignition fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192).
ImportantSUSE bug 1239192CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sle-micro:5.4Security update for libblockdev (Important)SUSE Linux Enterprise Micro 5.4
This update for libblockdev fixes the following issues:
- CVE-2025-6019: Suppress privilege escalation during xfs fs resize (bsc#1243285).
ImportantSUSE bug 1243285CVE-2025-6019 at SUSECVE-2025-6019 at NVDcpe:/o:suse:sle-micro:5.4Security update for icu (Important)SUSE Linux Enterprise Micro 5.4
This update for icu fixes the following issues:
- CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721).
ImportantSUSE bug 1161007SUSE bug 1167603SUSE bug 1193951SUSE bug 1243721CVE-2020-21913 at SUSECVE-2020-21913 at NVDCVE-2025-5222 at SUSECVE-2025-5222 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam-config (Important)SUSE Linux Enterprise Micro 5.4
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- Added patch to remove using rw as a default mount option (bsc#1239776)
ModerateSUSE bug 1239776CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.4Security update for sudo (Important)SUSE Linux Enterprise Micro 5.4
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
ImportantSUSE bug 1245274CVE-2025-32462 at SUSECVE-2025-32462 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Low)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
ModerateSUSE bug 1228776SUSE bug 1239602CVE-2024-41965 at SUSECVE-2024-41965 at NVDCVE-2025-29768 at SUSECVE-2025-29768 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49858: octeontx2-pf: Fix SQE threshold checking (bsc#1242589).
- CVE-2023-53058: net/mlx5: E-Switch, Fix an Oops in error handling code (bsc#1242237).
- CVE-2023-53060: igb: revert rtnl_lock() that causes deadlock (bsc#1242241).
- CVE-2023-53064: iavf: Fix hang on reboot with ice (bsc#1242222).
- CVE-2023-53066: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (bsc#1242227).
- CVE-2023-53079: net/mlx5: Fix steering rules cleanup (bsc#1242765).
- CVE-2023-53114: i40e: Fix kernel crash during reboot when adapter is in recovery mode (bsc#1242398).
- CVE-2023-53134: bnxt_en: Avoid order-5 memory allocation for TPA data (bsc#1242380)
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21888: RDMA/mlx5: Fix a WARN during dereg_mr for DM type (bsc#1240177).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-22060: net: mvpp2: Prevent parser TCAM memory corruption (bsc#1241526).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Refresh fixes for cBPF issue (bsc#1242778)
- Remove debug flavor (bsc#1243919).
- Update metadata and put them into the sorted part of the series
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1240177SUSE bug 1240802SUSE bug 1241525SUSE bug 1241526SUSE bug 1241640SUSE bug 1241648SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242284SUSE bug 1242285SUSE bug 1242289SUSE bug 1242294SUSE bug 1242305SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242402SUSE bug 1242403SUSE bug 1242409SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242493SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242749SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243649SUSE bug 1243660SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21888 at SUSECVE-2025-21888 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-22060 at SUSECVE-2025-22060 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh (Important)SUSE Linux Enterprise Micro 5.4
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
ImportantSUSE bug 1245309SUSE bug 1245310SUSE bug 1245311SUSE bug 1245314CVE-2025-4877 at SUSECVE-2025-4877 at NVDCVE-2025-4878 at SUSECVE-2025-4878 at NVDCVE-2025-5318 at SUSECVE-2025-5318 at NVDCVE-2025-5372 at SUSECVE-2025-5372 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
ModerateSUSE bug 1239765SUSE bug 1240150SUSE bug 1241830SUSE bug 1242114SUSE bug 1243833SUSE bug 1244035CVE-2025-0495 at SUSECVE-2025-0495 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-8805: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (bsc#1230697).
The following non-security bugs were fixed:
- KVM: x86: fix sending PV IPI (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kernel/fork: beware of __put_task_struct() calling context (bsc#1189998 (PREEMPT_RT prerequisite backports)).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1189998SUSE bug 1190358SUSE bug 1190428SUSE bug 1191949SUSE bug 1193983SUSE bug 1196869SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1209657SUSE bug 1209798SUSE bug 1211592SUSE bug 1215304SUSE bug 1216702SUSE bug 1217169SUSE bug 1218447SUSE bug 1221044SUSE bug 1222721SUSE bug 1222878SUSE bug 1223481SUSE bug 1223501SUSE bug 1223512SUSE bug 1223520SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223953SUSE bug 1223957SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996SUSE bug 1224099SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224685SUSE bug 1224730SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1230697SUSE bug 1232436SUSE bug 1233070SUSE bug 1233642SUSE bug 1234281SUSE bug 1234282SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1235004SUSE bug 1235035SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch')
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag.
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1233551SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1236333SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242221SUSE bug 1242414SUSE bug 1242417SUSE bug 1242504SUSE bug 1242596SUSE bug 1242782SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244890SUSE bug 1244895SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244908SUSE bug 1244911SUSE bug 1244915SUSE bug 1244936SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245018SUSE bug 1245019SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245064SUSE bug 1245069SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
Security fixes:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
Other fixes:
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1234282SUSE bug 1238043SUSE bug 1238896SUSE bug 1243117SUSE bug 1244644SUSE bug 1246112CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2025-1713 at SUSECVE-2025-1713 at NVDCVE-2025-27465 at SUSECVE-2025-27465 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
ImportantSUSE bug 1244554SUSE bug 1244557SUSE bug 1244590SUSE bug 1244700CVE-2025-49794 at SUSECVE-2025-49794 at NVDCVE-2025-49796 at SUSECVE-2025-49796 at NVDCVE-2025-6021 at SUSECVE-2025-6021 at NVDCVE-2025-6170 at SUSECVE-2025-6170 at NVDcpe:/o:suse:sle-micro:5.4Security update for coreutils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
ModerateSUSE bug 1243767CVE-2025-5278 at SUSECVE-2025-5278 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
ModerateSUSE bug 1242844CVE-2025-4373 at SUSECVE-2025-4373 at NVDcpe:/o:suse:sle-micro:5.4Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.4
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
ModerateSUSE bug 1243450CVE-2024-23337 at SUSECVE-2024-23337 at NVDcpe:/o:suse:sle-micro:5.4Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
ModerateSUSE bug 1243772CVE-2025-48964 at SUSECVE-2025-48964 at NVDcpe:/o:suse:sle-micro:5.4Security update for libgcrypt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
ModerateSUSE bug 1221107CVE-2024-2236 at SUSECVE-2024-2236 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (bsc#1244404).
- CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (bsc#1244403).
- CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser (bsc#1244407).
ModerateSUSE bug 1244403SUSE bug 1244404SUSE bug 1244407CVE-2025-47806 at SUSECVE-2025-47806 at NVDCVE-2025-47807 at SUSECVE-2025-47807 at NVDCVE-2025-47808 at SUSECVE-2025-47808 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2024-38822: Fixed Minion token validation (bsc#1244561)
- CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)
- CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)
- CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)
- CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)
- CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)
- CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)
- CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)
- CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)
- CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574)
- CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)
- CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)
- Other bugs fixed:
- Added subsystem filter to udev.exportdb (bsc#1236621)
- Fixed Ubuntu 24.04 test failures
- Fixed refresh of osrelease and related grains on Python 3.10+
- Fixed issue requiring proper Python flavor for dependencies
ImportantSUSE bug 1236621SUSE bug 1243268SUSE bug 1244561SUSE bug 1244564SUSE bug 1244565SUSE bug 1244566SUSE bug 1244567SUSE bug 1244568SUSE bug 1244570SUSE bug 1244571SUSE bug 1244572SUSE bug 1244574SUSE bug 1244575CVE-2024-38822 at SUSECVE-2024-38822 at NVDCVE-2024-38823 at SUSECVE-2024-38823 at NVDCVE-2024-38824 at SUSECVE-2024-38824 at NVDCVE-2024-38825 at SUSECVE-2024-38825 at NVDCVE-2025-22236 at SUSECVE-2025-22236 at NVDCVE-2025-22237 at SUSECVE-2025-22237 at NVDCVE-2025-22238 at SUSECVE-2025-22238 at NVDCVE-2025-22239 at SUSECVE-2025-22239 at NVDCVE-2025-22240 at SUSECVE-2025-22240 at NVDCVE-2025-22241 at SUSECVE-2025-22241 at NVDCVE-2025-22242 at SUSECVE-2025-22242 at NVDCVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.4Security update for polkit (Important)SUSE Linux Enterprise Micro 5.4
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
ImportantSUSE bug 1246472CVE-2025-7519 at SUSECVE-2025-7519 at NVDcpe:/o:suse:sle-micro:5.4Security update for boost (Important)SUSE Linux Enterprise Micro 5.4
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
ImportantSUSE bug 1245936CVE-2016-9840 at SUSECVE-2016-9840 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1233551SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1236333SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242221SUSE bug 1242414SUSE bug 1242417SUSE bug 1242504SUSE bug 1242596SUSE bug 1242782SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244890SUSE bug 1244895SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244908SUSE bug 1244911SUSE bug 1244915SUSE bug 1244936SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245018SUSE bug 1245019SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245064SUSE bug 1245069SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
ImportantSUSE bug 1246232SUSE bug 1246233SUSE bug 1246267SUSE bug 1246299CVE-2025-32988 at SUSECVE-2025-32988 at NVDCVE-2025-32989 at SUSECVE-2025-32989 at NVDCVE-2025-32990 at SUSECVE-2025-32990 at NVDCVE-2025-6395 at SUSECVE-2025-6395 at NVDcpe:/o:suse:sle-micro:5.4Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for nvidia-open-driver-G06-signed fixes the following issues:
- Update to 550.144.03 (bsc#1235461, bsc#1235871)
* fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149,
CVE-2024-0150, CVE-2024-53869
ImportantSUSE bug 1234675SUSE bug 1235461SUSE bug 1235871CVE-2024-0131 at SUSECVE-2024-0131 at NVDCVE-2024-0147 at SUSECVE-2024-0147 at NVDCVE-2024-0149 at SUSECVE-2024-0149 at NVDCVE-2024-0150 at SUSECVE-2024-0150 at NVDCVE-2024-53869 at SUSECVE-2024-53869 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
ImportantSUSE bug 1246296CVE-2025-7425 at SUSECVE-2025-7425 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
* Required for rootless mode as a regular user has no permission
to load kernel modules
- CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
- Refactor network backend dependencies:
* podman requires either netavark or cni-plugins. On ALP, require
netavark, otherwise prefer netavark but don't force it.
* This fixes missing cni-plugins in some scenarios
* Default to netavark everywhere where it's available
ImportantSUSE bug 1214612SUSE bug 1215807SUSE bug 1215926SUSE bug 1217828SUSE bug 1221677SUSE bug 1231208SUSE bug 1231230SUSE bug 1231499SUSE bug 1231698SUSE bug 1236270CVE-2024-11218 at SUSECVE-2024-11218 at NVDCVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDCVE-2024-9676 at SUSECVE-2024-9676 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
ImportantSUSE bug 1246597CVE-2025-6965 at SUSECVE-2025-6965 at NVDcpe:/o:suse:sle-micro:5.4Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.4
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
ModerateSUSE bug 1243935CVE-2025-4598 at SUSECVE-2025-4598 at NVDcpe:/o:suse:sle-micro:5.4Security update for cairo (Low)SUSE Linux Enterprise Micro 5.4
This update for cairo fixes the following issues:
- CVE-2019-6461: avoid assert when drawing arcs with NaN angles (bsc#1122338).
LowSUSE bug 1122338CVE-2019-6461 at SUSECVE-2019-6461 at NVDcpe:/o:suse:sle-micro:5.4Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
ModerateSUSE bug 1244270SUSE bug 1244272SUSE bug 1244273SUSE bug 1244279SUSE bug 1244336CVE-2025-5914 at SUSECVE-2025-5914 at NVDCVE-2025-5915 at SUSECVE-2025-5915 at NVDCVE-2025-5916 at SUSECVE-2025-5916 at NVDCVE-2025-5917 at SUSECVE-2025-5917 at NVDCVE-2025-5918 at SUSECVE-2025-5918 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ModerateSUSE bug 1234959CVE-2024-56738 at SUSECVE-2024-56738 at NVDcpe:/o:suse:sle-micro:5.4Security update for dpkg (Moderate)SUSE Linux Enterprise Micro 5.4
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
ModerateSUSE bug 1245573CVE-2025-6297 at SUSECVE-2025-6297 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
ImportantSUSE bug 1233012SUSE bug 1243273SUSE bug 1244032SUSE bug 1244056SUSE bug 1244059SUSE bug 1244060SUSE bug 1244061SUSE bug 1244401SUSE bug 1244705SUSE bug 1247249SUSE bug 831629CVE-2024-12718 at SUSECVE-2024-12718 at NVDCVE-2025-4138 at SUSECVE-2025-4138 at NVDCVE-2025-4330 at SUSECVE-2025-4330 at NVDCVE-2025-4435 at SUSECVE-2025-4435 at NVDCVE-2025-4516 at SUSECVE-2025-4516 at NVDCVE-2025-4517 at SUSECVE-2025-4517 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDCVE-2025-8194 at SUSECVE-2025-8194 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
ImportantSUSE bug 1245320CVE-2025-6032 at SUSECVE-2025-6032 at NVDcpe:/o:suse:sle-micro:5.4Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.4
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
ImportantSUSE bug 1210344SUSE bug 1223234SUSE bug 1229952SUSE bug 1230029SUSE bug 1242623SUSE bug 1243861SUSE bug 1247193CVE-2023-26964 at SUSECVE-2023-26964 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-32650 at SUSECVE-2024-32650 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-58266 at SUSECVE-2025-58266 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Important)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
ImportantSUSE bug 1247106SUSE bug 1247108CVE-2025-8176 at SUSECVE-2025-8176 at NVDCVE-2025-8177 at SUSECVE-2025-8177 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1229334SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1240185SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21881 at SUSECVE-2025-21881 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21881: uprobes: Reject the shared zeropage in uprobe_write_opcode() (bsc#1240185).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1229334SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1240185SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21881 at SUSECVE-2025-21881 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-Jinja2 (Important)SUSE Linux Enterprise Micro 5.4
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- Update to Docker 28.3.3-ce.
- CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367)
ModerateSUSE bug 1246556SUSE bug 1247367CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:sle-micro:5.4Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.4
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
ModerateSUSE bug 1244116CVE-2025-48060 at SUSECVE-2025-48060 at NVDcpe:/o:suse:sle-micro:5.4Security update for rust-keylime (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rust-keylime fixes the following issues:
- Update slab to version 0.4.11:
* CVE-2025-55159: Fixed incorrect bounds check in get_disjoint_mut function (bsc#1248006)
- Update to version 0.2.8+12:
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump cfg-if from 1.0.0 to 1.0.1
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump clap from 4.5.39 to 4.5.45
* build(deps): bump pest from 2.8.0 to 2.8.1
* Fix clippy warnings
* Use verifier-provided interval for continuous attestation timing
* Add meta object with seconds_to_next_attestation to evidence response
* Fix boot time retrieval
* Fix IMA log format (it must be ['text/plain']) (#1073)
* Remove unnecessary configuration fields
* cargo: Bump retry-policies to version 0.4.0
ModerateSUSE bug 1248006CVE-2025-55159 at SUSECVE-2025-55159 at NVDcpe:/o:suse:sle-micro:5.4Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.4
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227)
- CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)
ImportantSUSE bug 1245227SUSE bug 1246114CVE-2025-6199 at SUSECVE-2025-6199 at NVDCVE-2025-7345 at SUSECVE-2025-7345 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
ModerateSUSE bug 1232234SUSE bug 1246221CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
ModerateSUSE bug 1244925CVE-2025-50181 at SUSECVE-2025-50181 at NVDcpe:/o:suse:sle-micro:5.4Security update for udisks2 (Important)SUSE Linux Enterprise Micro 5.4
This update for udisks2 fixes the following issues:
- CVE-2025-8067: Fixed missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502)
ImportantSUSE bug 1248502CVE-2025-8067 at SUSECVE-2025-8067 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-future (Important)SUSE Linux Enterprise Micro 5.4
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
ImportantSUSE bug 1248124CVE-2025-50817 at SUSECVE-2025-50817 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
| GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
| ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
| LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
| MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases:
All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
ImportantSUSE bug 1248438CVE-2025-20053 at SUSECVE-2025-20053 at NVDCVE-2025-20109 at SUSECVE-2025-20109 at NVDCVE-2025-22839 at SUSECVE-2025-22839 at NVDCVE-2025-22840 at SUSECVE-2025-22840 at NVDCVE-2025-22889 at SUSECVE-2025-22889 at NVDCVE-2025-26403 at SUSECVE-2025-26403 at NVDCVE-2025-32086 at SUSECVE-2025-32086 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Low)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-4945: Fixed Integer Overflow in Cookie Expiration Date Handling in libsoup (bsc#1243314).
LowSUSE bug 1243314CVE-2025-4945 at SUSECVE-2025-4945 at NVDcpe:/o:suse:sle-micro:5.4Security update for regionServiceClientConfigAzure (Critical)SUSE Linux Enterprise Micro 5.4
This update for regionServiceClientConfigAzure contains the following fixes:
- Update to version 3.0.0.(bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in
SLE 16. (bsc#1243419)
+ Replacing certificate for rgnsrv-azure-southeastasia to get
rid of weird chain cert
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.4Security update for regionServiceClientConfigEC2 (Critical)SUSE Linux Enterprise Micro 5.4
This update for regionServiceClientConfigEC2 contains the following fixes:
- Update to version 5.0.0. (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency to accomodate metadata binary package name change
in SLE 16. (bsc#1243419)
+ New 4096 certificate for rgnsrv-ec2-us-east1
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.4Security update for regionServiceClientConfigGCE (Critical)SUSE Linux Enterprise Micro 5.4
This update for regionServiceClientConfigGCE contains the following fixes:
- Update to version 5.0.0 (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update conditional to handle name change of metadata package
in SLE 16. (bsc#1242063)
+ Add noipv6 patch
CriticalSUSE bug 1242063SUSE bug 1246995cpe:/o:suse:sle-micro:5.4Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ignition fixes the following issues:
CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518)
ModerateSUSE bug 1236518CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
ModerateSUSE bug 1246602SUSE bug 1246604SUSE bug 1247938SUSE bug 1247939CVE-2025-53905 at SUSECVE-2025-53905 at NVDCVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2025-55157 at SUSECVE-2025-55157 at NVDCVE-2025-55158 at SUSECVE-2025-55158 at NVDcpe:/o:suse:sle-micro:5.4Security update for net-tools (Moderate)SUSE Linux Enterprise Micro 5.4
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
ModerateSUSE bug 1243581SUSE bug 1246608SUSE bug 1248410SUSE bug 1248687SUSE bug 142461CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
ImportantSUSE bug 1230932SUSE bug 1246533SUSE bug 1249049SUSE bug 1249128CVE-2024-47175 at SUSECVE-2024-47175 at NVDCVE-2025-58060 at SUSECVE-2025-58060 at NVDCVE-2025-58364 at SUSECVE-2025-58364 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.4Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.4
This update for bluez fixes the following issues:
- CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections (bsc#1217877).
ModerateSUSE bug 1217877CVE-2023-45866 at SUSECVE-2023-45866 at NVDcpe:/o:suse:sle-micro:5.4Security update for cairo (Low)SUSE Linux Enterprise Micro 5.4
This update for cairo fixes the following issues:
- CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589).
LowSUSE bug 1247589CVE-2025-50422 at SUSECVE-2025-50422 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (jsc#PED-8240).
ImportantSUSE bug 1234896SUSE bug 1244824SUSE bug 1245970SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
ModerateSUSE bug 1233421CVE-2024-52615 at SUSECVE-2024-52615 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Low)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330).
- CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582).
- CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117).
LowSUSE bug 1247582SUSE bug 1248117SUSE bug 1248330CVE-2025-8534 at SUSECVE-2025-8534 at NVDCVE-2025-8961 at SUSECVE-2025-8961 at NVDCVE-2025-9165 at SUSECVE-2025-9165 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- Disable N_GSM (bsc#1244824 jsc#PED-8240).
ImportantSUSE bug 1234896SUSE bug 1244824SUSE bug 1245970SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.4Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rsync fixes the following issues:
- Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities.
ModerateSUSE bug 1233760cpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
ImportantSUSE bug 1236460CVE-2022-49043 at SUSECVE-2022-49043 at NVDcpe:/o:suse:sle-micro:5.4Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.4
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.82.07:
- CVE-2025-23277: Fixed access memory outside bounds permitted under normal
use cases in NVIDIA Display Driver (bsc#1247528).
- CVE-2025-23278: Fixed improper index validation by issuing a call with
crafted parameters in NVIDIA Display Driver (bsc#1247529).
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530).
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest
in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531).
- CVE-2025-23279: Fixed race condition that lead to privileges escalations
in NVIDIA .run Installer (bsc#1247532).
Update non-CUDA variant to 580.82.07 (bsc#1249235).
Other fixes:
- Added Requires to be provided by special versions of nvidia-modprobe and
nvidia-persitenced built against SP4 (bsc#1237208, jsc#PED-13295).
- Get rid of rule of older KMPs not to load nvidia_drm module, which
are still installed in parallel and therefore still active (bsc#1247923).
ImportantSUSE bug 1236658SUSE bug 1236746SUSE bug 1237208SUSE bug 1237308SUSE bug 1237585SUSE bug 1239139SUSE bug 1239653SUSE bug 1241231SUSE bug 1242054SUSE bug 1243192SUSE bug 1244614SUSE bug 1246010SUSE bug 1246327SUSE bug 1247528SUSE bug 1247529SUSE bug 1247530SUSE bug 1247531SUSE bug 1247532SUSE bug 1247907SUSE bug 1247923SUSE bug 1249235CVE-2025-23277 at SUSECVE-2025-23277 at NVDCVE-2025-23278 at SUSECVE-2025-23278 at NVDCVE-2025-23279 at SUSECVE-2025-23279 at NVDCVE-2025-23283 at SUSECVE-2025-23283 at NVDCVE-2025-23286 at SUSECVE-2025-23286 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
ModerateSUSE bug 1236619CVE-2025-24528 at SUSECVE-2025-24528 at NVDcpe:/o:suse:sle-micro:5.4Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.4
This update for open-vm-tools fixes the following issues:
- CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373).
ImportantSUSE bug 1250373CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.4Security update for orc (Important)SUSE Linux Enterprise Micro 5.4
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-9566: fixed an issue in kube play command that could cause overwriting host files (bsc#1249154)
ImportantSUSE bug 1249154CVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:sle-micro:5.4Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.4
This update for haproxy fixes the following issues:
- CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive
resource consumption when processing numbers with large exponents (bsc#1250983).
ModerateSUSE bug 1250983CVE-2025-11230 at SUSECVE-2025-11230 at NVDcpe:/o:suse:sle-micro:5.4Security update for samba (Critical)SUSE Linux Enterprise Micro 5.4
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
CriticalSUSE bug 1251279SUSE bug 1251280CVE-2025-10230 at SUSECVE-2025-10230 at NVDCVE-2025-9640 at SUSECVE-2025-9640 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- README.BRANCH: Add Lidong Zhong as a SLE15-SP4-LTSS co-maintainer.
- Revert backported patches for bsc#1238160 because the CVSS less than 7.0
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers.
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206456SUSE bug 1206468SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213666SUSE bug 1213747SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1236104SUSE bug 1238160SUSE bug 1241353SUSE bug 1242573SUSE bug 1242846SUSE bug 1242960SUSE bug 1243539SUSE bug 1244337SUSE bug 1244732SUSE bug 1245110SUSE bug 1245498SUSE bug 1245499SUSE bug 1245666SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1247288SUSE bug 1247317SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249608SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249691SUSE bug 1249695SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249781SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249808SUSE bug 1249810SUSE bug 1249820SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249872SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250039SUSE bug 1250041SUSE bug 1250043SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250114SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250131SUSE bug 1250132SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250159SUSE bug 1250161SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250209SUSE bug 1250211SUSE bug 1250237SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250767SUSE bug 1250768SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250830SUSE bug 1250831SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250955SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53307 at SUSECVE-2023-53307 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53513 at SUSECVE-2023-53513 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-23155 at SUSECVE-2025-23155 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
ModerateSUSE bug 1236588SUSE bug 1236590CVE-2025-0167 at SUSECVE-2025-0167 at NVDCVE-2025-0725 at SUSECVE-2025-0725 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-23155: net: stmmac: Fix accessing freed irq affinity_hint (bsc#1242573).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38084: mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- Revert backported patches for bsc#1238160.
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206456SUSE bug 1206468SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213666SUSE bug 1213747SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1236104SUSE bug 1238160SUSE bug 1241353SUSE bug 1242573SUSE bug 1242846SUSE bug 1242960SUSE bug 1243539SUSE bug 1244337SUSE bug 1245110SUSE bug 1245498SUSE bug 1245499SUSE bug 1245666SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1247288SUSE bug 1247317SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249608SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249695SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249781SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249808SUSE bug 1249810SUSE bug 1249820SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249872SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250039SUSE bug 1250041SUSE bug 1250043SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250114SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250131SUSE bug 1250132SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250159SUSE bug 1250161SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250209SUSE bug 1250211SUSE bug 1250237SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250767SUSE bug 1250768SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250830SUSE bug 1250831SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250955SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53307 at SUSECVE-2023-53307 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53513 at SUSECVE-2023-53513 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-23155 at SUSECVE-2025-23155 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38470 at SUSECVE-2025-38470 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
messages can lead to crash due to a `RecursionError` (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.4Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
ModerateSUSE bug 1241219CVE-2025-3576 at SUSECVE-2025-3576 at NVDcpe:/o:suse:sle-micro:5.4Security update for afterburn (Important)SUSE Linux Enterprise Micro 5.4
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
ImportantSUSE bug 1196972SUSE bug 1242665SUSE bug 1243850SUSE bug 1244199SUSE bug 1244675SUSE bug 1250471CVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-5791 at SUSECVE-2025-5791 at NVDcpe:/o:suse:sle-micro:5.4Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
ModerateSUSE bug 1246974SUSE bug 1249375CVE-2025-8114 at SUSECVE-2025-8114 at NVDCVE-2025-8277 at SUSECVE-2025-8277 at NVDcpe:/o:suse:sle-micro:5.4Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.4
This update for chrony fixes the following issues:
- Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
ModerateSUSE bug 1246544cpe:/o:suse:sle-micro:5.4Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
ImportantSUSE bug 1251263CVE-2025-9187 at SUSECVE-2025-9187 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Important)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
- CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472)
ImportantSUSE bug 1248807SUSE bug 1251271CVE-2025-27466 at SUSECVE-2025-27466 at NVDCVE-2025-58142 at SUSECVE-2025-58142 at NVDCVE-2025-58143 at SUSECVE-2025-58143 at NVDCVE-2025-58147 at SUSECVE-2025-58147 at NVDCVE-2025-58148 at SUSECVE-2025-58148 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.4
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979)
- CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553)
ImportantSUSE bug 1250553SUSE bug 1251979CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.4Security update for colord (Moderate)SUSE Linux Enterprise Micro 5.4
This update for colord fixes the following issues:
- CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750).
ModerateSUSE bug 1250750CVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.4Security update for tiff (Important)SUSE Linux Enterprise Micro 5.4
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
ImportantSUSE bug 1250413CVE-2025-9900 at SUSECVE-2025-9900 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
ImportantSUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.4Security update for gpg2 (Low)SUSE Linux Enterprise Micro 5.4
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
LowSUSE bug 1239119CVE-2025-30258 at SUSECVE-2025-30258 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0> ImportantSUSE bug 1252110SUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
ImportantSUSE bug 1252376SUSE bug 1252543CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.4Security update for elfutils (Moderate)SUSE Linux Enterprise Micro 5.4
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh. ModerateSUSE bug 1237236SUSE bug 1237240SUSE bug 1237241SUSE bug 1237242CVE-2025-1352 at SUSECVE-2025-1352 at NVDCVE-2025-1372 at SUSECVE-2025-1372 at NVDCVE-2025-1376 at SUSECVE-2025-1376 at NVDCVE-2025-1377 at SUSECVE-2025-1377 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251047SUSE bug 1251052SUSE bug 1251057SUSE bug 1251059SUSE bug 1251061SUSE bug 1251063SUSE bug 1251064SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251154SUSE bug 1251159SUSE bug 1251164SUSE bug 1251166SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251310SUSE bug 1251312SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252069SUSE bug 1252265SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893SUSE bug 1252904SUSE bug 1252919CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53576 at SUSECVE-2023-53576 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40088 at SUSECVE-2025-40088 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
ModerateSUSE bug 1251198SUSE bug 1251199CVE-2025-61984 at SUSECVE-2025-61984 at NVDCVE-2025-61985 at SUSECVE-2025-61985 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076)
- CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850)
ModerateSUSE bug 1247850SUSE bug 1249076CVE-2025-8732 at SUSECVE-2025-8732 at NVDCVE-2025-9714 at SUSECVE-2025-9714 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
- CVE-2025-40088: hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (bsc#1252904).
- CVE-2025-40102: KVM: arm64: Prevent access to vCPU events before init (bsc#1252919).
The following non security issues were fixed:
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251047SUSE bug 1251052SUSE bug 1251057SUSE bug 1251059SUSE bug 1251061SUSE bug 1251063SUSE bug 1251064SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251154SUSE bug 1251159SUSE bug 1251164SUSE bug 1251166SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251310SUSE bug 1251312SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252069SUSE bug 1252265SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893SUSE bug 1252904SUSE bug 1252919CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53576 at SUSECVE-2023-53576 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40088 at SUSECVE-2025-40088 at NVDCVE-2025-40102 at SUSECVE-2025-40102 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542)
ImportantSUSE bug 1253542CVE-2025-47913 at SUSECVE-2025-47913 at NVDcpe:/o:suse:sle-micro:5.4Security update for sssd (Important)SUSE Linux Enterprise Micro 5.4
This update for sssd fixes the following issues:
- CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due
to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827)
Other fixes:
- Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325)
ImportantSUSE bug 1244325SUSE bug 1251827CVE-2025-11561 at SUSECVE-2025-11561 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
ModerateSUSE bug 1252931SUSE bug 1252932SUSE bug 1252933SUSE bug 1252934SUSE bug 1252935CVE-2025-54771 at SUSECVE-2025-54771 at NVDCVE-2025-61661 at SUSECVE-2025-61661 at NVDCVE-2025-61662 at SUSECVE-2025-61662 at NVDCVE-2025-61663 at SUSECVE-2025-61663 at NVDCVE-2025-61664 at SUSECVE-2025-61664 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
ImportantSUSE bug 1253126SUSE bug 1253132CVE-2024-25621 at SUSECVE-2024-25621 at NVDCVE-2025-64329 at SUSECVE-2025-64329 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
ModerateSUSE bug 1234225SUSE bug 1244057SUSE bug 1253783CVE-2025-58436 at SUSECVE-2025-58436 at NVDCVE-2025-61915 at SUSECVE-2025-61915 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
ModerateSUSE bug 1253757CVE-2025-11563 at SUSECVE-2025-11563 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Important)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
ImportantSUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2021-3611: Fixed segmentation fault due to stack overflow (bsc#1193914).
Other fixes:
- qemu.spec: mark bridge.conf as noreplace (bsc#1201944).
ModerateSUSE bug 1193914SUSE bug 1201944CVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
ModerateSUSE bug 1249055CVE-2025-7039 at SUSECVE-2025-7039 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Low)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
LowSUSE bug 1251305SUSE bug 1252974CVE-2025-6075 at SUSECVE-2025-6075 at NVDCVE-2025-8291 at SUSECVE-2025-8291 at NVDcpe:/o:suse:sle-micro:5.4Security update for librsvg (Moderate)SUSE Linux Enterprise Micro 5.4
This update for librsvg fixes the following issues:
Update to version 2.52.12.
- CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode
labels that do not produce any non-ASCII output when decoded (bsc#1243867).
- CVE-2024-43806: rustix: unbounded memory explosion leading to an application OOM crash when using the `rustix::fs::Dir`
iterator with the `linux_raw` backend (bsc#1229950).
ModerateSUSE bug 1229950SUSE bug 1243867CVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:suse:sle-micro:5.4Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.4
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
ModerateSUSE bug 1244057SUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.4
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
ImportantSUSE bug 1254157SUSE bug 1254158SUSE bug 1254159SUSE bug 1254160SUSE bug 1254480CVE-2025-64505 at SUSECVE-2025-64505 at NVDCVE-2025-64506 at SUSECVE-2025-64506 at NVDCVE-2025-64720 at SUSECVE-2025-64720 at NVDCVE-2025-65018 at SUSECVE-2025-65018 at NVDCVE-2025-66293 at SUSECVE-2025-66293 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
- CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
- Backport security fixes for vendored tornado
* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
- Other changes and bugs fixed:
- Fixed TLS and x509 modules for OSes with older cryptography module
- Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
- Fixed payload signature verification on Tumbleweed (bsc#1251776)
- Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
- Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
- Improved SL Micro 6.2 detection with grains
- Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
- Set python-CherryPy as required for python-salt-testsuite
ImportantSUSE bug 1227207SUSE bug 1250520SUSE bug 1250755SUSE bug 1251776SUSE bug 1252244SUSE bug 1252285SUSE bug 1254256SUSE bug 1254257CVE-2025-62348 at SUSECVE-2025-62348 at NVDCVE-2025-62349 at SUSECVE-2025-62349 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
ImportantSUSE bug 1254297SUSE bug 1254662SUSE bug 1254878CVE-2025-13601 at SUSECVE-2025-13601 at NVDCVE-2025-14087 at SUSECVE-2025-14087 at NVDCVE-2025-14512 at SUSECVE-2025-14512 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
ModerateSUSE bug 1254132CVE-2025-9820 at SUSECVE-2025-9820 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- CVE-2024-1298: potential division-by-zero crash in edk2 due to UINT32 overflow in S3 ResumeCount. (bsc#1225889)
- CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages.
(bsc#1218879)
- CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880)
- CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881)
- CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882)
- CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883)
- CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message.
(bsc#1218884)
- CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message.
(bsc#1218885)
- CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network packages. (bsc#1218886)
- CVE-2023-45237: use of a weak pseudorandom number generator in edk2. (bsc#1218887)
ImportantSUSE bug 1218879SUSE bug 1218880SUSE bug 1218881SUSE bug 1218882SUSE bug 1218883SUSE bug 1218884SUSE bug 1218885SUSE bug 1218886SUSE bug 1218887SUSE bug 1225889CVE-2023-45229 at SUSECVE-2023-45229 at NVDCVE-2023-45230 at SUSECVE-2023-45230 at NVDCVE-2023-45231 at SUSECVE-2023-45231 at NVDCVE-2023-45232 at SUSECVE-2023-45232 at NVDCVE-2023-45233 at SUSECVE-2023-45233 at NVDCVE-2023-45234 at SUSECVE-2023-45234 at NVDCVE-2023-45235 at SUSECVE-2023-45235 at NVDCVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDCVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:suse:sle-micro:5.4Security update for libtasn1 (Important)SUSE Linux Enterprise Micro 5.4
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
ImportantSUSE bug 1236878CVE-2024-12133 at SUSECVE-2024-12133 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
ModerateSUSE bug 1236705CVE-2025-0938 at SUSECVE-2025-0938 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1230697SUSE bug 1231847SUSE bug 1233112SUSE bug 1233642SUSE bug 1234025SUSE bug 1234690SUSE bug 1234884SUSE bug 1234896SUSE bug 1234931SUSE bug 1235134SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235466SUSE bug 1235480SUSE bug 1235521SUSE bug 1235584SUSE bug 1235645SUSE bug 1235723SUSE bug 1235759SUSE bug 1235764SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Low)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
LowSUSE bug 1236282CVE-2025-0395 at SUSECVE-2025-0395 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1230697SUSE bug 1231847SUSE bug 1233112SUSE bug 1233642SUSE bug 1234025SUSE bug 1234690SUSE bug 1234884SUSE bug 1234896SUSE bug 1234931SUSE bug 1235134SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235466SUSE bug 1235480SUSE bug 1235521SUSE bug 1235584SUSE bug 1235645SUSE bug 1235723SUSE bug 1235759SUSE bug 1235764SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing
them to log files. (bsc#1227052)
- CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames
read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507)
ModerateSUSE bug 1227052SUSE bug 1236507CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.4Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.4
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
ImportantSUSE bug 1233606SUSE bug 1233608SUSE bug 1233609SUSE bug 1233610SUSE bug 1233612SUSE bug 1233613SUSE bug 1233614SUSE bug 1233615SUSE bug 1233616SUSE bug 1233617SUSE bug 1234958SUSE bug 1236316SUSE bug 1236317SUSE bug 1237002SUSE bug 1237006SUSE bug 1237008SUSE bug 1237009SUSE bug 1237010SUSE bug 1237011SUSE bug 1237012SUSE bug 1237013SUSE bug 1237014CVE-2024-45774 at SUSECVE-2024-45774 at NVDCVE-2024-45775 at SUSECVE-2024-45775 at NVDCVE-2024-45776 at SUSECVE-2024-45776 at NVDCVE-2024-45777 at SUSECVE-2024-45777 at NVDCVE-2024-45778 at SUSECVE-2024-45778 at NVDCVE-2024-45779 at SUSECVE-2024-45779 at NVDCVE-2024-45780 at SUSECVE-2024-45780 at NVDCVE-2024-45781 at SUSECVE-2024-45781 at NVDCVE-2024-45782 at SUSECVE-2024-45782 at NVDCVE-2024-45783 at SUSECVE-2024-45783 at NVDCVE-2024-56737 at SUSECVE-2024-56737 at NVDCVE-2025-0622 at SUSECVE-2025-0622 at NVDCVE-2025-0624 at SUSECVE-2025-0624 at NVDCVE-2025-0677 at SUSECVE-2025-0677 at NVDCVE-2025-0678 at SUSECVE-2025-0678 at NVDCVE-2025-0684 at SUSECVE-2025-0684 at NVDCVE-2025-0685 at SUSECVE-2025-0685 at NVDCVE-2025-0686 at SUSECVE-2025-0686 at NVDCVE-2025-0689 at SUSECVE-2025-0689 at NVDCVE-2025-0690 at SUSECVE-2025-0690 at NVDCVE-2025-1118 at SUSECVE-2025-1118 at NVDCVE-2025-1125 at SUSECVE-2025-1125 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
- CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
- CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
ModerateSUSE bug 1237096CVE-2024-31068 at SUSECVE-2024-31068 at NVDCVE-2024-36293 at SUSECVE-2024-36293 at NVDCVE-2024-37020 at SUSECVE-2024-37020 at NVDCVE-2024-39355 at SUSECVE-2024-39355 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
ModerateSUSE bug 1237040CVE-2025-26465 at SUSECVE-2025-26465 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
ImportantSUSE bug 1234415SUSE bug 1234450SUSE bug 1234453SUSE bug 1234455SUSE bug 1234456SUSE bug 1234459SUSE bug 1234460CVE-2024-47538 at SUSECVE-2024-47538 at NVDCVE-2024-47541 at SUSECVE-2024-47541 at NVDCVE-2024-47542 at SUSECVE-2024-47542 at NVDCVE-2024-47600 at SUSECVE-2024-47600 at NVDCVE-2024-47607 at SUSECVE-2024-47607 at NVDCVE-2024-47615 at SUSECVE-2024-47615 at NVDCVE-2024-47835 at SUSECVE-2024-47835 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084).
ImportantSUSE bug 1237084CVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDcpe:/o:suse:sle-micro:5.4Security update for gstreamer (Important)SUSE Linux Enterprise Micro 5.4
This update for gstreamer fixes the following issues:
- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)
ImportantSUSE bug 1234449CVE-2024-47606 at SUSECVE-2024-47606 at NVDcpe:/o:suse:sle-micro:5.4Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.4
This update for dnsmasq fixes the following issues:
- Version update to 2.90:
- CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823)
- CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826)
- CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232. (bsc#1209358)
ImportantSUSE bug 1200344SUSE bug 1207174SUSE bug 1209358SUSE bug 1214884SUSE bug 1219823SUSE bug 1219826CVE-2023-28450 at SUSECVE-2023-28450 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:sle-micro:5.4Security update for pam_pkcs11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062).
- CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to
crash (bsc#1237058).
ModerateSUSE bug 1237058SUSE bug 1237062CVE-2025-24031 at SUSECVE-2025-24031 at NVDCVE-2025-24032 at SUSECVE-2025-24032 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
ModerateSUSE bug 1229685SUSE bug 1229822SUSE bug 1230078SUSE bug 1235695SUSE bug 1236151SUSE bug 1237137CVE-2024-43790 at SUSECVE-2024-43790 at NVDCVE-2024-43802 at SUSECVE-2024-43802 at NVDCVE-2024-45306 at SUSECVE-2024-45306 at NVDCVE-2025-1215 at SUSECVE-2025-1215 at NVDCVE-2025-22134 at SUSECVE-2025-22134 at NVDCVE-2025-24014 at SUSECVE-2025-24014 at NVDcpe:/o:suse:sle-micro:5.4Security update for procps (Important)SUSE Linux Enterprise Micro 5.4
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
ImportantSUSE bug 1214290SUSE bug 1236842CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
ImportantSUSE bug 1237363SUSE bug 1237370SUSE bug 1237418CVE-2024-56171 at SUSECVE-2024-56171 at NVDCVE-2025-24928 at SUSECVE-2025-24928 at NVDCVE-2025-27113 at SUSECVE-2025-27113 at NVDcpe:/o:suse:sle-micro:5.4Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libX11 fixes the following issues:
- CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in
XkbChangeTypesOfKey() (bsc#1237431).
ModerateSUSE bug 1237431CVE-2025-26597 at SUSECVE-2025-26597 at NVDcpe:/o:suse:sle-micro:5.4Security update for u-boot (Moderate)SUSE Linux Enterprise Micro 5.4
This update for u-boot fixes the following issues:
- CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284).
- CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).
ModerateSUSE bug 1237284SUSE bug 1237287CVE-2024-57256 at SUSECVE-2024-57256 at NVDCVE-2024-57258 at SUSECVE-2024-57258 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
ModerateSUSE bug 1236974CVE-2024-12243 at SUSECVE-2024-12243 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
ModerateSUSE bug 1234089SUSE bug 1237335CVE-2024-29018 at SUSECVE-2024-29018 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Important)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
ImportantSUSE bug 1237641CVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.4Recommended update for python3-M2Crypto (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3-M2Crypto fixes the following issues:
- Fix spelling of BSD-2-Clause license.
- Update to 0.44.0:
- The real license is BSD 2-Clause, not MIT.
- Remove python-M2Crypto.keyring, because PyPI broke GPG support
- Build for modern python stack on SLE/Leap
- require setuptools
- Make tests running again.
- Remove unnecessary fdupes call
- Add python-typing as a dependency
- SLE12 requires swig3 for a successful build, too ModerateSUSE bug 1205042SUSE bug 1231589SUSE bug 1236664CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1224700SUSE bug 1225742SUSE bug 1232905SUSE bug 1232919SUSE bug 1234154SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236661SUSE bug 1236675SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1224700SUSE bug 1225742SUSE bug 1232905SUSE bug 1232919SUSE bug 1234154SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236661SUSE bug 1236675SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.4Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libarchive fixes the following issues:
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).
ModerateSUSE bug 1238610CVE-2025-25724 at SUSECVE-2025-25724 at NVDcpe:/o:suse:sle-micro:5.4Security update for freetype2 (Important)SUSE Linux Enterprise Micro 5.4
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
ImportantSUSE bug 1239465CVE-2025-27363 at SUSECVE-2025-27363 at NVDcpe:/o:suse:sle-micro:5.4Security update for salt (Important)SUSE Linux Enterprise Micro 5.4
This update for salt fixes the following issues:
- Security issues fixed:
* CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904)
* CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400)
- Made syntax in httputil_test compatible with Python 3.6
- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Improved wheel key.finger call (bsc#1240532)
- Improved utils.find_json function (bsc#1246130)
- Extended warn_until period to 2027
ImportantSUSE bug 1240532SUSE bug 1246130SUSE bug 1254325SUSE bug 1254400SUSE bug 1254903SUSE bug 1254904SUSE bug 1254905CVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-67724 at SUSECVE-2025-67724 at NVDCVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.4Security update for systemd (Important)SUSE Linux Enterprise Micro 5.4
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user@.service
ImportantSUSE bug 1259418SUSE bug 1259650SUSE bug 1259697CVE-2026-29111 at SUSECVE-2026-29111 at NVDCVE-2026-4105 at SUSECVE-2026-4105 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
ModerateSUSE bug 1254670SUSE bug 1259619CVE-2025-70873 at SUSECVE-2025-70873 at NVDCVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
ModerateSUSE bug 1254867SUSE bug 1259829CVE-2025-66471 at SUSECVE-2025-66471 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ImportantSUSE bug 1257181CVE-2026-1299 at SUSECVE-2026-1299 at NVDcpe:/o:suse:sle-micro:5.4Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: Fixed crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
- CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052)
- CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053)
- CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054)
- CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault
- CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056)
ModerateSUSE bug 1246602SUSE bug 1258229SUSE bug 1259051SUSE bug 1259052SUSE bug 1259053SUSE bug 1259054SUSE bug 1259055SUSE bug 1259056CVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2026-26269 at SUSECVE-2026-26269 at NVDCVE-2026-28417 at SUSECVE-2026-28417 at NVDCVE-2026-28418 at SUSECVE-2026-28418 at NVDCVE-2026-28419 at SUSECVE-2026-28419 at NVDCVE-2026-28420 at SUSECVE-2026-28420 at NVDCVE-2026-28421 at SUSECVE-2026-28421 at NVDCVE-2026-28422 at SUSECVE-2026-28422 at NVDcpe:/o:suse:sle-micro:5.4Security update for containerd (Important)SUSE Linux Enterprise Micro 5.4
This update for containerd rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
(bsc#1256645).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non security issues were fixed:
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
ImportantSUSE bug 1220137SUSE bug 1220144SUSE bug 1223007SUSE bug 1231084SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1238917SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1252785SUSE bug 1253028SUSE bug 1253409SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254767SUSE bug 1255075SUSE bug 1255171SUSE bug 1256623SUSE bug 1256645SUSE bug 1256726SUSE bug 1256792SUSE bug 1257231SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1257749SUSE bug 1257771SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.4
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
ImportantSUSE bug 1259803CVE-2026-30922 at SUSECVE-2026-30922 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Important)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
ImportantSUSE bug 1259711SUSE bug 1259726SUSE bug 1259729CVE-2026-32776 at SUSECVE-2026-32776 at NVDCVE-2026-32777 at SUSECVE-2026-32777 at NVDCVE-2026-32778 at SUSECVE-2026-32778 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issues:
- CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
- incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes
(bsc#1259630).
ImportantSUSE bug 1254905SUSE bug 1259553SUSE bug 1259630CVE-2026-31958 at SUSECVE-2026-31958 at NVDcpe:/o:suse:sle-micro:5.4Security update for tar (Important)SUSE Linux Enterprise Micro 5.4
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
ImportantSUSE bug 1246399CVE-2025-45582 at SUSECVE-2025-45582 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issue:
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
ModerateSUSE bug 1256418CVE-2026-0716 at SUSECVE-2026-0716 at NVDcpe:/o:suse:sle-micro:5.4Security update for ignition (Important)SUSE Linux Enterprise Micro 5.4
This update for ignition fixes the following issue:
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260251)
ImportantSUSE bug 1260251CVE-2026-33186 at SUSECVE-2026-33186 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:sle-micro:5.4Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.4
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
ImportantSUSE bug 1259845CVE-2026-27135 at SUSECVE-2026-27135 at NVDcpe:/o:suse:sle-micro:5.4Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.4
This update for podman fixes the following issues:
- CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an
out-of-bounds read with non validated message size (bsc#1253993)
ModerateSUSE bug 1253993CVE-2025-47914 at SUSECVE-2025-47914 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:sle-micro:5.4Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.4
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
ImportantSUSE bug 1218680CVE-2022-36765 at SUSECVE-2022-36765 at NVDcpe:/o:suse:sle-micro:5.4Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.4
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
ImportantSUSE bug 1255715SUSE bug 1256244SUSE bug 1256246SUSE bug 1256390CVE-2025-68973 at SUSECVE-2025-68973 at NVDcpe:/o:suse:sle-micro:5.4Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.4
This update for kernel-firmware fixes the following issues:
- Update AMD CPU ucode to 20251203 (bsc#1256483)
ImportantSUSE bug 1256483cpe:/o:suse:sle-micro:5.4Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issues:
- CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905).
- CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904).
ImportantSUSE bug 1254904SUSE bug 1254905CVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
ModerateSUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDcpe:/o:suse:sle-micro:5.4Security update for libtasn1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
ModerateSUSE bug 1256341CVE-2025-13151 at SUSECVE-2025-13151 at NVDcpe:/o:suse:sle-micro:5.4Security update for net-snmp (Important)SUSE Linux Enterprise Micro 5.4
This update for net-snmp fixes the following issues:
- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491)
ImportantSUSE bug 1255491CVE-2025-68615 at SUSECVE-2025-68615 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
ImportantSUSE bug 1254876SUSE bug 1256399CVE-2025-14523 at SUSECVE-2025-14523 at NVDCVE-2026-0719 at SUSECVE-2026-0719 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
ModerateSUSE bug 1254400SUSE bug 1254401SUSE bug 1254997CVE-2025-12084 at SUSECVE-2025-12084 at NVDCVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-13837 at SUSECVE-2025-13837 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033)
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-3 (Critical)SUSE Linux Enterprise Micro 5.4
This update for openssl-3 fixes the following issues:
- CVE-2025-15467: Stack buffer overflow in CMS AuthEnvelopedData parsing (bsc#1256830).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
CriticalSUSE bug 1256830SUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-15467 at SUSECVE-2025-15467 at NVDCVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.4Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
ModerateSUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).
ModerateSUSE bug 1255764SUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDCVE-2025-69277 at SUSECVE-2025-69277 at NVDcpe:/o:suse:sle-micro:5.4Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libvirt fixes the following issues:
Security fixes:
- CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
- CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)
Other fixes:
- libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)
ModerateSUSE bug 1251822SUSE bug 1253278SUSE bug 1253703CVE-2025-12748 at SUSECVE-2025-12748 at NVDCVE-2025-13193 at SUSECVE-2025-13193 at NVDcpe:/o:suse:sle-micro:5.4Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.4
This update for xen fixes the following issues:
Security fixes:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
device unplug allow PV guests to access memory of devices no
longer assigned to it (XSA-476) (bsc#1252692)
Other fixes:
- Fixed virtxend service restart. Caused by a failure to start
xenstored (bsc#1254180)
ModerateSUSE bug 1252692SUSE bug 1254180SUSE bug 1256745SUSE bug 1256747CVE-2025-58149 at SUSECVE-2025-58149 at NVDCVE-2025-58150 at SUSECVE-2025-58150 at NVDCVE-2026-23553 at SUSECVE-2026-23553 at NVDcpe:/o:suse:sle-micro:5.4Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.4
This update for rsync fixes the following issues:
- CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441)
ModerateSUSE bug 1254441CVE-2025-10158 at SUSECVE-2025-10158 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
The following non security issues were fixed:
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1228015SUSE bug 1230185SUSE bug 1238896SUSE bug 1242006SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1249871SUSE bug 1250397SUSE bug 1252046SUSE bug 1252678SUSE bug 1253409SUSE bug 1253702SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254625SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254842SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254959SUSE bug 1254974SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255163SUSE bug 1255165SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255594SUSE bug 1255600SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255762SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255889SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255908SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255919SUSE bug 1255922SUSE bug 1255925SUSE bug 1255939SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256074SUSE bug 1256081SUSE bug 1256086SUSE bug 1256091SUSE bug 1256093SUSE bug 1256095SUSE bug 1256099SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256145SUSE bug 1256149SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256165SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256215SUSE bug 1256216SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256295SUSE bug 1256300SUSE bug 1256306SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256353SUSE bug 1256355SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432SUSE bug 1256582SUSE bug 1256612SUSE bug 1256641SUSE bug 1256744SUSE bug 1256779CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36348 at SUSECVE-2024-36348 at NVDCVE-2024-36349 at SUSECVE-2024-36349 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68771 at SUSECVE-2025-68771 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2023-1544: out-of-bounds read in VMWare's paravirtual RDMA device operations can be exploited through a malicious
guest driver to crash the QEMU process on the host (bsc#1209554).
- CVE-2024-6505: heap-based buffer overflow in the virtio-net device operations can be exploited by a malicious
privileged user to crash the QEMU process on the host (bsc#1227397).
- CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious
guest user to crash the QEMU process on the host (bsc#1253002).
Other updates and bugfixes:
- [openSUSE][RPM] spec: require qemu-hw-display-virtio-gpu-pci for x86 too.
- [openSUSE][RPM} spec: delete old specfile constructs.
- block/curl: fix curl internal handles handling (bsc#1252768).
- [openSUSE][RPM]: really fix *-virtio-gpu-pci dependency on ARM (bsc#1254286).
ImportantSUSE bug 1209554SUSE bug 1227397SUSE bug 1252768SUSE bug 1253002SUSE bug 1254286CVE-2023-1544 at SUSECVE-2023-1544 at NVDCVE-2024-6505 at SUSECVE-2024-6505 at NVDCVE-2025-12464 at SUSECVE-2025-12464 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.4
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
ImportantSUSE bug 1256902CVE-2026-23490 at SUSECVE-2026-23490 at NVDcpe:/o:suse:sle-micro:5.4Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
ModerateSUSE bug 1248586SUSE bug 1254670CVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.4
This update for qemu fixes the following issues:
- CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984).
ImportantSUSE bug 1250984CVE-2025-11234 at SUSECVE-2025-11234 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozjs60 fixes the following issues:
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)
ModerateSUSE bug 1230036SUSE bug 1230037SUSE bug 1230038SUSE bug 1232602CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDCVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-urllib3_1 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
ModerateSUSE bug 1254866SUSE bug 1254867SUSE bug 1256331CVE-2025-66418 at SUSECVE-2025-66418 at NVDCVE-2025-66471 at SUSECVE-2025-66471 at NVDCVE-2026-21441 at SUSECVE-2026-21441 at NVDcpe:/o:suse:sle-micro:5.4Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.4
This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
ImportantSUSE bug 1257908CVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sle-micro:5.4Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.4
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
ImportantSUSE bug 1257049CVE-2026-0988 at SUSECVE-2026-0988 at NVDcpe:/o:suse:sle-micro:5.4Security update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda (Important)SUSE Linux Enterprise Micro 5.4
This update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
- updated CUDA variant to version 580.126.09
- update non-CUDA variant to version 580.126.09 (bsc#1255858)
- update non-CUDA variant to version 580.119.02 (bsc#1254801)
Changes in nvidia-persistenced.cuda:
- update to version 580.126.09
Changes in nvidia-modprobe.cuda:
- update to version 580.126.09
ImportantSUSE bug 1254801SUSE bug 1255858cpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer
overflow (bsc#1257598).
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
ImportantSUSE bug 1243422SUSE bug 1256418SUSE bug 1257598CVE-2025-4476 at SUSECVE-2025-4476 at NVDCVE-2026-0716 at SUSECVE-2026-0716 at NVDCVE-2026-1761 at SUSECVE-2026-1761 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
ModerateSUSE bug 1255731SUSE bug 1255732SUSE bug 1255733SUSE bug 1255734SUSE bug 1256105CVE-2025-14017 at SUSECVE-2025-14017 at NVDCVE-2025-14524 at SUSECVE-2025-14524 at NVDCVE-2025-14819 at SUSECVE-2025-14819 at NVDCVE-2025-15079 at SUSECVE-2025-15079 at NVDCVE-2025-15224 at SUSECVE-2025-15224 at NVDcpe:/o:suse:sle-micro:5.4Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.4
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
ModerateSUSE bug 1254666CVE-2025-14104 at SUSECVE-2025-14104 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpcap (Low)SUSE Linux Enterprise Micro 5.4
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
LowSUSE bug 1255765CVE-2025-11961 at SUSECVE-2025-11961 at NVDcpe:/o:suse:sle-micro:5.4Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.4
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
ModerateSUSE bug 1256498SUSE bug 1256499SUSE bug 1256500CVE-2025-68276 at SUSECVE-2025-68276 at NVDCVE-2025-68468 at SUSECVE-2025-68468 at NVDCVE-2025-68471 at SUSECVE-2025-68471 at NVDcpe:/o:suse:sle-micro:5.4Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.4
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
ImportantSUSE bug 1256525SUSE bug 1256526SUSE bug 1257364SUSE bug 1257365SUSE bug 1258020CVE-2025-28162 at SUSECVE-2025-28162 at NVDCVE-2025-28164 at SUSECVE-2025-28164 at NVDCVE-2026-22695 at SUSECVE-2026-22695 at NVDCVE-2026-22801 at SUSECVE-2026-22801 at NVDCVE-2026-25646 at SUSECVE-2026-25646 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2026-0989: Fixe a call stack exhaustion leading to application crash due to RelaxNG parser not limiting the recursion depth. (bsc#1256805, bsc#1256810)
ModerateSUSE bug 1250553SUSE bug 1256804SUSE bug 1256805SUSE bug 1256807SUSE bug 1256808SUSE bug 1256809SUSE bug 1256810SUSE bug 1256811SUSE bug 1256812SUSE bug 1257593SUSE bug 1257594SUSE bug 1257595CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2026-0989 at SUSECVE-2026-0989 at NVDCVE-2026-0990 at SUSECVE-2026-0990 at NVDCVE-2026-0992 at SUSECVE-2026-0992 at NVDCVE-2026-1757 at SUSECVE-2026-1757 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2024-28956: x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006).
- CVE-2024-36348: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36349: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36350: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-36357: x86/bugs: Add a Transient Scheduler Attacks mitigation (bsc#1238896).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
The following non security issues were fixed:
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86/CPU/AMD: Add ZenX generations flags (bsc#1238896).
- x86/its: Fix crash during dynamic its initialization (bsc#1257771).
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1220137SUSE bug 1220144SUSE bug 1223007SUSE bug 1228015SUSE bug 1230185SUSE bug 1231084SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1238896SUSE bug 1238917SUSE bug 1242006SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1249871SUSE bug 1250397SUSE bug 1252046SUSE bug 1252678SUSE bug 1252785SUSE bug 1253028SUSE bug 1253409SUSE bug 1253702SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254625SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254767SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254842SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254959SUSE bug 1254974SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255163SUSE bug 1255165SUSE bug 1255171SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255594SUSE bug 1255600SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255762SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255889SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255908SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255919SUSE bug 1255922SUSE bug 1255925SUSE bug 1255939SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256074SUSE bug 1256081SUSE bug 1256086SUSE bug 1256091SUSE bug 1256093SUSE bug 1256095SUSE bug 1256099SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256145SUSE bug 1256149SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256165SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256215SUSE bug 1256216SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256295SUSE bug 1256300SUSE bug 1256306SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256353SUSE bug 1256355SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432SUSE bug 1256582SUSE bug 1256612SUSE bug 1256623SUSE bug 1256641SUSE bug 1256726SUSE bug 1256744SUSE bug 1256779SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473SUSE bug 1257749SUSE bug 1257771SUSE bug 1257790CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-36348 at SUSECVE-2024-36348 at NVDCVE-2024-36349 at SUSECVE-2024-36349 at NVDCVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDcpe:/o:suse:sle-micro:5.4Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.4
This update for protobuf fixes the following issues:i
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.4Security update for python3 (Important)SUSE Linux Enterprise Micro 5.4
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
ImportantSUSE bug 1257029SUSE bug 1257031SUSE bug 1257041SUSE bug 1257042SUSE bug 1257044SUSE bug 1257046CVE-2025-11468 at SUSECVE-2025-11468 at NVDCVE-2025-15282 at SUSECVE-2025-15282 at NVDCVE-2025-15366 at SUSECVE-2025-15366 at NVDCVE-2025-15367 at SUSECVE-2025-15367 at NVDCVE-2026-0672 at SUSECVE-2026-0672 at NVDCVE-2026-0865 at SUSECVE-2026-0865 at NVDcpe:/o:suse:sle-micro:5.4Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.4
This update for docker fixes the following issues:
- CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904)
ModerateSUSE bug 1253904CVE-2025-58181 at SUSECVE-2025-58181 at NVDcpe:/o:suse:sle-micro:5.4Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.4
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for
some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
ImportantSUSE bug 1229129SUSE bug 1258046CVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2025-31648 at SUSECVE-2025-31648 at NVDcpe:/o:suse:sle-micro:5.4Security update for gpg2 (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
ModerateSUSE bug 1256389cpe:/o:suse:sle-micro:5.4Security update for shim (Moderate)SUSE Linux Enterprise Micro 5.4
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
ModerateSUSE bug 1240871SUSE bug 1247432CVE-2024-2312 at SUSECVE-2024-2312 at NVDcpe:/o:suse:sle-micro:5.4Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.4
This update for libxslt fixes the following issues:
- CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553).
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:sle-micro:5.4Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.4
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
ModerateSUSE bug 1258568CVE-2026-2781 at SUSECVE-2026-2781 at NVDcpe:/o:suse:sle-micro:5.4Security update for openCryptoki (Moderate)SUSE Linux Enterprise Micro 5.4
This update for openCryptoki fixes the following issues:
- CVE-2026-23893: Fixed privilege escalation or data exposure via symlink following (bsc#1257116)
ModerateSUSE bug 1257116CVE-2026-23893 at SUSECVE-2026-23893 at NVDcpe:/o:suse:sle-micro:5.4Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.4
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
ModerateSUSE bug 1257144SUSE bug 1257496CVE-2026-24515 at SUSECVE-2026-24515 at NVDCVE-2026-25210 at SUSECVE-2026-25210 at NVDcpe:/o:suse:sle-micro:5.4Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.4
This update for libsoup2 fixes the following issues:
- CVE-2025-32049: denial of service attack to websocket server (bsc#1240751).
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
ImportantSUSE bug 1240751SUSE bug 1257398SUSE bug 1257441SUSE bug 1257597SUSE bug 1258120SUSE bug 1258170SUSE bug 1258508CVE-2025-32049 at SUSECVE-2025-32049 at NVDCVE-2026-1467 at SUSECVE-2026-1467 at NVDCVE-2026-1539 at SUSECVE-2026-1539 at NVDCVE-2026-1760 at SUSECVE-2026-1760 at NVDCVE-2026-2369 at SUSECVE-2026-2369 at NVDCVE-2026-2443 at SUSECVE-2026-2443 at NVDCVE-2026-2708 at SUSECVE-2026-2708 at NVDcpe:/o:suse:sle-micro:5.4Security update for python-tornado (Moderate)SUSE Linux Enterprise Micro 5.4
This update for python-tornado fixes the following issue:
- CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903).
ModerateSUSE bug 1254903CVE-2025-67724 at SUSECVE-2025-67724 at NVDcpe:/o:suse:sle-micro:5.4Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.4
This update for gnutls fixes the following issues:
- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing
a large number of name constraints and subject alternative names (SANs) (bsc#1257960).
ModerateSUSE bug 1257960CVE-2025-14831 at SUSECVE-2025-14831 at NVDcpe:/o:suse:sle-micro:5.4Security update for glibc (Important)SUSE Linux Enterprise Micro 5.4
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
ImportantSUSE bug 1246965SUSE bug 1256766SUSE bug 1256822SUSE bug 1257005CVE-2025-15281 at SUSECVE-2025-15281 at NVDCVE-2025-8058 at SUSECVE-2025-8058 at NVDCVE-2026-0861 at SUSECVE-2026-0861 at NVDCVE-2026-0915 at SUSECVE-2026-0915 at NVDcpe:/o:suse:sle-micro:5.4Security update for curl (Important)SUSE Linux Enterprise Micro 5.4
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
ImportantSUSE bug 1259362SUSE bug 1259363SUSE bug 1259364SUSE bug 1259365CVE-2026-1965 at SUSECVE-2026-1965 at NVDCVE-2026-3783 at SUSECVE-2026-3783 at NVDCVE-2026-3784 at SUSECVE-2026-3784 at NVDCVE-2026-3805 at SUSECVE-2026-3805 at NVDcpe:/o:suse:sle-micro:5.4Security update for jq (Low)SUSE Linux Enterprise Micro 5.4
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
LowSUSE bug 1248600CVE-2025-9403 at SUSECVE-2025-9403 at NVDcpe:/o:suse:sle-micro:5.4Security update for runc (Important)SUSE Linux Enterprise Micro 5.4
This update for runc rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.4Security update for docker (Important)SUSE Linux Enterprise Micro 5.4
This update for docker rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.4Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.4
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
ModerateSUSE bug 1258859CVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:sle-micro:5.4Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.4
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1255075SUSE bug 1256645SUSE bug 1257231SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.4Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414).
- CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205).
- CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
Bugfixes:
- hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993)
- Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740).
ImportantSUSE bug 1179993SUSE bug 1181740SUSE bug 1207205SUSE bug 1212968SUSE bug 1213001SUSE bug 1213414CVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2023-3255 at SUSECVE-2023-3255 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:suse:sle-micro:5.5Security update for cups (Important)SUSE Linux Enterprise Micro 5.5
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:sle-micro:5.5Security update for containerd (Important)SUSE Linux Enterprise Micro 5.5
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.5Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.5
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Important)SUSE Linux Enterprise Micro 5.5
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:sle-micro:5.5Security update for libeconf (Important)SUSE Linux Enterprise Micro 5.5
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
ImportantSUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:sle-micro:5.5Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523)
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes)
- Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes).
- SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi: Allow extra bugsints (bsc#1213927).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs
- rpmsg: glink: Add check for kstrdup (git-fixes).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1203329SUSE bug 1203330SUSE bug 1205462SUSE bug 1206453SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1211220SUSE bug 1212091SUSE bug 1212142SUSE bug 1212423SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213733SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213949SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214073SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214233SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214305SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214404SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214727SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1214976SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192).
- CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523)
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes)
- Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (git-fixes).
- Revert 'scsi: qla2xxx: Fix buffer overrun' (bsc#1214928).
- Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi/severities: ignore mlx4 internal symbols
- kabi: Allow extra bugsints (bsc#1213927).
- kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025).
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs.
- rpmsg: glink: Add check for kstrdup (git-fixes).
- rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension).
- s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- s390/ipl: add eckd dump support (jsc#PED-2025).
- s390/ipl: add eckd support (jsc#PED-2023).
- s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1065729SUSE bug 1120059SUSE bug 1177719SUSE bug 1187236SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1203329SUSE bug 1203330SUSE bug 1205462SUSE bug 1206453SUSE bug 1208902SUSE bug 1208949SUSE bug 1208995SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210169SUSE bug 1210448SUSE bug 1210643SUSE bug 1211220SUSE bug 1212091SUSE bug 1212142SUSE bug 1212423SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213733SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213949SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214073SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214233SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214305SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214404SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214727SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1214813SUSE bug 1214873SUSE bug 1214928SUSE bug 1214976SUSE bug 1214988SUSE bug 1215123SUSE bug 1215124SUSE bug 1215148SUSE bug 1215221SUSE bug 1215523CVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDcpe:/o:suse:sle-micro:5.5Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.5
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:suse:sle-micro:5.5Security update for conmon (Important)SUSE Linux Enterprise Micro 5.5
This update for conmon fixes the following issues:
conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
The following non-security bugs were fixed:
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1152472SUSE bug 1202845SUSE bug 1206453SUSE bug 1213808SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215523SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Important)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
ImportantSUSE bug 1215888SUSE bug 1215889CVE-2023-38545 at SUSECVE-2023-38545 at NVDCVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:suse:sle-micro:5.5Security update for samba (Important)SUSE Linux Enterprise Micro 5.5
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905)
- CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906)
- CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
ImportantSUSE bug 1215904SUSE bug 1215905SUSE bug 1215906SUSE bug 1215907SUSE bug 1215908CVE-2023-3961 at SUSECVE-2023-3961 at NVDCVE-2023-4091 at SUSECVE-2023-4091 at NVDCVE-2023-4154 at SUSECVE-2023-4154 at NVDCVE-2023-42669 at SUSECVE-2023-42669 at NVDCVE-2023-42670 at SUSECVE-2023-42670 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- s390/ipl: add eckd dump support (jsc#PED-2025).
- s390/ipl: add eckd support (jsc#PED-2023).
- s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023).
- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1187236SUSE bug 1201284SUSE bug 1202845SUSE bug 1206453SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212639SUSE bug 1212703SUSE bug 1213534SUSE bug 1213808SUSE bug 1214022SUSE bug 1214037SUSE bug 1214040SUSE bug 1214351SUSE bug 1214479SUSE bug 1214543SUSE bug 1214635SUSE bug 1214813SUSE bug 1214873SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214945SUSE bug 1214946SUSE bug 1214947SUSE bug 1214948SUSE bug 1214949SUSE bug 1214950SUSE bug 1214951SUSE bug 1214952SUSE bug 1214953SUSE bug 1214954SUSE bug 1214955SUSE bug 1214957SUSE bug 1214958SUSE bug 1214959SUSE bug 1214961SUSE bug 1214962SUSE bug 1214963SUSE bug 1214964SUSE bug 1214965SUSE bug 1214966SUSE bug 1214967SUSE bug 1214986SUSE bug 1214988SUSE bug 1214990SUSE bug 1214991SUSE bug 1214992SUSE bug 1214993SUSE bug 1214995SUSE bug 1214997SUSE bug 1214998SUSE bug 1215115SUSE bug 1215117SUSE bug 1215123SUSE bug 1215124SUSE bug 1215148SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215322SUSE bug 1215467SUSE bug 1215581SUSE bug 1215752SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1215875SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215899SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916SUSE bug 1215941CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:suse:sle-micro:5.5Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.5
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.5Security update for cni (Important)SUSE Linux Enterprise Micro 5.5
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.5Security update for opensc (Important)SUSE Linux Enterprise Micro 5.5
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Important)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:suse:sle-micro:5.5Security update for suse-module-tools (Important)SUSE Linux Enterprise Micro 5.5
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.3:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
ImportantSUSE bug 1205767SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:suse:sle-micro:5.5Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.5
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)
ImportantSUSE bug 1201300SUSE bug 1215935SUSE bug 1215936CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDcpe:/o:suse:sle-micro:5.5Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.5
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.5Recommended update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:sle-micro:5.5Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.5
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:sle-micro:5.5Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.5
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:sle-micro:5.5Security update for zchunk (Important)SUSE Linux Enterprise Micro 5.5
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
ImportantSUSE bug 1216268CVE-2023-46228 at SUSECVE-2023-46228 at NVDcpe:/o:suse:sle-micro:5.5Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.5
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
- CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Fix metadata references
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
- Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
ImportantSUSE bug 1211162SUSE bug 1211307SUSE bug 1213772SUSE bug 1214754SUSE bug 1214874SUSE bug 1215545SUSE bug 1215921SUSE bug 1215955SUSE bug 1216062SUSE bug 1216202SUSE bug 1216322SUSE bug 1216324SUSE bug 1216333SUSE bug 1216512CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39191 at SUSECVE-2023-39191 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
ModerateSUSE bug 1212535SUSE bug 1212881SUSE bug 1212883SUSE bug 1212888SUSE bug 1213273SUSE bug 1213274SUSE bug 1213589SUSE bug 1213590SUSE bug 1214574CVE-2020-18768 at SUSECVE-2020-18768 at NVDCVE-2023-25433 at SUSECVE-2023-25433 at NVDCVE-2023-26966 at SUSECVE-2023-26966 at NVDCVE-2023-2908 at SUSECVE-2023-2908 at NVDCVE-2023-3316 at SUSECVE-2023-3316 at NVDCVE-2023-3576 at SUSECVE-2023-3576 at NVDCVE-2023-3618 at SUSECVE-2023-3618 at NVDCVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-38289 at SUSECVE-2023-38289 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
ImportantSUSE bug 1208788SUSE bug 1211162SUSE bug 1211307SUSE bug 1212423SUSE bug 1212649SUSE bug 1213705SUSE bug 1213772SUSE bug 1214754SUSE bug 1214874SUSE bug 1215095SUSE bug 1215104SUSE bug 1215523SUSE bug 1215545SUSE bug 1215921SUSE bug 1215955SUSE bug 1215986SUSE bug 1216062SUSE bug 1216202SUSE bug 1216322SUSE bug 1216323SUSE bug 1216324SUSE bug 1216333SUSE bug 1216345SUSE bug 1216512SUSE bug 1216621SUSE bug 802154CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39191 at SUSECVE-2023-39191 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:suse:sle-micro:5.5Security update for salt (Important)SUSE Linux Enterprise Micro 5.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.5Security update for salt (Important)SUSE Linux Enterprise Micro 5.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:sle-micro:5.5Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Moderate)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security issue fixed:
- CVE-2023-31022: Fixed NULL ptr deref in kernel module layer
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 535.129.03
- update firmware to version 535.113.01
Changes in nvidia-open-driver-G06-signed:
- Update to version 535.129.03
- Add a devel package so other modules can be built against this
one. [jira#PED-4964]
- disabled build of nvidia-peermem module; it's no longer needed
and never worked anyway (it was only a stub) [bsc#1211892]
- preamble: added conflict to nvidia-gfxG05-kmp to prevent users
from accidently installing conflicting proprietary kernelspace
drivers from CUDA repository
- Update to version 535.113.01
- kmp-post.sh/kmp-postun.sh:
* add/remove nosimplefb=1 kernel option in order to fix Linux
console also on sle15-sp6/Leap 15.6 kernel, which will come
with simpledrm support
ModerateSUSE bug 1211892SUSE bug 1216826CVE-2023-31022 at SUSECVE-2023-31022 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747).
- CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746).
- CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748).
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1215145SUSE bug 1215474SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748SUSE bug 1216654SUSE bug 1216807CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDCVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:sle-micro:5.5Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.5
This update for avahi fixes the following issues:
- CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947).
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
ModerateSUSE bug 1215947SUSE bug 1216419CVE-2023-38470 at SUSECVE-2023-38470 at NVDCVE-2023-38473 at SUSECVE-2023-38473 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3-setuptools (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:sle-micro:5.5Security update for fdo-client (Moderate)SUSE Linux Enterprise Micro 5.5
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
ModerateSUSE bug 1216293cpe:/o:suse:sle-micro:5.5Security update for vim (Important)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 2103, fixes the following security problems
* CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
* CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001)
* CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167)
* CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696)
* CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922)
* CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924)
* CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925)
* CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004)
* CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006)
* CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033)
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033SUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:suse:sle-micro:5.5Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.5
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.5
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:sle-micro:5.5Security update for traceroute (Moderate)SUSE Linux Enterprise Micro 5.5
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
ModerateSUSE bug 1216591CVE-2023-46316 at SUSECVE-2023-46316 at NVDcpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
Update to version 1.1.0
- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.1.0
Update to version 1.0.1
- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.1
ImportantCVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:sle-micro:5.5Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.5
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
ModerateSUSE bug 1217653CVE-2023-45539 at SUSECVE-2023-45539 at NVDcpe:/o:suse:sle-micro:5.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.58.0
- Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.0
Importantcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
ModerateSUSE bug 1217573SUSE bug 1217574CVE-2023-46218 at SUSECVE-2023-46218 at NVDCVE-2023-46219 at SUSECVE-2023-46219 at NVDcpe:/o:suse:sle-micro:5.5Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609)
- CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925)
- CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850)
- [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311)
- target/s390x: Fix the 'ignored match' case in VSTRS (bsc#1213210)
- linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)
ImportantSUSE bug 1188609SUSE bug 1212850SUSE bug 1213210SUSE bug 1213925SUSE bug 1215311CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:suse:sle-micro:5.5Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.5
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:suse:sle-micro:5.5Security update for catatonit, containerd, runc (Important)SUSE Linux Enterprise Micro 5.5
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Documentation: networking: correct possessive 'its' (bsc#1215458).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- NFS: Fix access to page->mapping (bsc#1216788).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PCI: vmd: Correct PCI Header Type Register's multi-function check (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amd: Move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Reserve fences for VM update (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Clean up clock period code (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: Print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: Use struct videomode (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/i915: Flush WC GGTT only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/msm/dsi: free TX buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/ttm: Reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: Fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: Correct allocated size for contexts (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: Return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: Split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: Support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: Uncore frequency control via TPMI (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: Provide cluster level control (bsc#1217147).
- platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147).
- platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: Display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: Move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: Use sysfs API to create attributes (bsc#1217147).
- platform/x86/intel/vsec: Add TPMI ID (bsc#1217147).
- platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: Support private data (bsc#1217147).
- platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: Fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: Add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: Prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-frequency: Move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc/perf/hv-24x7: Update domain value check (bsc#1215931).
- powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1207948SUSE bug 1210447SUSE bug 1214286SUSE bug 1214700SUSE bug 1214840SUSE bug 1214976SUSE bug 1215123SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1215802SUSE bug 1215931SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216527SUSE bug 1216584SUSE bug 1216687SUSE bug 1216693SUSE bug 1216759SUSE bug 1216788SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217095SUSE bug 1217124SUSE bug 1217140SUSE bug 1217147SUSE bug 1217195SUSE bug 1217196SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217511SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5633 at SUSECVE-2023-5633 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
- acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
- acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
- acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
- alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
- alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
- alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
- alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
- alsa: hda/realtek: add quirks for hp laptops (git-fixes).
- alsa: hda/realtek: add support dual speaker for dell (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
- alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-fixes).
- alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
- alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
- alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
- alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
- alsa: info: fix potential deadlock at disconnection (git-fixes).
- alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: add cortex-a520 cpu part definition (git-fixes)
- arm64: allow kprobes on el0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass esr_elx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out el1 ssbs emulation hook (git-fixes)
- arm64: report el1 undefs better (git-fixes)
- arm64: rework bti exception handling (git-fixes)
- arm64: rework el0 mrs emulation (git-fixes)
- arm64: rework fpac exception handling (git-fixes)
- arm64: split el0/el1 undef handlers (git-fixes)
- arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- asoc: ams-delta.c: use component after check (git-fixes).
- asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
- asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
- asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes).
- asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
- asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
- asoc: rt5650: fix the wrong result of key button (git-fixes).
- asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes).
- asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
- ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
- atl1c: work around the dma rx overflow issue (git-fixes).
- atm: iphase: do pci error checks on own line (git-fixes).
- blk-mq: do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: add device 0bda:887b to device tables (git-fixes).
- bluetooth: add device 13d3:3571 to device tables (git-fixes).
- bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
- bluetooth: btusb: add date->evt_skb is null check (git-fixes).
- bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-fixes).
- bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
- can: isotp: set max pdu size to 64 kbyte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: fix comment (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
- clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
- clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
- clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
- clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-fixes).
- clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
- clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes).
- clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() api (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
- crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
- disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures.
- dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use c syntax highlight in driver.rst (bsc#1215458).
- documentation: networking: correct possessive 'its' (bsc#1215458).
- drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-fixes).
- drm/amd/display: avoid null dereference of timing generator (git-fixes).
- drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes).
- drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
- drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
- drm/amd: move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use atrm for external devices (git-fixes).
- drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
- drm/amdgpu: remove unnecessary domain argument (git-fixes).
- drm/amdgpu: reserve fences for vm update (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-fixes).
- drm/bridge: lt8912b: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: tc358768: clean up clock period code (git-fixes).
- drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: fix bit updates (git-fixes).
- drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: use struct videomode (git-fixes).
- drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
- drm/i915: fix potential spectre vulnerability (git-fixes).
- drm/i915: flush wc ggtt only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes).
- drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: create devm device attachment (git-fixes).
- drm/mipi-dsi: create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
- drm/msm/dsi: free tx buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
- drm/panel: st7703: pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-fixes).
- drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
- drm/ttm: reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable]
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: omapfb: drop unused remove function (git-fixes).
- fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- fix termination state for idr_for_each_entry_ul() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: correct allocated size for contexts (git-fixes).
- hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
- hid: cp2112: fix duplicate workqueue initialization (git-fixes).
- hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
- hid: hyperv: remove unused struct synthhid_msg (git-fixes).
- hid: hyperv: replace one-element array with flexible-array member (git-fixes).
- hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes).
- hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
- hid: logitech-hidpp: revert 'do not restart communication if not necessary' (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
- hv_netvsc: fix race of register_netdevice_notifier and vf register (git-fixes).
- hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
- hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
- i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
- i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
- i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-fixes).
- i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and mac filter support (bsc#1215458).
- idpf: add rx splitq napi poll support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: add sriov support and other ndo_ops (bsc#1215458).
- idpf: add tx splitq napi poll support (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for rx queues (bsc#1215458).
- idpf: configure resources for tx queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-fixes).
- iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-fixes).
- input: xpad - add vid for turtle beach controllers (git-fixes).
- irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well.
- kernel-source: move provides after sources
- kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
- leds: pwm: do not disable the pwm when the led should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: do not use smbus calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: correctly initialise try compose rectangle (git-fixes).
- media: ccs: fix driver quirk struct documentation (git-fixes).
- media: cedrus: fix clock/reset sequence (git-fixes).
- media: cobalt: use field_get() to extract link width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-fixes).
- mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: fix double put in dln2_probe (git-fixes).
- misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes).
- mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
- mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
- mmc: block: retry commands in cqe error recovery (git-fixes).
- mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
- mmc: cqhci: increase recovery halt timeout (git-fixes).
- mmc: cqhci: warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
- mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-fixes).
- mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-fixes).
- mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee module_device_table built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
- mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes).
- net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: avoid address overwrite in kernel_connect (bsc#1216861).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nfs: fix access to page->mapping (bsc#1216788).
- nvme: update firmware version after commit (bsc#1215292).
- pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
- pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
- pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
- pci: extract ats disabling to a helper function (bsc#1215458).
- pci: exynos: do not discard .remove() callback (git-fixes).
- pci: keystone: do not discard .probe() callback (git-fixes).
- pci: keystone: do not discard .remove() callback (git-fixes).
- pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes).
- pci: tegra194: use field_get()/field_prep() with link width fields (git-fixes).
- pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
- pci: use field_get() to extract link width (git-fixes).
- pci: vmd: correct pci header type register's multi-function check (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147).
- platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147).
- platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
- platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147).
- platform/x86/intel/vsec: add tpmi id (bsc#1217147).
- platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: support private data (bsc#1217147).
- platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-fixes).
- platform/x86: wmi: fix opening of char device (git-fixes).
- platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
- pm: hibernate: use __get_safe_page() rather than touching the list (git-fixes).
- powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
- powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
- pwm: fix double shift bug (git-fixes).
- pwm: sti: reduce number of allocations and drop usage of chip_data (git-fixes).
- quota: fix slow quotaoff (bsc#1216621).
- r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
- r8152: release firmware if we have an error in probe (git-fixes).
- r8152: run the unload routine if we have errors during probe (git-fixes).
- regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
- regmap: ensure range selector registers are updated after cache sync (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- revert 'i2c: pxa: move to generic gpio recovery' (git-fixes).
- revert 'mmc: core: capture correct oemid-bits for emmc cards' (git-fixes).
- revert 'tracing: fix warning in trace_buffered_event_disable()' (bsc#1217036)
- revert amdgpu patches that caused a regression (bsc#1215802)
- rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/ so carry this in ignored_configs_re instead.
- rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler.
- rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
- run scripts/renamepatches for sle15-sp4
- s390/ap: fix ap bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086).
- s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598).
- s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731).
- scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
- scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124).
- scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
- scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: use field_get() to extract pcie capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: fix ksft print formats (git-fixes).
- selftests/resctrl: ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-fixes).
- selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: revert 'serial: exar: add support for sealevel 7xxxc serial cards' (git-fixes).
- serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
- tty: 8250: add support for additional brainboxes px cards (git-fixes).
- tty: 8250: add support for additional brainboxes uc cards (git-fixes).
- tty: 8250: add support for brainboxes up cards (git-fixes).
- tty: 8250: add support for intashield is-100 (git-fixes).
- tty: 8250: add support for intashield ix cards (git-fixes).
- tty: 8250: fix port count of px-257 (git-fixes).
- tty: 8250: fix up px-803/px-857 (git-fixes).
- tty: 8250: remove uc-257 and uc-431 (git-fixes).
- tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
- update ath11k hibernation fix patch set (bsc#1207948)
- update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-unknown (bsc#1214976 git-fixes).
- usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
- usb: chipidea: fix dma overwrite for tegra (git-fixes).
- usb: chipidea: simplify tegra dma alignment code (git-fixes).
- usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc2: write hcint with intmask applied (bsc#1214286).
- usb: dwc3: fix default mode initialization (git-fixes).
- usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
- usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: serial: option: add fibocom l7xx modules (git-fixes).
- usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
- usb: serial: option: fix fm101r-gl defines (git-fixes).
- usb: storage: set 1.50 as the lower bcddevice for older 'super top' compatibility (git-fixes).
- usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
- usb: usbip: fix stub_dev hub disconnect (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: do not touch the ce interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
- wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
- wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes).
- x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
- x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
- x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-fixes).
- x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: make hv_get_nmi_reason public (git-fixes).
- x86/sev: do not try to parse for the cc blob on non-amd hardware (git-fixes).
- x86/sev: fix calculation of end address based on number of pages (git-fixes).
- x86/sev: use the ghcb protocol when available for snp cpuid requests (git-fixes).
- x86: move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert agf log flags to unsigned (git-fixes).
- xfs: convert agi log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize ag block number formatting in ftrace output (git-fixes).
- xfs: standardize ag number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
- xhci: enable rpm on controllers that support low-power states (git-fixes).
ImportantSUSE bug 1207948SUSE bug 1210447SUSE bug 1212649SUSE bug 1214286SUSE bug 1214700SUSE bug 1214840SUSE bug 1214976SUSE bug 1215095SUSE bug 1215123SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1215802SUSE bug 1215931SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216527SUSE bug 1216584SUSE bug 1216621SUSE bug 1216687SUSE bug 1216693SUSE bug 1216759SUSE bug 1216761SUSE bug 1216788SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217095SUSE bug 1217124SUSE bug 1217140SUSE bug 1217147SUSE bug 1217195SUSE bug 1217196SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217511SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5633 at SUSECVE-2023-5633 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3-cryptography (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Important)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
ImportantSUSE bug 1199483SUSE bug 1210231SUSE bug 1211478SUSE bug 1212398SUSE bug 1214680CVE-2022-1622 at SUSECVE-2022-1622 at NVDCVE-2022-40090 at SUSECVE-2022-40090 at NVDCVE-2023-1916 at SUSECVE-2023-1916 at NVDCVE-2023-26965 at SUSECVE-2023-26965 at NVDCVE-2023-2731 at SUSECVE-2023-2731 at NVDcpe:/o:suse:sle-micro:5.5Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:suse:sle-micro:5.5Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.5
This update for avahi fixes the following issues:
- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).
ModerateSUSE bug 1216853CVE-2023-38472 at SUSECVE-2023-38472 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssh (Important)SUSE Linux Enterprise Micro 5.5
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker, rootlesskit (Important)SUSE Linux Enterprise Micro 5.5
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective (bsc#1216807).
- CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD (bsc#1216654).
Update to Xen 4.17.3 bug fix release (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1216654SUSE bug 1216807CVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:sle-micro:5.5Security update for ppp (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ModerateSUSE bug 1218251CVE-2022-4603 at SUSECVE-2022-4603 at NVDcpe:/o:suse:sle-micro:5.5Security update for jbigkit (Low)SUSE Linux Enterprise Micro 5.5
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
ModerateSUSE bug 1217277CVE-2023-5981 at SUSECVE-2023-5981 at NVDcpe:/o:suse:sle-micro:5.5Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.5
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
- CVE-2023-4641: Fixed possible password leak during passwd(1) change (bsc#1214806).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
ModerateSUSE bug 1144060SUSE bug 1176006SUSE bug 1188307SUSE bug 1203823SUSE bug 1205502SUSE bug 1206627SUSE bug 1210507SUSE bug 1213189SUSE bug 1214806CVE-2023-29383 at SUSECVE-2023-29383 at NVDCVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:suse:sle-micro:5.5Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.5
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
ModerateSUSE bug 1216594SUSE bug 1216598CVE-2023-38469 at SUSECVE-2023-38469 at NVDCVE-2023-38471 at SUSECVE-2023-38471 at NVDcpe:/o:suse:sle-micro:5.5Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libvirt fixes the following issues:
- CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815)
- CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces() (bsc#1221468).
- CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus (bsc#1221237)
- qemu: domain: Fix logic when tainting domain (bsc#1220512)
- conf: Remove some firmware validation checks (bsc#1216980)
- libxl: Fix connection to modular network daemon (bsc#1214223)
ModerateSUSE bug 1214223SUSE bug 1216980SUSE bug 1220512SUSE bug 1221237SUSE bug 1221468SUSE bug 1221815CVE-2024-1441 at SUSECVE-2024-1441 at NVDCVE-2024-2494 at SUSECVE-2024-2494 at NVDCVE-2024-2496 at SUSECVE-2024-2496 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)
ModerateSUSE bug 1027519SUSE bug 1219885SUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-46841 at SUSECVE-2023-46841 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062).
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134).
- CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484).
- CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554).
- CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065).
The following non-security bug was fixed:
- Removing in-use mediated device should fail with error message instead of hang (bsc#1205316).
ImportantSUSE bug 1205316SUSE bug 1209554SUSE bug 1218484SUSE bug 1220062SUSE bug 1220065SUSE bug 1220134CVE-2023-1544 at SUSECVE-2023-1544 at NVDCVE-2023-6693 at SUSECVE-2023-6693 at NVDCVE-2024-24474 at SUSECVE-2024-24474 at NVDCVE-2024-26327 at SUSECVE-2024-26327 at NVDCVE-2024-26328 at SUSECVE-2024-26328 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Important)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
ImportantSUSE bug 1219559SUSE bug 1221289CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-28757 at SUSECVE-2024-28757 at NVDcpe:/o:suse:sle-micro:5.5Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:suse:sle-micro:5.5Security update for c-ares (Moderate)SUSE Linux Enterprise Micro 5.5
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- KVM: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (git-fixes).
- Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (git-fixes).
- Revert 'md: unlock mddev before reap sync_thread in action_store' (git-fixes).
- Revert 'swiotlb: panic if nslabs is too small' (git-fixes).
- Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (git-fixes).
- USB: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- USB: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- USB: serial: option: add Quectel EG912Y module support (git-fixes).
- USB: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix 'rodata=on' when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: oMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: pL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kernel-source: Remove config-options.changes (jsc#PED-5021)
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up '%Ld/%Lu' which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1211162SUSE bug 1211226SUSE bug 1212139SUSE bug 1212584SUSE bug 1214117SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1215952SUSE bug 1216032SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217822SUSE bug 1217927SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218092SUSE bug 1218139SUSE bug 1218184SUSE bug 1218229SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218397SUSE bug 1218447SUSE bug 1218461SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218643CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:suse:sle-micro:5.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- rebuild against current security and bugfixes.
Importantcpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- rebuild against current security updates
- Install qemu-hw-usb-host to enable USB passthrough (bsc#1221538)
- Group together arch specific parts of the code
- Cleanup after writing config files with augtool
ImportantSUSE bug 1221538cpe:/o:suse:sle-micro:5.5Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.5
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:suse:sle-micro:5.5Security update for util-linux (Important)SUSE Linux Enterprise Micro 5.5
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1207987SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:suse:sle-micro:5.5Security update for less (Important)SUSE Linux Enterprise Micro 5.5
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
- CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747)
Other fixes:
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread (bsc#1221242)
ModerateSUSE bug 1221242SUSE bug 1221746SUSE bug 1221747CVE-2024-28834 at SUSECVE-2024-28834 at NVDCVE-2024-28835 at SUSECVE-2024-28835 at NVDcpe:/o:suse:sle-micro:5.5Security update for vim (Important)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
Updated to version 9.1.0111, fixes the following security problems
- CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235).
- CVE-2023-48236: overflow in get_number (bsc#1217329).
- CVE-2023-48237: overflow in shift_line (bsc#1217330).
- CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005).
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.17.4 (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Improve the OrdinalPodInterfaceName mechanism (bsc#1222699)
Also containers were rebuilt against the current released updates.
ImportantSUSE bug 1222699cpe:/o:suse:sle-micro:5.5Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.5
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:suse:sle-micro:5.5Security update for shim (Important)SUSE Linux Enterprise Micro 5.5
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Important)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:suse:sle-micro:5.5Security update for polkit (Low)SUSE Linux Enterprise Micro 5.5
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
LowSUSE bug 1209282cpe:/o:suse:sle-micro:5.5Security update for libssh (Important)SUSE Linux Enterprise Micro 5.5
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
ImportantSUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:suse:sle-micro:5.5Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.5
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:suse:sle-micro:5.5Security update for cockpit-wicked (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cockpit-wicked fixes the following issues:
- CVE-2023-26364: Fixed denial of service due to improper input validation during CSS parsing (bsc#1217325)
Other fixes:
- Update to version 5~git8.c06c55b.
ModerateSUSE bug 1217325CVE-2023-26364 at SUSECVE-2023-26364 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)
- CVE-2024-3446: Fixed DMA reentrancy issue leads to double free vulnerability (bsc#1222843)
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
ImportantSUSE bug 1213269SUSE bug 1218889SUSE bug 1222843SUSE bug 1222845CVE-2023-3019 at SUSECVE-2023-3019 at NVDCVE-2023-6683 at SUSECVE-2023-6683 at NVDCVE-2024-3446 at SUSECVE-2024-3446 at NVDCVE-2024-3447 at SUSECVE-2024-3447 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-idna (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:suse:sle-micro:5.5Security update for openCryptoki (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openCryptoki fixes the following issues:
Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)
* EP11: Add support for FIPS-session mode
* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)
* Bug fixes
- provide user(pkcs11) and group(pkcs11)
Upgrade to version 3.22 (jsc#PED-3361)
- CCA: Add support for the AES-XTS key type using CPACF protected keys
- p11sak: Add support for managing certificate objects
- p11sak: Add support for public sessions (no-login option)
- p11sak: Add support for logging in as SO (security Officer)
- p11sak: Add support for importing/exporting Edwards and Montgomery keys
- p11sak: Add support for importing of RSA-PSS keys and certificates
- CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different
Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)
- EP11 and CCA: Support concurrent HSM master key changes
- CCA: protected-key option
- pkcsslotd: no longer run as root user and further hardening
- p11sak: Add support for additional key types (DH, DSA, generic secret)
- p11sak: Allow wildcards in label filter
- p11sak: Allow to specify hex value for CKA_ID attribute
- p11sak: Support sorting when listing keys
- p11sak: New commands: set-key-attr, copy-key to modify and copy keys
- p11sak: New commands: import-key, export-key to import and export keys
- Remove support for --disable-locks (transactional memory)
- Updates to harden against RSA timing attacks
- Bug fixes
ModerateSUSE bug 1219217CVE-2024-0914 at SUSECVE-2024-0914 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
NOTE: This update has been retracted due to a bug in the BHI CPU sidechannel mitigation, which led to incorrect selection of other CPU mitigations.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix VA-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: Correct GPL license name (git-fixes).
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during AER recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it (git-fixes).
- drm/amd/display: Add function for validate and update new stream (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm/amd/display: Copy DC context in the commit streams (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to access PHY (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: Fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (git-fixes).
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes).
- drm/amd/display: Return the correct HDCP error code (stable-fixes).
- drm/amd/display: Revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-fixes).
- drm/amd/display: Update OTG instance in the commit stream (git-fixes).
- drm/amd/display: Update correct DCN314 register header (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy p-state (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes).
- drm/amd/display: Use min transition for all SubVP plane add/remove (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off ODM before committing more streams (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: handle range offsets in VRR ranges (stable-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (git-fixes).
- drm/amdgpu: Force order between a read and write to the same address (git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes).
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/ttm: Do not leak a resource on eviction error (git-fixes).
- drm/ttm: Do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-fixes).
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: Mark interrupt as managed (git-fixes).
- iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- iommu/vt-d: Allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: Do not issue ATS Invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes).
- kabi: PCI: Add locking to RMW PCI Express Capability Register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-commit).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion msg (git-fixes).
- make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should wait on the reshape (git-fixes).
- md: Do not ignore suspended array in md_check_recovery() (git-fixes).
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
- md: Whenassemble the array, consult the superblock of the freshest device (git-fixes).
- md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: Fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: Fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: Fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: Fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: Remove duplicate assignment (git-fixes)
- rdma/mana_ib: Fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing Eth segment (git-fixes)
- rdma/mlx5: relax DEVX access upon modify commands (git-fixes)
- rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert 'PCI: tegra194: Enable support for 256 Byte payload' (git-fixes).
- revert 'Revert 'drm/amdgpu/display: change pipe policy for DCN 2.0'' (git-fixes).
- revert 'SUNRPC dont update timeout value on connection reset' (git-fixes).
- revert 'drm/amd: Disable PSR-SU on Parade 0803 TCON' (git-fixes).
- revert 'drm/amd: Disable S/G for APUs when 64GB or more host memory' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for DCN 2.0' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for DCN 2.1' (git-fixes).
- revert 'drm/vc4: hdmi: Enforce the minimum rate at runtime_resume' (git-fixes).
- revert 'fbdev: flush deferred IO before closing (git-fixes).' (bsc#1221814)
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: Add an IS_ERR() check back to where it was (git-fixes).
- sunrpc: ECONNRESET might require a rebind (git-fixes).
- sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: Fix a suspicious RCU usage warning (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1200465SUSE bug 1205316SUSE bug 1207948SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1214852SUSE bug 1215221SUSE bug 1215322SUSE bug 1217339SUSE bug 1217829SUSE bug 1217959SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218321SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1218643SUSE bug 1218777SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1219834SUSE bug 1220114SUSE bug 1220176SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220325SUSE bug 1220328SUSE bug 1220337SUSE bug 1220340SUSE bug 1220365SUSE bug 1220366SUSE bug 1220398SUSE bug 1220411SUSE bug 1220413SUSE bug 1220433SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220469SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220492SUSE bug 1220703SUSE bug 1220735SUSE bug 1220736SUSE bug 1220775SUSE bug 1220790SUSE bug 1220797SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220845SUSE bug 1220848SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220883SUSE bug 1220885SUSE bug 1220887SUSE bug 1220898SUSE bug 1220917SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1220933SUSE bug 1220937SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221044SUSE bug 1221045SUSE bug 1221046SUSE bug 1221048SUSE bug 1221055SUSE bug 1221056SUSE bug 1221058SUSE bug 1221060SUSE bug 1221061SUSE bug 1221062SUSE bug 1221066SUSE bug 1221067SUSE bug 1221068SUSE bug 1221069SUSE bug 1221070SUSE bug 1221071SUSE bug 1221077SUSE bug 1221082SUSE bug 1221090SUSE bug 1221097SUSE bug 1221156SUSE bug 1221252SUSE bug 1221273SUSE bug 1221274SUSE bug 1221276SUSE bug 1221277SUSE bug 1221291SUSE bug 1221293SUSE bug 1221298SUSE bug 1221337SUSE bug 1221338SUSE bug 1221375SUSE bug 1221379SUSE bug 1221551SUSE bug 1221553SUSE bug 1221613SUSE bug 1221614SUSE bug 1221616SUSE bug 1221618SUSE bug 1221631SUSE bug 1221633SUSE bug 1221713SUSE bug 1221725SUSE bug 1221777SUSE bug 1221814SUSE bug 1221816SUSE bug 1221830SUSE bug 1221951SUSE bug 1222033SUSE bug 1222056SUSE bug 1222060SUSE bug 1222070SUSE bug 1222073SUSE bug 1222117SUSE bug 1222274SUSE bug 1222291SUSE bug 1222300SUSE bug 1222304SUSE bug 1222317SUSE bug 1222331SUSE bug 1222355SUSE bug 1222356SUSE bug 1222360SUSE bug 1222366SUSE bug 1222373SUSE bug 1222619SUSE bug 1222952CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2022-48628 at SUSECVE-2022-48628 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52453 at SUSECVE-2023-52453 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52462 at SUSECVE-2023-52462 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52481 at SUSECVE-2023-52481 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52486 at SUSECVE-2023-52486 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52493 at SUSECVE-2023-52493 at NVDCVE-2023-52494 at SUSECVE-2023-52494 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52518 at SUSECVE-2023-52518 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-52563 at SUSECVE-2023-52563 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52587 at SUSECVE-2023-52587 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52594 at SUSECVE-2023-52594 at NVDCVE-2023-52595 at SUSECVE-2023-52595 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52598 at SUSECVE-2023-52598 at NVDCVE-2023-52599 at SUSECVE-2023-52599 at NVDCVE-2023-52600 at SUSECVE-2023-52600 at NVDCVE-2023-52601 at SUSECVE-2023-52601 at NVDCVE-2023-52602 at SUSECVE-2023-52602 at NVDCVE-2023-52603 at SUSECVE-2023-52603 at NVDCVE-2023-52604 at SUSECVE-2023-52604 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52606 at SUSECVE-2023-52606 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52608 at SUSECVE-2023-52608 at NVDCVE-2023-52612 at SUSECVE-2023-52612 at NVDCVE-2023-52615 at SUSECVE-2023-52615 at NVDCVE-2023-52617 at SUSECVE-2023-52617 at NVDCVE-2023-52619 at SUSECVE-2023-52619 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-52623 at SUSECVE-2023-52623 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-52632 at SUSECVE-2023-52632 at NVDCVE-2023-52637 at SUSECVE-2023-52637 at NVDCVE-2023-52639 at SUSECVE-2023-52639 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-25739 at SUSECVE-2024-25739 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26599 at SUSECVE-2024-26599 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26612 at SUSECVE-2024-26612 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26620 at SUSECVE-2024-26620 at NVDCVE-2024-26627 at SUSECVE-2024-26627 at NVDCVE-2024-26629 at SUSECVE-2024-26629 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26645 at SUSECVE-2024-26645 at NVDCVE-2024-26646 at SUSECVE-2024-26646 at NVDCVE-2024-26651 at SUSECVE-2024-26651 at NVDCVE-2024-26654 at SUSECVE-2024-26654 at NVDCVE-2024-26659 at SUSECVE-2024-26659 at NVDCVE-2024-26664 at SUSECVE-2024-26664 at NVDCVE-2024-26667 at SUSECVE-2024-26667 at NVDCVE-2024-26670 at SUSECVE-2024-26670 at NVDCVE-2024-26695 at SUSECVE-2024-26695 at NVDCVE-2024-26717 at SUSECVE-2024-26717 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes)
- arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes)
- arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix va-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: initialize backlight_properties on init (git-fixes).
- backlight: lm3639: fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: correct gpl license name (git-fixes).
- bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant null check (git-fixes).
- clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: do not access trcidr1 for identification (bsc#1220775)
- coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775)
- coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during aer recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/readme.suse: update information about module support status (jsc#ped-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: add fams validation before trying to use it (git-fixes).
- drm/amd/display: add fb_damage_clips support (git-fixes).
- drm/amd/display: add function for validate and update new stream (git-fixes).
- drm/amd/display: add odm case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off odm before committing more streams (git-fixes).
- drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes).
- drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes).
- drm/amd/display: check if link state is valid (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: copy dc context in the commit streams (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes).
- drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes).
- drm/amd/display: enable new commit sequence only for dcn32x (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes).
- drm/amd/display: expand kernel doc for dc (git-fixes).
- drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: fix abm disablement (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: fix the delta clamping for shaper lut (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: guard against invalid rptr/wptr being set (git-fixes).
- drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes).
- drm/amd/display: handle range offsets in vrr ranges (stable-fixes).
- drm/amd/display: handle seamless boot stream (git-fixes).
- drm/amd/display: handle virtual hardware detect (git-fixes).
- drm/amd/display: include surface of unaffected streams (git-fixes).
- drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes).
- drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes).
- drm/amd/display: keep phy active for dp config (git-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes).
- drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes).
- drm/amd/display: return the correct hdcp error code (stable-fixes).
- drm/amd/display: revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: rework comments on dc file (git-fixes).
- drm/amd/display: rework context change check (git-fixes).
- drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes).
- drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update correct dcn314 register header (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes).
- drm/amd/display: update otg instance in the commit stream (git-fixes).
- drm/amd/display: use dram speed from validation for dummy p-state (git-fixes).
- drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/display: use min transition for all subvp plane add/remove (git-fixes).
- drm/amd/display: write to correct dirty_rect (git-fixes).
- drm/amd/display: wrong colorimetry workaround (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/pm: fix error of maco flag setting code (git-fixes).
- drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes).
- drm/amd: enable pcie pme from d3 (git-fixes).
- drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes).
- drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes).
- drm/amdgpu: force order between a read and write to the same address (git-fixes).
- drm/amdgpu: lower cs errors to debug severity (git-fixes).
- drm/amdgpu: match against exact bootloader status (git-fixes).
- drm/amdgpu: unset context priority is now invalid (git-fixes).
- drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes).
- drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: add quirk for osvr hdk 2.0 (git-fixes).
- drm/etnaviv: restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes).
- drm/i915/gt: reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes).
- drm/i915: add missing ccs documentation (git-fixes).
- drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes).
- drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes).
- drm/msm/dpu: improve dsc allocation (git-fixes).
- drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant null check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: fix initial plane zpos values (git-fixes).
- drm/tidss: fix sync-lost issue with two displays (git-fixes).
- drm/ttm: do not leak a resource on eviction error (git-fixes).
- drm/ttm: do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes).
- drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775)
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes).
- hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes).
- i2c: aspeed: fix the dummy irq expected print (git-fixes).
- i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: mark interrupt as managed (git-fixes).
- iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: fix forever loop in error handling (git-fixes).
- iommu/vt-d: allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: fix pasid directory pointer coherency (git-fixes).
- iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes).
- kabi: pci: add locking to rmw pci express capability register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit).
- leds: aw2013: unlock mutex before destroying it (git-fixes).
- lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes).
- make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes).
- md: do not ignore suspended array in md_check_recovery() (git-fixes).
- md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- md: make sure md_do_sync() will set md_recovery_done (git-fixes).
- md: whenassemble the array, consult the superblock of the freshest device (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant null check (git-fixes).
- media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: fix chroma difference threshold (git-fixes).
- media: sun8i-di: fix coefficient writes (git-fixes).
- media: sun8i-di: fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: fix printing of stack records (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm,page_owner: fix refcount imbalance (bsc#1222366).
- mm,page_owner: update metadata for tail pages (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: avoid negative index with array access (git-fixes).
- mmc: core: fix switch on gp3 partition (git-fixes).
- mmc: core: initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime pm count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: fix rx dma datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using rcu properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: remove duplicate assignment (git-fixes)
- rdma/mana_ib: fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes)
- rdma/mlx5: relax devx access upon modify commands (git-fixes)
- rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes).
- revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes).
- revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes).
- revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814)
- revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes).
- revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes).
- revert 'sunrpc dont update timeout value on connection reset' (git-fixes).
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: add an is_err() check back to where it was (git-fixes).
- sunrpc: econnreset might require a rebind (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix a suspicious rcu usage warning (git-fixes).
- sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1200465SUSE bug 1205316SUSE bug 1207948SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1214852SUSE bug 1215221SUSE bug 1215322SUSE bug 1217339SUSE bug 1217829SUSE bug 1217959SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218321SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1218643SUSE bug 1218777SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1219443SUSE bug 1219834SUSE bug 1220114SUSE bug 1220176SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220325SUSE bug 1220328SUSE bug 1220337SUSE bug 1220340SUSE bug 1220365SUSE bug 1220366SUSE bug 1220393SUSE bug 1220398SUSE bug 1220411SUSE bug 1220413SUSE bug 1220433SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220469SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220492SUSE bug 1220703SUSE bug 1220735SUSE bug 1220736SUSE bug 1220775SUSE bug 1220790SUSE bug 1220797SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220845SUSE bug 1220848SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220883SUSE bug 1220885SUSE bug 1220887SUSE bug 1220898SUSE bug 1220917SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1220933SUSE bug 1220937SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221044SUSE bug 1221045SUSE bug 1221046SUSE bug 1221048SUSE bug 1221055SUSE bug 1221056SUSE bug 1221058SUSE bug 1221060SUSE bug 1221061SUSE bug 1221062SUSE bug 1221066SUSE bug 1221067SUSE bug 1221068SUSE bug 1221069SUSE bug 1221070SUSE bug 1221071SUSE bug 1221077SUSE bug 1221082SUSE bug 1221090SUSE bug 1221097SUSE bug 1221156SUSE bug 1221252SUSE bug 1221273SUSE bug 1221274SUSE bug 1221276SUSE bug 1221277SUSE bug 1221291SUSE bug 1221293SUSE bug 1221298SUSE bug 1221337SUSE bug 1221338SUSE bug 1221375SUSE bug 1221379SUSE bug 1221551SUSE bug 1221553SUSE bug 1221613SUSE bug 1221614SUSE bug 1221616SUSE bug 1221618SUSE bug 1221631SUSE bug 1221633SUSE bug 1221713SUSE bug 1221725SUSE bug 1221777SUSE bug 1221814SUSE bug 1221816SUSE bug 1221830SUSE bug 1221951SUSE bug 1222033SUSE bug 1222056SUSE bug 1222060SUSE bug 1222070SUSE bug 1222073SUSE bug 1222117SUSE bug 1222274SUSE bug 1222291SUSE bug 1222300SUSE bug 1222304SUSE bug 1222317SUSE bug 1222331SUSE bug 1222355SUSE bug 1222356SUSE bug 1222360SUSE bug 1222366SUSE bug 1222373SUSE bug 1222619SUSE bug 1222952CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2022-48628 at SUSECVE-2022-48628 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52453 at SUSECVE-2023-52453 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52462 at SUSECVE-2023-52462 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52481 at SUSECVE-2023-52481 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52486 at SUSECVE-2023-52486 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52493 at SUSECVE-2023-52493 at NVDCVE-2023-52494 at SUSECVE-2023-52494 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52518 at SUSECVE-2023-52518 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-52563 at SUSECVE-2023-52563 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52587 at SUSECVE-2023-52587 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52594 at SUSECVE-2023-52594 at NVDCVE-2023-52595 at SUSECVE-2023-52595 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52598 at SUSECVE-2023-52598 at NVDCVE-2023-52599 at SUSECVE-2023-52599 at NVDCVE-2023-52600 at SUSECVE-2023-52600 at NVDCVE-2023-52601 at SUSECVE-2023-52601 at NVDCVE-2023-52602 at SUSECVE-2023-52602 at NVDCVE-2023-52603 at SUSECVE-2023-52603 at NVDCVE-2023-52604 at SUSECVE-2023-52604 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52606 at SUSECVE-2023-52606 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52608 at SUSECVE-2023-52608 at NVDCVE-2023-52612 at SUSECVE-2023-52612 at NVDCVE-2023-52615 at SUSECVE-2023-52615 at NVDCVE-2023-52617 at SUSECVE-2023-52617 at NVDCVE-2023-52619 at SUSECVE-2023-52619 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-52623 at SUSECVE-2023-52623 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-52632 at SUSECVE-2023-52632 at NVDCVE-2023-52637 at SUSECVE-2023-52637 at NVDCVE-2023-52639 at SUSECVE-2023-52639 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-25739 at SUSECVE-2024-25739 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-25743 at SUSECVE-2024-25743 at NVDCVE-2024-26599 at SUSECVE-2024-26599 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26612 at SUSECVE-2024-26612 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26620 at SUSECVE-2024-26620 at NVDCVE-2024-26627 at SUSECVE-2024-26627 at NVDCVE-2024-26629 at SUSECVE-2024-26629 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26645 at SUSECVE-2024-26645 at NVDCVE-2024-26646 at SUSECVE-2024-26646 at NVDCVE-2024-26651 at SUSECVE-2024-26651 at NVDCVE-2024-26654 at SUSECVE-2024-26654 at NVDCVE-2024-26659 at SUSECVE-2024-26659 at NVDCVE-2024-26664 at SUSECVE-2024-26664 at NVDCVE-2024-26667 at SUSECVE-2024-26667 at NVDCVE-2024-26670 at SUSECVE-2024-26670 at NVDCVE-2024-26695 at SUSECVE-2024-26695 at NVDCVE-2024-26717 at SUSECVE-2024-26717 at NVDcpe:/o:suse:sle-micro:5.5Security update for skopeo (Important)SUSE Linux Enterprise Micro 5.5
This update for skopeo fixes the following issues:
- Update to version 1.14.2:
* [release-1.14] Bump Skopeo to v1.14.2
* [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563)
- Update to version 1.14.1:
* Bump to v1.14.1
* fix(deps): update module github.com/containers/common to v0.57.2
* fix(deps): update module github.com/containers/image/v5 to v5.29.1
* chore(deps): update dependency containers/automation_images to v20240102
* Fix libsubid detection
* fix(deps): update module golang.org/x/term to v0.16.0
* fix(deps): update golang.org/x/exp digest to 02704c9
* chore(deps): update dependency containers/automation_images to v20231208
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containers/common to v0.57.1
* fix(deps): update golang.org/x/exp digest to 6522937
* DOCS: add Gentoo in install.md
* DOCS: Update to add Arch Linux in install.md
* fix(deps): update module golang.org/x/term to v0.15.0
* Bump to v1.14.1-dev
- Update to version 1.14.0:
* Bump to v1.14.0
* fix(deps): update module github.com/containers/common to v0.57.0
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update module github.com/containers/image/v5 to v5.29.0
* Add documentation and smoke tests for the new --compat-auth-file options
* Update c/image and c/common to latest
* fix(deps): update module github.com/containers/storage to v1.51.0
* fix(deps): update module golang.org/x/term to v0.14.0
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* fix(deps): update github.com/containers/common digest to 3e5caa0
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* fix(deps): update module github.com/containers/ocicrypt to v1.1.9
* Update github.com/klauspost/compress to v1.17.2
* chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security]
* Fix ENTRYPOINT documentation, drop others.
* Remove unused environment variables in Cirrus
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* chore(deps): update dependency containers/automation_images to v20231004
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* copy: Note support for `zstd:chunked`
* fix(deps): update module golang.org/x/term to v0.13.0
* fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible
* fix(deps): update github.com/containers/common digest to 745eaa4
* Packit: switch to @containers/packit-build team for copr failure notification comments
* Packit: tag @lsm5 on copr build failures
* vendor of containers/common
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
* fix(deps): update module github.com/containers/common to v0.56.0
* Cirrus: Remove multi-arch skopeo image builds
* fix(deps): update module github.com/containers/image/v5 to v5.28.0
* Increase the golangci-lint timeout
* fix(deps): update module github.com/containers/storage to v1.50.2
* fix(deps): update module github.com/containers/storage to v1.50.1
* fix(deps): update golang.org/x/exp digest to 9212866
* Fix a man page link
* fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
* GHA: Closed issue/PR comment-lock test
* fix(deps): update module github.com/containers/common to v0.55.4
* fix(deps): update module github.com/containers/storage to v1.49.0
* rpm: spdx compatible license field
* chore(deps): update dependency golangci/golangci-lint to v1.54.2
* chore(deps): update dependency containers/automation_images to v20230816
* Packit: set eln target correctly
* packit: Build PRs into default packit COPRs
* DOCS: Update Go version requirement info
* DOCS: Add information about the cross-build
* fix(deps): update module github.com/containers/ocicrypt to v1.1.8
* fix(deps): update module github.com/containers/common to v0.55.3
* Update c/image after https://github.com/containers/image/pull/2070
* chore(deps): update dependency golangci/golangci-lint to v1.54.1
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update golang.org/x/exp digest to 352e893
* chore(deps): update dependency containers/automation_images to v20230807
* Update to Go 1.19
* fix(deps): update module golang.org/x/term to v0.11.0
* Update c/image for golang.org/x/exp
* RPM: define gobuild macro for rhel/centos stream
* Fix handling the unexpected return value combination from IsRunningImageAllowed
* Close the PolicyContext, as required by the API
* Use globalOptions.getPolicyContext instead of an image-targeted SystemContext
* Packit: remove pre-sync action
* fix(deps): update module github.com/containers/common to v0.55.2
* proxy: Change the imgid to uint64
* [CI:BUILD] Packit: install golist before updating downstream spec
* Update module golang.org/x/term to v0.10.0
* Bump to v1.14.0-dev
* Bump to v1.13.0
- Bump go version to 1.21 (bsc#1215611)
- Update to version 1.13.2:
* [release-1.13] Bump to v1.13.2
* [release-1.31] Bump c/common v0.55.3
* Packit: remove pre-sync action
* [release-1.13] Bump to v1.13.2-dev
- Update to version 1.13.1:
* [release-1.13] Bump to v1.13.1
* [release-1.13] Bump c/common to v0.55.2
* [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec
* [release-1.13] Bump to v1.13.1-dev
- Update to version 1.13.0:
* Bump to v1.13.0
* proxy: Policy verification of OCI Image before pulling
* Update module github.com/opencontainers/image-spec to v1.1.0-rc4
* Update module github.com/containers/common to v0.55.1
* Update module github.com/containers/common to v0.54.0
* Update module github.com/containers/image/v5 to v5.26.0
* [CI:BUILD] RPM: fix ELN builds
* Update module github.com/containers/storage to v1.47.0
* Packit: easier to read distro conditionals
* Update dependency golangci/golangci-lint to v1.53.3
* Help Renovate manage the golangci-lint version
* Minor: Cleanup renovate configuration
* Update dependency containers/automation_images to v20230614
* Update module golang.org/x/term to v0.9.0
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* Update module github.com/sirupsen/logrus to v1.9.3
* Update dependency containers/automation_images to v20230601
* Update golang.org/x/exp digest to 2e198f4
* Update github.com/containers/image/v5 digest to e14c1c5
* Update module github.com/stretchr/testify to v1.8.4
* Update module github.com/stretchr/testify to v1.8.3
* Update dependency containers/automation_images to v20230517
* Update module github.com/sirupsen/logrus to v1.9.2
* Update module github.com/docker/distribution to v2.8.2+incompatible
* Trigger an update of the ostree_ext container image
* Update c/image with https://github.com/containers/image/pull/1944
* Update module github.com/containers/common to v0.53.0
* Update module golang.org/x/term to v0.8.0
* Update dependency containers/automation_images to v20230426
* Update golang.org/x/exp digest to 47ecfdc
* Emphasize the semantics of --preserve-digests a tiny bit
* Improve the static build documentation a tiny bit
* Bump to v1.12.1-dev
ImportantSUSE bug 1215611SUSE bug 1219563cpe:/o:suse:sle-micro:5.5Security update for rpm (Moderate)SUSE Linux Enterprise Micro 5.5
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
ModerateSUSE bug 1189495SUSE bug 1191175SUSE bug 1218686CVE-2021-3521 at SUSECVE-2021-3521 at NVDcpe:/o:suse:sle-micro:5.5Security update for sssd (Important)SUSE Linux Enterprise Micro 5.5
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:suse:sle-micro:5.5Security update for less (Important)SUSE Linux Enterprise Micro 5.5
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6606: Fixed an out-of-bounds read vulnerability in smbCalcSize in fs/smb/client/netmisc.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217947).
- CVE-2023-6610: Fixed an out-of-bounds read vulnerability in smb2_dump_detail in fs/smb/client/smb2ops.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217946).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (git-fixes).
- Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (git-fixes).
- Revert 'md: unlock mddev before reap sync_thread in action_store' (git-fixes).
- Revert 'swiotlb: panic if nslabs is too small' (git-fixes).
- Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix 'rodata=on' when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: PL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- kvm: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- usb: serial: option: add Quectel EG912Y module support (git-fixes).
- usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up '%Ld/%Lu' which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1211162SUSE bug 1211226SUSE bug 1212139SUSE bug 1212584SUSE bug 1214117SUSE bug 1214158SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1215952SUSE bug 1216032SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217822SUSE bug 1217927SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218092SUSE bug 1218139SUSE bug 1218184SUSE bug 1218229SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218397SUSE bug 1218447SUSE bug 1218461SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218643SUSE bug 1218738CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:sle-micro:5.5Security update for tpm2-0-tss (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tpm2-0-tss fixes the following issues:
- CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).
ModerateSUSE bug 1223690CVE-2024-29040 at SUSECVE-2024-29040 at NVDcpe:/o:suse:sle-micro:5.5Security update for tpm2.0-tools (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tpm2.0-tools fixes the following issues:
- CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687).
- CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689).
ModerateSUSE bug 1223687SUSE bug 1223689CVE-2024-29038 at SUSECVE-2024-29038 at NVDCVE-2024-29039 at SUSECVE-2024-29039 at NVDcpe:/o:suse:sle-micro:5.5Recommended update for google-cloud SDK (Moderate)SUSE Linux Enterprise Micro 5.5
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes).
- Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
- Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes).
- Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
- Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
- Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes).
- dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
ImportantSUSE bug 1177529SUSE bug 1192145SUSE bug 1211592SUSE bug 1217408SUSE bug 1218562SUSE bug 1218917SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220569SUSE bug 1220761SUSE bug 1220901SUSE bug 1220915SUSE bug 1220935SUSE bug 1221042SUSE bug 1221044SUSE bug 1221080SUSE bug 1221084SUSE bug 1221088SUSE bug 1221162SUSE bug 1221299SUSE bug 1221612SUSE bug 1221617SUSE bug 1221645SUSE bug 1221791SUSE bug 1221825SUSE bug 1222011SUSE bug 1222051SUSE bug 1222247SUSE bug 1222266SUSE bug 1222294SUSE bug 1222307SUSE bug 1222357SUSE bug 1222368SUSE bug 1222379SUSE bug 1222416SUSE bug 1222422SUSE bug 1222424SUSE bug 1222427SUSE bug 1222428SUSE bug 1222430SUSE bug 1222431SUSE bug 1222435SUSE bug 1222437SUSE bug 1222445SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222520SUSE bug 1222536SUSE bug 1222549SUSE bug 1222550SUSE bug 1222557SUSE bug 1222559SUSE bug 1222585SUSE bug 1222586SUSE bug 1222596SUSE bug 1222609SUSE bug 1222610SUSE bug 1222613SUSE bug 1222615SUSE bug 1222618SUSE bug 1222624SUSE bug 1222630SUSE bug 1222632SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222677SUSE bug 1222678SUSE bug 1222680SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222710SUSE bug 1222720SUSE bug 1222721SUSE bug 1222724SUSE bug 1222726SUSE bug 1222727SUSE bug 1222764SUSE bug 1222772SUSE bug 1222773SUSE bug 1222776SUSE bug 1222781SUSE bug 1222784SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222798SUSE bug 1222801SUSE bug 1222812SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1222968SUSE bug 1223012SUSE bug 1223014SUSE bug 1223016SUSE bug 1223024SUSE bug 1223030SUSE bug 1223033SUSE bug 1223034SUSE bug 1223035SUSE bug 1223036SUSE bug 1223037SUSE bug 1223041SUSE bug 1223042SUSE bug 1223051SUSE bug 1223052SUSE bug 1223056SUSE bug 1223057SUSE bug 1223058SUSE bug 1223060SUSE bug 1223061SUSE bug 1223065SUSE bug 1223066SUSE bug 1223067SUSE bug 1223068SUSE bug 1223076SUSE bug 1223078SUSE bug 1223111SUSE bug 1223115SUSE bug 1223118SUSE bug 1223187SUSE bug 1223189SUSE bug 1223190SUSE bug 1223191SUSE bug 1223196SUSE bug 1223197SUSE bug 1223198SUSE bug 1223275SUSE bug 1223323SUSE bug 1223369SUSE bug 1223380SUSE bug 1223473SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223478SUSE bug 1223479SUSE bug 1223481SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223490SUSE bug 1223496SUSE bug 1223498SUSE bug 1223499SUSE bug 1223501SUSE bug 1223502SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223511SUSE bug 1223512SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223520SUSE bug 1223522SUSE bug 1223523SUSE bug 1223525SUSE bug 1223539SUSE bug 1223574SUSE bug 1223595SUSE bug 1223598SUSE bug 1223634SUSE bug 1223643SUSE bug 1223644SUSE bug 1223645SUSE bug 1223646SUSE bug 1223648SUSE bug 1223655SUSE bug 1223657SUSE bug 1223660SUSE bug 1223661SUSE bug 1223663SUSE bug 1223664SUSE bug 1223668SUSE bug 1223686SUSE bug 1223693SUSE bug 1223705SUSE bug 1223714SUSE bug 1223735SUSE bug 1223745SUSE bug 1223784SUSE bug 1223785SUSE bug 1223790SUSE bug 1223816SUSE bug 1223821SUSE bug 1223822SUSE bug 1223824SUSE bug 1223827SUSE bug 1223834SUSE bug 1223875SUSE bug 1223876SUSE bug 1223877SUSE bug 1223878SUSE bug 1223879SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223949SUSE bug 1223950SUSE bug 1223951SUSE bug 1223952SUSE bug 1223953SUSE bug 1223956SUSE bug 1223957SUSE bug 1223960SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47214 at SUSECVE-2021-47214 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48639 at SUSECVE-2022-48639 at NVDCVE-2022-48640 at SUSECVE-2022-48640 at NVDCVE-2022-48642 at SUSECVE-2022-48642 at NVDCVE-2022-48644 at SUSECVE-2022-48644 at NVDCVE-2022-48646 at SUSECVE-2022-48646 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48658 at SUSECVE-2022-48658 at NVDCVE-2022-48659 at SUSECVE-2022-48659 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48690 at SUSECVE-2022-48690 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48698 at SUSECVE-2022-48698 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-52488 at SUSECVE-2023-52488 at NVDCVE-2023-52503 at SUSECVE-2023-52503 at NVDCVE-2023-52561 at SUSECVE-2023-52561 at NVDCVE-2023-52585 at SUSECVE-2023-52585 at NVDCVE-2023-52589 at SUSECVE-2023-52589 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52593 at SUSECVE-2023-52593 at NVDCVE-2023-52614 at SUSECVE-2023-52614 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52620 at SUSECVE-2023-52620 at NVDCVE-2023-52627 at SUSECVE-2023-52627 at NVDCVE-2023-52635 at SUSECVE-2023-52635 at NVDCVE-2023-52636 at SUSECVE-2023-52636 at NVDCVE-2023-52645 at SUSECVE-2023-52645 at NVDCVE-2023-52652 at SUSECVE-2023-52652 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26656 at SUSECVE-2024-26656 at NVDCVE-2024-26660 at SUSECVE-2024-26660 at NVDCVE-2024-26671 at SUSECVE-2024-26671 at NVDCVE-2024-26673 at SUSECVE-2024-26673 at NVDCVE-2024-26675 at SUSECVE-2024-26675 at NVDCVE-2024-26680 at SUSECVE-2024-26680 at NVDCVE-2024-26681 at SUSECVE-2024-26681 at NVDCVE-2024-26684 at SUSECVE-2024-26684 at NVDCVE-2024-26685 at SUSECVE-2024-26685 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26696 at SUSECVE-2024-26696 at NVDCVE-2024-26697 at SUSECVE-2024-26697 at NVDCVE-2024-26702 at SUSECVE-2024-26702 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26718 at SUSECVE-2024-26718 at NVDCVE-2024-26722 at SUSECVE-2024-26722 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26736 at SUSECVE-2024-26736 at NVDCVE-2024-26737 at SUSECVE-2024-26737 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26743 at SUSECVE-2024-26743 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26747 at SUSECVE-2024-26747 at NVDCVE-2024-26749 at SUSECVE-2024-26749 at NVDCVE-2024-26751 at SUSECVE-2024-26751 at NVDCVE-2024-26754 at SUSECVE-2024-26754 at NVDCVE-2024-26760 at SUSECVE-2024-26760 at NVDCVE-2024-26763 at SUSECVE-2024-26763 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26769 at SUSECVE-2024-26769 at NVDCVE-2024-26771 at SUSECVE-2024-26771 at NVDCVE-2024-26772 at SUSECVE-2024-26772 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26776 at SUSECVE-2024-26776 at NVDCVE-2024-26779 at SUSECVE-2024-26779 at NVDCVE-2024-26783 at SUSECVE-2024-26783 at NVDCVE-2024-26787 at SUSECVE-2024-26787 at NVDCVE-2024-26790 at SUSECVE-2024-26790 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26793 at SUSECVE-2024-26793 at NVDCVE-2024-26798 at SUSECVE-2024-26798 at NVDCVE-2024-26805 at SUSECVE-2024-26805 at NVDCVE-2024-26807 at SUSECVE-2024-26807 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26817 at SUSECVE-2024-26817 at NVDCVE-2024-26820 at SUSECVE-2024-26820 at NVDCVE-2024-26825 at SUSECVE-2024-26825 at NVDCVE-2024-26830 at SUSECVE-2024-26830 at NVDCVE-2024-26833 at SUSECVE-2024-26833 at NVDCVE-2024-26836 at SUSECVE-2024-26836 at NVDCVE-2024-26843 at SUSECVE-2024-26843 at NVDCVE-2024-26848 at SUSECVE-2024-26848 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26853 at SUSECVE-2024-26853 at NVDCVE-2024-26855 at SUSECVE-2024-26855 at NVDCVE-2024-26856 at SUSECVE-2024-26856 at NVDCVE-2024-26857 at SUSECVE-2024-26857 at NVDCVE-2024-26861 at SUSECVE-2024-26861 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26866 at SUSECVE-2024-26866 at NVDCVE-2024-26872 at SUSECVE-2024-26872 at NVDCVE-2024-26875 at SUSECVE-2024-26875 at NVDCVE-2024-26878 at SUSECVE-2024-26878 at NVDCVE-2024-26879 at SUSECVE-2024-26879 at NVDCVE-2024-26881 at SUSECVE-2024-26881 at NVDCVE-2024-26882 at SUSECVE-2024-26882 at NVDCVE-2024-26883 at SUSECVE-2024-26883 at NVDCVE-2024-26884 at SUSECVE-2024-26884 at NVDCVE-2024-26885 at SUSECVE-2024-26885 at NVDCVE-2024-26891 at SUSECVE-2024-26891 at NVDCVE-2024-26893 at SUSECVE-2024-26893 at NVDCVE-2024-26895 at SUSECVE-2024-26895 at NVDCVE-2024-26896 at SUSECVE-2024-26896 at NVDCVE-2024-26897 at SUSECVE-2024-26897 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26901 at SUSECVE-2024-26901 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26917 at SUSECVE-2024-26917 at NVDCVE-2024-26927 at SUSECVE-2024-26927 at NVDCVE-2024-26948 at SUSECVE-2024-26948 at NVDCVE-2024-26950 at SUSECVE-2024-26950 at NVDCVE-2024-26951 at SUSECVE-2024-26951 at NVDCVE-2024-26955 at SUSECVE-2024-26955 at NVDCVE-2024-26956 at SUSECVE-2024-26956 at NVDCVE-2024-26960 at SUSECVE-2024-26960 at NVDCVE-2024-26965 at SUSECVE-2024-26965 at NVDCVE-2024-26966 at SUSECVE-2024-26966 at NVDCVE-2024-26969 at SUSECVE-2024-26969 at NVDCVE-2024-26970 at SUSECVE-2024-26970 at NVDCVE-2024-26972 at SUSECVE-2024-26972 at NVDCVE-2024-26981 at SUSECVE-2024-26981 at NVDCVE-2024-26982 at SUSECVE-2024-26982 at NVDCVE-2024-26993 at SUSECVE-2024-26993 at NVDCVE-2024-27013 at SUSECVE-2024-27013 at NVDCVE-2024-27014 at SUSECVE-2024-27014 at NVDCVE-2024-27030 at SUSECVE-2024-27030 at NVDCVE-2024-27038 at SUSECVE-2024-27038 at NVDCVE-2024-27039 at SUSECVE-2024-27039 at NVDCVE-2024-27041 at SUSECVE-2024-27041 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27046 at SUSECVE-2024-27046 at NVDCVE-2024-27056 at SUSECVE-2024-27056 at NVDCVE-2024-27062 at SUSECVE-2024-27062 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- README.BRANCH: Correct email address for Petr Tesarik
- README.BRANCH: Remove copy of branch name
- Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes).
- Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
- Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes).
- Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
- Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
- Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes).
- dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes).
- iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- s390: Fixed kernel backtrack (bsc#1141539 git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
ImportantSUSE bug 1141539SUSE bug 1177529SUSE bug 1190576SUSE bug 1192145SUSE bug 1192837SUSE bug 1193629SUSE bug 1196869SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1207361SUSE bug 1211592SUSE bug 1213573SUSE bug 1217408SUSE bug 1218562SUSE bug 1218917SUSE bug 1219104SUSE bug 1219126SUSE bug 1219141SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220492SUSE bug 1220569SUSE bug 1220761SUSE bug 1220901SUSE bug 1220915SUSE bug 1220935SUSE bug 1221042SUSE bug 1221044SUSE bug 1221080SUSE bug 1221084SUSE bug 1221088SUSE bug 1221162SUSE bug 1221299SUSE bug 1221612SUSE bug 1221617SUSE bug 1221645SUSE bug 1221791SUSE bug 1221825SUSE bug 1222011SUSE bug 1222051SUSE bug 1222247SUSE bug 1222266SUSE bug 1222294SUSE bug 1222307SUSE bug 1222357SUSE bug 1222368SUSE bug 1222379SUSE bug 1222416SUSE bug 1222422SUSE bug 1222424SUSE bug 1222427SUSE bug 1222428SUSE bug 1222430SUSE bug 1222431SUSE bug 1222435SUSE bug 1222437SUSE bug 1222445SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222520SUSE bug 1222536SUSE bug 1222549SUSE bug 1222550SUSE bug 1222557SUSE bug 1222559SUSE bug 1222585SUSE bug 1222586SUSE bug 1222596SUSE bug 1222609SUSE bug 1222610SUSE bug 1222613SUSE bug 1222615SUSE bug 1222618SUSE bug 1222624SUSE bug 1222630SUSE bug 1222632SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222677SUSE bug 1222678SUSE bug 1222680SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222710SUSE bug 1222720SUSE bug 1222721SUSE bug 1222724SUSE bug 1222726SUSE bug 1222727SUSE bug 1222764SUSE bug 1222772SUSE bug 1222773SUSE bug 1222776SUSE bug 1222781SUSE bug 1222784SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222798SUSE bug 1222801SUSE bug 1222812SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1222968SUSE bug 1223012SUSE bug 1223014SUSE bug 1223016SUSE bug 1223024SUSE bug 1223030SUSE bug 1223033SUSE bug 1223034SUSE bug 1223035SUSE bug 1223036SUSE bug 1223037SUSE bug 1223041SUSE bug 1223042SUSE bug 1223051SUSE bug 1223052SUSE bug 1223056SUSE bug 1223057SUSE bug 1223058SUSE bug 1223060SUSE bug 1223061SUSE bug 1223065SUSE bug 1223066SUSE bug 1223067SUSE bug 1223068SUSE bug 1223076SUSE bug 1223078SUSE bug 1223111SUSE bug 1223115SUSE bug 1223118SUSE bug 1223187SUSE bug 1223189SUSE bug 1223190SUSE bug 1223191SUSE bug 1223196SUSE bug 1223197SUSE bug 1223198SUSE bug 1223275SUSE bug 1223323SUSE bug 1223369SUSE bug 1223380SUSE bug 1223473SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223478SUSE bug 1223479SUSE bug 1223481SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223490SUSE bug 1223496SUSE bug 1223498SUSE bug 1223499SUSE bug 1223501SUSE bug 1223502SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223511SUSE bug 1223512SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223520SUSE bug 1223522SUSE bug 1223523SUSE bug 1223525SUSE bug 1223536SUSE bug 1223539SUSE bug 1223574SUSE bug 1223595SUSE bug 1223598SUSE bug 1223634SUSE bug 1223640SUSE bug 1223643SUSE bug 1223644SUSE bug 1223645SUSE bug 1223646SUSE bug 1223648SUSE bug 1223655SUSE bug 1223657SUSE bug 1223660SUSE bug 1223661SUSE bug 1223663SUSE bug 1223664SUSE bug 1223668SUSE bug 1223686SUSE bug 1223693SUSE bug 1223705SUSE bug 1223714SUSE bug 1223735SUSE bug 1223745SUSE bug 1223784SUSE bug 1223785SUSE bug 1223790SUSE bug 1223816SUSE bug 1223821SUSE bug 1223822SUSE bug 1223824SUSE bug 1223827SUSE bug 1223834SUSE bug 1223875SUSE bug 1223876SUSE bug 1223877SUSE bug 1223878SUSE bug 1223879SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223949SUSE bug 1223950SUSE bug 1223951SUSE bug 1223952SUSE bug 1223953SUSE bug 1223956SUSE bug 1223957SUSE bug 1223960SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47214 at SUSECVE-2021-47214 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48639 at SUSECVE-2022-48639 at NVDCVE-2022-48640 at SUSECVE-2022-48640 at NVDCVE-2022-48642 at SUSECVE-2022-48642 at NVDCVE-2022-48644 at SUSECVE-2022-48644 at NVDCVE-2022-48646 at SUSECVE-2022-48646 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48658 at SUSECVE-2022-48658 at NVDCVE-2022-48659 at SUSECVE-2022-48659 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48690 at SUSECVE-2022-48690 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48698 at SUSECVE-2022-48698 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-52488 at SUSECVE-2023-52488 at NVDCVE-2023-52503 at SUSECVE-2023-52503 at NVDCVE-2023-52561 at SUSECVE-2023-52561 at NVDCVE-2023-52585 at SUSECVE-2023-52585 at NVDCVE-2023-52589 at SUSECVE-2023-52589 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52593 at SUSECVE-2023-52593 at NVDCVE-2023-52614 at SUSECVE-2023-52614 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52620 at SUSECVE-2023-52620 at NVDCVE-2023-52627 at SUSECVE-2023-52627 at NVDCVE-2023-52635 at SUSECVE-2023-52635 at NVDCVE-2023-52636 at SUSECVE-2023-52636 at NVDCVE-2023-52645 at SUSECVE-2023-52645 at NVDCVE-2023-52652 at SUSECVE-2023-52652 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26656 at SUSECVE-2024-26656 at NVDCVE-2024-26660 at SUSECVE-2024-26660 at NVDCVE-2024-26671 at SUSECVE-2024-26671 at NVDCVE-2024-26673 at SUSECVE-2024-26673 at NVDCVE-2024-26675 at SUSECVE-2024-26675 at NVDCVE-2024-26680 at SUSECVE-2024-26680 at NVDCVE-2024-26681 at SUSECVE-2024-26681 at NVDCVE-2024-26684 at SUSECVE-2024-26684 at NVDCVE-2024-26685 at SUSECVE-2024-26685 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26696 at SUSECVE-2024-26696 at NVDCVE-2024-26697 at SUSECVE-2024-26697 at NVDCVE-2024-26702 at SUSECVE-2024-26702 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26718 at SUSECVE-2024-26718 at NVDCVE-2024-26722 at SUSECVE-2024-26722 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26736 at SUSECVE-2024-26736 at NVDCVE-2024-26737 at SUSECVE-2024-26737 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26743 at SUSECVE-2024-26743 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26747 at SUSECVE-2024-26747 at NVDCVE-2024-26749 at SUSECVE-2024-26749 at NVDCVE-2024-26751 at SUSECVE-2024-26751 at NVDCVE-2024-26754 at SUSECVE-2024-26754 at NVDCVE-2024-26760 at SUSECVE-2024-26760 at NVDCVE-2024-26763 at SUSECVE-2024-26763 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26769 at SUSECVE-2024-26769 at NVDCVE-2024-26771 at SUSECVE-2024-26771 at NVDCVE-2024-26772 at SUSECVE-2024-26772 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26776 at SUSECVE-2024-26776 at NVDCVE-2024-26779 at SUSECVE-2024-26779 at NVDCVE-2024-26783 at SUSECVE-2024-26783 at NVDCVE-2024-26787 at SUSECVE-2024-26787 at NVDCVE-2024-26790 at SUSECVE-2024-26790 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26793 at SUSECVE-2024-26793 at NVDCVE-2024-26798 at SUSECVE-2024-26798 at NVDCVE-2024-26805 at SUSECVE-2024-26805 at NVDCVE-2024-26807 at SUSECVE-2024-26807 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26817 at SUSECVE-2024-26817 at NVDCVE-2024-26820 at SUSECVE-2024-26820 at NVDCVE-2024-26825 at SUSECVE-2024-26825 at NVDCVE-2024-26830 at SUSECVE-2024-26830 at NVDCVE-2024-26833 at SUSECVE-2024-26833 at NVDCVE-2024-26836 at SUSECVE-2024-26836 at NVDCVE-2024-26843 at SUSECVE-2024-26843 at NVDCVE-2024-26848 at SUSECVE-2024-26848 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26853 at SUSECVE-2024-26853 at NVDCVE-2024-26855 at SUSECVE-2024-26855 at NVDCVE-2024-26856 at SUSECVE-2024-26856 at NVDCVE-2024-26857 at SUSECVE-2024-26857 at NVDCVE-2024-26861 at SUSECVE-2024-26861 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26866 at SUSECVE-2024-26866 at NVDCVE-2024-26872 at SUSECVE-2024-26872 at NVDCVE-2024-26875 at SUSECVE-2024-26875 at NVDCVE-2024-26878 at SUSECVE-2024-26878 at NVDCVE-2024-26879 at SUSECVE-2024-26879 at NVDCVE-2024-26881 at SUSECVE-2024-26881 at NVDCVE-2024-26882 at SUSECVE-2024-26882 at NVDCVE-2024-26883 at SUSECVE-2024-26883 at NVDCVE-2024-26884 at SUSECVE-2024-26884 at NVDCVE-2024-26885 at SUSECVE-2024-26885 at NVDCVE-2024-26891 at SUSECVE-2024-26891 at NVDCVE-2024-26893 at SUSECVE-2024-26893 at NVDCVE-2024-26895 at SUSECVE-2024-26895 at NVDCVE-2024-26896 at SUSECVE-2024-26896 at NVDCVE-2024-26897 at SUSECVE-2024-26897 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26901 at SUSECVE-2024-26901 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26917 at SUSECVE-2024-26917 at NVDCVE-2024-26927 at SUSECVE-2024-26927 at NVDCVE-2024-26948 at SUSECVE-2024-26948 at NVDCVE-2024-26950 at SUSECVE-2024-26950 at NVDCVE-2024-26951 at SUSECVE-2024-26951 at NVDCVE-2024-26955 at SUSECVE-2024-26955 at NVDCVE-2024-26956 at SUSECVE-2024-26956 at NVDCVE-2024-26960 at SUSECVE-2024-26960 at NVDCVE-2024-26965 at SUSECVE-2024-26965 at NVDCVE-2024-26966 at SUSECVE-2024-26966 at NVDCVE-2024-26969 at SUSECVE-2024-26969 at NVDCVE-2024-26970 at SUSECVE-2024-26970 at NVDCVE-2024-26972 at SUSECVE-2024-26972 at NVDCVE-2024-26981 at SUSECVE-2024-26981 at NVDCVE-2024-26982 at SUSECVE-2024-26982 at NVDCVE-2024-26993 at SUSECVE-2024-26993 at NVDCVE-2024-27013 at SUSECVE-2024-27013 at NVDCVE-2024-27014 at SUSECVE-2024-27014 at NVDCVE-2024-27030 at SUSECVE-2024-27030 at NVDCVE-2024-27038 at SUSECVE-2024-27038 at NVDCVE-2024-27039 at SUSECVE-2024-27039 at NVDCVE-2024-27041 at SUSECVE-2024-27041 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27046 at SUSECVE-2024-27046 at NVDCVE-2024-27056 at SUSECVE-2024-27056 at NVDCVE-2024-27062 at SUSECVE-2024-27062 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:suse:sle-micro:5.5Security update for cairo (Low)SUSE Linux Enterprise Micro 5.5
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
LowSUSE bug 1122321CVE-2019-6462 at SUSECVE-2019-6462 at NVDcpe:/o:suse:sle-micro:5.5Security update for perl (Important)SUSE Linux Enterprise Micro 5.5
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
ImportantSUSE bug 1223858SUSE bug 1224169SUSE bug 1224340cpe:/o:suse:sle-micro:5.5Security update for git (Important)SUSE Linux Enterprise Micro 5.5
This update for git fixes the following issues:
- CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168).
- CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170).
- CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171).
- CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172).
- CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).
ImportantSUSE bug 1224168SUSE bug 1224170SUSE bug 1224171SUSE bug 1224172SUSE bug 1224173CVE-2024-32002 at SUSECVE-2024-32002 at NVDCVE-2024-32004 at SUSECVE-2024-32004 at NVDCVE-2024-32020 at SUSECVE-2024-32020 at NVDCVE-2024-32021 at SUSECVE-2024-32021 at NVDCVE-2024-32465 at SUSECVE-2024-32465 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
ImportantSUSE bug 1223858SUSE bug 1224169SUSE bug 1224340cpe:/o:suse:sle-micro:5.5Security update for bluez (Important)SUSE Linux Enterprise Micro 5.5
This update for bluez fixes the following issues:
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
ImportantSUSE bug 1218300SUSE bug 1218301CVE-2023-50229 at SUSECVE-2023-50229 at NVDCVE-2023-50230 at SUSECVE-2023-50230 at NVDcpe:/o:suse:sle-micro:5.5Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:suse:sle-micro:5.5Security update for fwupdate (Moderate)SUSE Linux Enterprise Micro 5.5
This update of fwupdate fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
- Update the email address of security team in SBAT (bsc#1221301)
- elf_aarch64_efi.lds: set the memory permission explicitly to
avoid ld warning like 'LOAD segment with RWX permissions'
ModerateSUSE bug 1209188SUSE bug 1221301cpe:/o:suse:sle-micro:5.5Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:suse:sle-micro:5.5Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.5
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
ImportantSUSE bug 1224806CVE-2024-4453 at SUSECVE-2024-4453 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Important)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:suse:sle-micro:5.5Security update for skopeo (Important)SUSE Linux Enterprise Micro 5.5
This update for skopeo fixes the following issues:
- Update to version 1.14.4:
- CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123)
ImportantSUSE bug 1224123CVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:sle-micro:5.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Rebuild against current updated packages and go compiler.
- Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)
- Add LABEL with source URL
ImportantSUSE bug 1224119CVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:sle-micro:5.5Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
ImportantSUSE bug 1223356CVE-2024-0090 at SUSECVE-2024-0090 at NVDCVE-2024-0091 at SUSECVE-2024-0091 at NVDCVE-2024-0092 at SUSECVE-2024-0092 at NVDcpe:/o:suse:sle-micro:5.5Security update for unbound (Important)SUSE Linux Enterprise Micro 5.5
This update for unbound fixes the following issues:
unbound was updated to 1.20.0:
* A lot of bugfixes and added features.
For a complete list take a look at the changelog located at:
/usr/share/doc/packages/unbound/Changelog or
https://www.nlnetlabs.nl/projects/unbound/download/
Some Noteworthy Changes:
* Removed DLV. The DLV has been decommisioned since unbound
1.5.4 and has been advised to stop using it since. The use of
dlv options displays a warning.
* Remove EDNS lame procedure, do not re-query without EDNS after
timeout.
* Add DNS over HTTPS
* libunbound has been upgraded to major version 8
Security Fixes:
* CVE-2023-50387: DNSSEC verification complexity can be
exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823]
* CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU.
[bsc#1219826]
* CVE-2022-30698: Novel 'ghost domain names' attack by
introducing subdomain delegations. [bsc#1202033]
* CVE-2022-30699: Novel 'ghost domain names' attack by
updating almost expired delegation information. [bsc#1202031]
* CVE-2022-3204: NRDelegation attack leads to uncontrolled
resource consumption (Non-Responsive Delegation Attack). [bsc#1203643]
Packaging Changes:
* Use prefixes instead of sudo in unbound.service
* Remove no longer necessary BuildRequires: libfstrm-devel and
libprotobuf-c-devel
ImportantSUSE bug 1202031SUSE bug 1202033SUSE bug 1203643SUSE bug 1219823SUSE bug 1219826CVE-2022-30698 at SUSECVE-2022-30698 at NVDCVE-2022-30699 at SUSECVE-2022-30699 at NVDCVE-2022-3204 at SUSECVE-2022-3204 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:sle-micro:5.5Security update for cups (Important)SUSE Linux Enterprise Micro 5.5
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
ImportantSUSE bug 1223179SUSE bug 1225365CVE-2024-35235 at SUSECVE-2024-35235 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621)
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- KVM: x86: Delete duplicate documentation for KVM_X86_SET_MSR_FILTER (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge
- Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020).
- Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb3: show beginning time for per share stats (bsc#1224020).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- Sort recent BHI patches
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- Update patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch (bsc#1222893).
- Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852)
- Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852)
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: add missing cmap->br_state = XFS_EXT_NORM update (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1141539SUSE bug 1174585SUSE bug 1181674SUSE bug 1187716SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200465SUSE bug 1205205SUSE bug 1207284SUSE bug 1207361SUSE bug 1207948SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1209980SUSE bug 1210335SUSE bug 1213863SUSE bug 1214852SUSE bug 1215322SUSE bug 1215702SUSE bug 1216358SUSE bug 1216702SUSE bug 1217169SUSE bug 1217339SUSE bug 1217515SUSE bug 1218447SUSE bug 1220021SUSE bug 1220267SUSE bug 1220363SUSE bug 1220783SUSE bug 1221044SUSE bug 1221081SUSE bug 1221615SUSE bug 1221777SUSE bug 1221816SUSE bug 1221829SUSE bug 1222011SUSE bug 1222374SUSE bug 1222385SUSE bug 1222413SUSE bug 1222464SUSE bug 1222513SUSE bug 1222559SUSE bug 1222561SUSE bug 1222608SUSE bug 1222619SUSE bug 1222627SUSE bug 1222721SUSE bug 1222765SUSE bug 1222770SUSE bug 1222783SUSE bug 1222793SUSE bug 1222838SUSE bug 1222870SUSE bug 1222893SUSE bug 1222960SUSE bug 1222961SUSE bug 1222974SUSE bug 1222975SUSE bug 1222976SUSE bug 1223011SUSE bug 1223023SUSE bug 1223027SUSE bug 1223031SUSE bug 1223043SUSE bug 1223046SUSE bug 1223048SUSE bug 1223049SUSE bug 1223084SUSE bug 1223113SUSE bug 1223119SUSE bug 1223137SUSE bug 1223138SUSE bug 1223140SUSE bug 1223188SUSE bug 1223203SUSE bug 1223207SUSE bug 1223315SUSE bug 1223360SUSE bug 1223384SUSE bug 1223390SUSE bug 1223432SUSE bug 1223489SUSE bug 1223505SUSE bug 1223532SUSE bug 1223575SUSE bug 1223595SUSE bug 1223626SUSE bug 1223627SUSE bug 1223628SUSE bug 1223631SUSE bug 1223633SUSE bug 1223638SUSE bug 1223650SUSE bug 1223653SUSE bug 1223666SUSE bug 1223670SUSE bug 1223671SUSE bug 1223675SUSE bug 1223677SUSE bug 1223678SUSE bug 1223679SUSE bug 1223698SUSE bug 1223712SUSE bug 1223715SUSE bug 1223717SUSE bug 1223718SUSE bug 1223737SUSE bug 1223738SUSE bug 1223741SUSE bug 1223744SUSE bug 1223747SUSE bug 1223748SUSE bug 1223750SUSE bug 1223752SUSE bug 1223754SUSE bug 1223756SUSE bug 1223757SUSE bug 1223762SUSE bug 1223769SUSE bug 1223770SUSE bug 1223779SUSE bug 1223780SUSE bug 1223781SUSE bug 1223788SUSE bug 1223802SUSE bug 1223819SUSE bug 1223823SUSE bug 1223826SUSE bug 1223828SUSE bug 1223829SUSE bug 1223837SUSE bug 1223842SUSE bug 1223843SUSE bug 1223844SUSE bug 1223847SUSE bug 1223858SUSE bug 1223875SUSE bug 1223879SUSE bug 1223895SUSE bug 1223959SUSE bug 1223961SUSE bug 1223991SUSE bug 1223996SUSE bug 1224020SUSE bug 1224076SUSE bug 1224096SUSE bug 1224098SUSE bug 1224099SUSE bug 1224137SUSE bug 1224166SUSE bug 1224174SUSE bug 1224177SUSE bug 1224180SUSE bug 1224181SUSE bug 1224187SUSE bug 1224331SUSE bug 1224346SUSE bug 1224423SUSE bug 1224432SUSE bug 1224437SUSE bug 1224438SUSE bug 1224442SUSE bug 1224443SUSE bug 1224445SUSE bug 1224449SUSE bug 1224479SUSE bug 1224482SUSE bug 1224487SUSE bug 1224488SUSE bug 1224492SUSE bug 1224494SUSE bug 1224495SUSE bug 1224502SUSE bug 1224508SUSE bug 1224509SUSE bug 1224511SUSE bug 1224519SUSE bug 1224524SUSE bug 1224525SUSE bug 1224530SUSE bug 1224531SUSE bug 1224534SUSE bug 1224535SUSE bug 1224537SUSE bug 1224541SUSE bug 1224543SUSE bug 1224549SUSE bug 1224550SUSE bug 1224558SUSE bug 1224559SUSE bug 1224566SUSE bug 1224567SUSE bug 1224571SUSE bug 1224575SUSE bug 1224576SUSE bug 1224579SUSE bug 1224580SUSE bug 1224581SUSE bug 1224582SUSE bug 1224586SUSE bug 1224587SUSE bug 1224592SUSE bug 1224598SUSE bug 1224601SUSE bug 1224607SUSE bug 1224608SUSE bug 1224611SUSE bug 1224615SUSE bug 1224617SUSE bug 1224618SUSE bug 1224621SUSE bug 1224622SUSE bug 1224624SUSE bug 1224627SUSE bug 1224628SUSE bug 1224629SUSE bug 1224632SUSE bug 1224636SUSE bug 1224637SUSE bug 1224638SUSE bug 1224640SUSE bug 1224643SUSE bug 1224644SUSE bug 1224645SUSE bug 1224647SUSE bug 1224648SUSE bug 1224649SUSE bug 1224650SUSE bug 1224651SUSE bug 1224657SUSE bug 1224659SUSE bug 1224660SUSE bug 1224663SUSE bug 1224664SUSE bug 1224665SUSE bug 1224666SUSE bug 1224667SUSE bug 1224668SUSE bug 1224671SUSE bug 1224672SUSE bug 1224676SUSE bug 1224678SUSE bug 1224679SUSE bug 1224680SUSE bug 1224681SUSE bug 1224682SUSE bug 1224685SUSE bug 1224686SUSE bug 1224692SUSE bug 1224697SUSE bug 1224699SUSE bug 1224701SUSE bug 1224703SUSE bug 1224705SUSE bug 1224707SUSE bug 1224717SUSE bug 1224718SUSE bug 1224721SUSE bug 1224722SUSE bug 1224723SUSE bug 1224725SUSE bug 1224727SUSE bug 1224728SUSE bug 1224729SUSE bug 1224730SUSE bug 1224731SUSE bug 1224732SUSE bug 1224733SUSE bug 1224736SUSE bug 1224738SUSE bug 1224739SUSE bug 1224740SUSE bug 1224747SUSE bug 1224749SUSE bug 1224759SUSE bug 1224763SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224794SUSE bug 1224795SUSE bug 1224796SUSE bug 1224803SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224929SUSE bug 1224930SUSE bug 1224931SUSE bug 1224932SUSE bug 1224936SUSE bug 1224937SUSE bug 1224941SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1224992SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225008SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225041SUSE bug 1225044SUSE bug 1225053SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225085SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225097SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225114SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225138SUSE bug 1225139SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225222SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225382SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225408SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225424SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225442SUSE bug 1225443SUSE bug 1225444SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225467SUSE bug 1225468SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225480SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225502SUSE bug 1225506SUSE bug 1225508SUSE bug 1225510SUSE bug 1225513SUSE bug 1225515SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225535SUSE bug 1225548SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225555SUSE bug 1225556SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225568SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225587SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225593SUSE bug 1225595SUSE bug 1225599SUSE bug 1225616SUSE bug 1225640SUSE bug 1225642SUSE bug 1225705SUSE bug 1225708SUSE bug 1225715SUSE bug 1225720SUSE bug 1225722SUSE bug 1225734SUSE bug 1225735SUSE bug 1225747SUSE bug 1225748SUSE bug 1225756SUSE bug 1225761SUSE bug 1225766SUSE bug 1225775SUSE bug 1225810SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225842CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47504 at SUSECVE-2021-47504 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47508 at SUSECVE-2021-47508 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47530 at SUSECVE-2021-47530 at NVDCVE-2021-47531 at SUSECVE-2021-47531 at NVDCVE-2021-47532 at SUSECVE-2021-47532 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47548 at SUSECVE-2021-47548 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47552 at SUSECVE-2021-47552 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2021-47569 at SUSECVE-2021-47569 at NVDCVE-2022-48633 at SUSECVE-2022-48633 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48669 at SUSECVE-2022-48669 at NVDCVE-2022-48689 at SUSECVE-2022-48689 at NVDCVE-2022-48691 at SUSECVE-2022-48691 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48705 at SUSECVE-2022-48705 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-42755 at SUSECVE-2023-42755 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52586 at SUSECVE-2023-52586 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52618 at SUSECVE-2023-52618 at NVDCVE-2023-52642 at SUSECVE-2023-52642 at NVDCVE-2023-52643 at SUSECVE-2023-52643 at NVDCVE-2023-52644 at SUSECVE-2023-52644 at NVDCVE-2023-52646 at SUSECVE-2023-52646 at NVDCVE-2023-52650 at SUSECVE-2023-52650 at NVDCVE-2023-52653 at SUSECVE-2023-52653 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52656 at SUSECVE-2023-52656 at NVDCVE-2023-52657 at SUSECVE-2023-52657 at NVDCVE-2023-52659 at SUSECVE-2023-52659 at NVDCVE-2023-52660 at SUSECVE-2023-52660 at NVDCVE-2023-52661 at SUSECVE-2023-52661 at NVDCVE-2023-52662 at SUSECVE-2023-52662 at NVDCVE-2023-52664 at SUSECVE-2023-52664 at NVDCVE-2023-52669 at SUSECVE-2023-52669 at NVDCVE-2023-52671 at SUSECVE-2023-52671 at NVDCVE-2023-52674 at SUSECVE-2023-52674 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52678 at SUSECVE-2023-52678 at NVDCVE-2023-52679 at SUSECVE-2023-52679 at NVDCVE-2023-52680 at SUSECVE-2023-52680 at NVDCVE-2023-52683 at SUSECVE-2023-52683 at NVDCVE-2023-52685 at SUSECVE-2023-52685 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52691 at SUSECVE-2023-52691 at NVDCVE-2023-52692 at SUSECVE-2023-52692 at NVDCVE-2023-52693 at SUSECVE-2023-52693 at NVDCVE-2023-52694 at SUSECVE-2023-52694 at NVDCVE-2023-52696 at SUSECVE-2023-52696 at NVDCVE-2023-52698 at SUSECVE-2023-52698 at NVDCVE-2023-52699 at SUSECVE-2023-52699 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52705 at SUSECVE-2023-52705 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52731 at SUSECVE-2023-52731 at NVDCVE-2023-52732 at SUSECVE-2023-52732 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52746 at SUSECVE-2023-52746 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52757 at SUSECVE-2023-52757 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52773 at SUSECVE-2023-52773 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52777 at SUSECVE-2023-52777 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52795 at SUSECVE-2023-52795 at NVDCVE-2023-52796 at SUSECVE-2023-52796 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52803 at SUSECVE-2023-52803 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52807 at SUSECVE-2023-52807 at NVDCVE-2023-52808 at SUSECVE-2023-52808 at NVDCVE-2023-52809 at SUSECVE-2023-52809 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52815 at SUSECVE-2023-52815 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52851 at SUSECVE-2023-52851 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52860 at SUSECVE-2023-52860 at NVDCVE-2023-52861 at SUSECVE-2023-52861 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-26597 at SUSECVE-2024-26597 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26679 at SUSECVE-2024-26679 at NVDCVE-2024-26692 at SUSECVE-2024-26692 at NVDCVE-2024-26698 at SUSECVE-2024-26698 at NVDCVE-2024-26700 at SUSECVE-2024-26700 at NVDCVE-2024-26715 at SUSECVE-2024-26715 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26742 at SUSECVE-2024-26742 at NVDCVE-2024-26748 at SUSECVE-2024-26748 at NVDCVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26775 at SUSECVE-2024-26775 at NVDCVE-2024-26777 at SUSECVE-2024-26777 at NVDCVE-2024-26778 at SUSECVE-2024-26778 at NVDCVE-2024-26788 at SUSECVE-2024-26788 at NVDCVE-2024-26791 at SUSECVE-2024-26791 at NVDCVE-2024-26801 at SUSECVE-2024-26801 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26829 at SUSECVE-2024-26829 at NVDCVE-2024-26838 at SUSECVE-2024-26838 at NVDCVE-2024-26839 at SUSECVE-2024-26839 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26846 at SUSECVE-2024-26846 at NVDCVE-2024-26859 at SUSECVE-2024-26859 at NVDCVE-2024-26870 at SUSECVE-2024-26870 at NVDCVE-2024-26874 at SUSECVE-2024-26874 at NVDCVE-2024-26876 at SUSECVE-2024-26876 at NVDCVE-2024-26877 at SUSECVE-2024-26877 at NVDCVE-2024-26880 at SUSECVE-2024-26880 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26894 at SUSECVE-2024-26894 at NVDCVE-2024-26900 at SUSECVE-2024-26900 at NVDCVE-2024-26907 at SUSECVE-2024-26907 at NVDCVE-2024-26915 at SUSECVE-2024-26915 at NVDCVE-2024-26916 at SUSECVE-2024-26916 at NVDCVE-2024-26919 at SUSECVE-2024-26919 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26922 at SUSECVE-2024-26922 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-26931 at SUSECVE-2024-26931 at NVDCVE-2024-26933 at SUSECVE-2024-26933 at NVDCVE-2024-26934 at SUSECVE-2024-26934 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26937 at SUSECVE-2024-26937 at NVDCVE-2024-26938 at SUSECVE-2024-26938 at NVDCVE-2024-26939 at SUSECVE-2024-26939 at NVDCVE-2024-26940 at SUSECVE-2024-26940 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-26957 at SUSECVE-2024-26957 at NVDCVE-2024-26958 at SUSECVE-2024-26958 at NVDCVE-2024-26964 at SUSECVE-2024-26964 at NVDCVE-2024-26974 at SUSECVE-2024-26974 at NVDCVE-2024-26977 at SUSECVE-2024-26977 at NVDCVE-2024-26979 at SUSECVE-2024-26979 at NVDCVE-2024-26984 at SUSECVE-2024-26984 at NVDCVE-2024-26988 at SUSECVE-2024-26988 at NVDCVE-2024-26989 at SUSECVE-2024-26989 at NVDCVE-2024-26994 at SUSECVE-2024-26994 at NVDCVE-2024-26996 at SUSECVE-2024-26996 at NVDCVE-2024-26997 at SUSECVE-2024-26997 at NVDCVE-2024-26999 at SUSECVE-2024-26999 at NVDCVE-2024-27000 at SUSECVE-2024-27000 at NVDCVE-2024-27001 at SUSECVE-2024-27001 at NVDCVE-2024-27004 at SUSECVE-2024-27004 at NVDCVE-2024-27008 at SUSECVE-2024-27008 at NVDCVE-2024-27028 at SUSECVE-2024-27028 at NVDCVE-2024-27037 at SUSECVE-2024-27037 at NVDCVE-2024-27042 at SUSECVE-2024-27042 at NVDCVE-2024-27045 at SUSECVE-2024-27045 at NVDCVE-2024-27047 at SUSECVE-2024-27047 at NVDCVE-2024-27051 at SUSECVE-2024-27051 at NVDCVE-2024-27052 at SUSECVE-2024-27052 at NVDCVE-2024-27053 at SUSECVE-2024-27053 at NVDCVE-2024-27054 at SUSECVE-2024-27054 at NVDCVE-2024-27059 at SUSECVE-2024-27059 at NVDCVE-2024-27072 at SUSECVE-2024-27072 at NVDCVE-2024-27073 at SUSECVE-2024-27073 at NVDCVE-2024-27074 at SUSECVE-2024-27074 at NVDCVE-2024-27075 at SUSECVE-2024-27075 at NVDCVE-2024-27076 at SUSECVE-2024-27076 at NVDCVE-2024-27077 at SUSECVE-2024-27077 at NVDCVE-2024-27078 at SUSECVE-2024-27078 at NVDCVE-2024-27388 at SUSECVE-2024-27388 at NVDCVE-2024-27393 at SUSECVE-2024-27393 at NVDCVE-2024-27395 at SUSECVE-2024-27395 at NVDCVE-2024-27396 at SUSECVE-2024-27396 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27399 at SUSECVE-2024-27399 at NVDCVE-2024-27400 at SUSECVE-2024-27400 at NVDCVE-2024-27401 at SUSECVE-2024-27401 at NVDCVE-2024-27405 at SUSECVE-2024-27405 at NVDCVE-2024-27410 at SUSECVE-2024-27410 at NVDCVE-2024-27412 at SUSECVE-2024-27412 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-27416 at SUSECVE-2024-27416 at NVDCVE-2024-27417 at SUSECVE-2024-27417 at NVDCVE-2024-27419 at SUSECVE-2024-27419 at NVDCVE-2024-27431 at SUSECVE-2024-27431 at NVDCVE-2024-27435 at SUSECVE-2024-27435 at NVDCVE-2024-27436 at SUSECVE-2024-27436 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35791 at SUSECVE-2024-35791 at NVDCVE-2024-35796 at SUSECVE-2024-35796 at NVDCVE-2024-35799 at SUSECVE-2024-35799 at NVDCVE-2024-35801 at SUSECVE-2024-35801 at NVDCVE-2024-35804 at SUSECVE-2024-35804 at NVDCVE-2024-35806 at SUSECVE-2024-35806 at NVDCVE-2024-35809 at SUSECVE-2024-35809 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35812 at SUSECVE-2024-35812 at NVDCVE-2024-35813 at SUSECVE-2024-35813 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35821 at SUSECVE-2024-35821 at NVDCVE-2024-35822 at SUSECVE-2024-35822 at NVDCVE-2024-35823 at SUSECVE-2024-35823 at NVDCVE-2024-35825 at SUSECVE-2024-35825 at NVDCVE-2024-35828 at SUSECVE-2024-35828 at NVDCVE-2024-35829 at SUSECVE-2024-35829 at NVDCVE-2024-35830 at SUSECVE-2024-35830 at NVDCVE-2024-35833 at SUSECVE-2024-35833 at NVDCVE-2024-35845 at SUSECVE-2024-35845 at NVDCVE-2024-35847 at SUSECVE-2024-35847 at NVDCVE-2024-35849 at SUSECVE-2024-35849 at NVDCVE-2024-35851 at SUSECVE-2024-35851 at NVDCVE-2024-35852 at SUSECVE-2024-35852 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35860 at SUSECVE-2024-35860 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35865 at SUSECVE-2024-35865 at NVDCVE-2024-35866 at SUSECVE-2024-35866 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35870 at SUSECVE-2024-35870 at NVDCVE-2024-35872 at SUSECVE-2024-35872 at NVDCVE-2024-35875 at SUSECVE-2024-35875 at NVDCVE-2024-35877 at SUSECVE-2024-35877 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35879 at SUSECVE-2024-35879 at NVDCVE-2024-35885 at SUSECVE-2024-35885 at NVDCVE-2024-35887 at SUSECVE-2024-35887 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35907 at SUSECVE-2024-35907 at NVDCVE-2024-35912 at SUSECVE-2024-35912 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-35915 at SUSECVE-2024-35915 at NVDCVE-2024-35922 at SUSECVE-2024-35922 at NVDCVE-2024-35924 at SUSECVE-2024-35924 at NVDCVE-2024-35930 at SUSECVE-2024-35930 at NVDCVE-2024-35932 at SUSECVE-2024-35932 at NVDCVE-2024-35933 at SUSECVE-2024-35933 at NVDCVE-2024-35935 at SUSECVE-2024-35935 at NVDCVE-2024-35936 at SUSECVE-2024-35936 at NVDCVE-2024-35938 at SUSECVE-2024-35938 at NVDCVE-2024-35939 at SUSECVE-2024-35939 at NVDCVE-2024-35940 at SUSECVE-2024-35940 at NVDCVE-2024-35943 at SUSECVE-2024-35943 at NVDCVE-2024-35944 at SUSECVE-2024-35944 at NVDCVE-2024-35947 at SUSECVE-2024-35947 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35951 at SUSECVE-2024-35951 at NVDCVE-2024-35952 at SUSECVE-2024-35952 at NVDCVE-2024-35955 at SUSECVE-2024-35955 at NVDCVE-2024-35959 at SUSECVE-2024-35959 at NVDCVE-2024-35963 at SUSECVE-2024-35963 at NVDCVE-2024-35964 at SUSECVE-2024-35964 at NVDCVE-2024-35965 at SUSECVE-2024-35965 at NVDCVE-2024-35966 at SUSECVE-2024-35966 at NVDCVE-2024-35967 at SUSECVE-2024-35967 at NVDCVE-2024-35969 at SUSECVE-2024-35969 at NVDCVE-2024-35973 at SUSECVE-2024-35973 at NVDCVE-2024-35976 at SUSECVE-2024-35976 at NVDCVE-2024-35978 at SUSECVE-2024-35978 at NVDCVE-2024-35982 at SUSECVE-2024-35982 at NVDCVE-2024-35984 at SUSECVE-2024-35984 at NVDCVE-2024-35989 at SUSECVE-2024-35989 at NVDCVE-2024-35990 at SUSECVE-2024-35990 at NVDCVE-2024-35998 at SUSECVE-2024-35998 at NVDCVE-2024-35999 at SUSECVE-2024-35999 at NVDCVE-2024-36006 at SUSECVE-2024-36006 at NVDCVE-2024-36007 at SUSECVE-2024-36007 at NVDCVE-2024-36012 at SUSECVE-2024-36012 at NVDCVE-2024-36014 at SUSECVE-2024-36014 at NVDCVE-2024-36015 at SUSECVE-2024-36015 at NVDCVE-2024-36016 at SUSECVE-2024-36016 at NVDCVE-2024-36026 at SUSECVE-2024-36026 at NVDCVE-2024-36029 at SUSECVE-2024-36029 at NVDCVE-2024-36032 at SUSECVE-2024-36032 at NVDCVE-2024-36880 at SUSECVE-2024-36880 at NVDCVE-2024-36893 at SUSECVE-2024-36893 at NVDCVE-2024-36896 at SUSECVE-2024-36896 at NVDCVE-2024-36897 at SUSECVE-2024-36897 at NVDCVE-2024-36906 at SUSECVE-2024-36906 at NVDCVE-2024-36918 at SUSECVE-2024-36918 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36928 at SUSECVE-2024-36928 at NVDCVE-2024-36931 at SUSECVE-2024-36931 at NVDCVE-2024-36938 at SUSECVE-2024-36938 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
ModerateSUSE bug 1212233CVE-2023-3164 at SUSECVE-2023-3164 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:sle-micro:5.5Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.5
This update for gdk-pixbuf fixes the following issues:
gdk-pixbuf was updated to version 2.42.12:
- Security issues fixed:
* CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276)
- Changes in version 2.42.12:
+ ani: Reject files with multiple INA or IART chunks,
+ ani: validate chunk size,
+ Updated translations.
- Enable other image loaders such as xpm and xbm (bsc#1223903)
- Changes in version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Changes in version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Fixed loading of larger images
- Avoid Bash specific syntax in baselibs postscript (bsc#1195391)
ImportantSUSE bug 1195391SUSE bug 1219276SUSE bug 1223903CVE-2022-48622 at SUSECVE-2022-48622 at NVDcpe:/o:suse:sle-micro:5.5Security update for containerd (Important)SUSE Linux Enterprise Micro 5.5
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.5Security update for libarchive (Important)SUSE Linux Enterprise Micro 5.5
This update for libarchive fixes the following issues:
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971).
ImportantSUSE bug 1225971CVE-2024-20696 at SUSECVE-2024-20696 at NVDcpe:/o:suse:sle-micro:5.5Security update for wget (Moderate)SUSE Linux Enterprise Micro 5.5
This update for wget fixes the following issues:
- CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419)
ModerateSUSE bug 1226419CVE-2024-38428 at SUSECVE-2024-38428 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621)
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870)
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
- CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672).
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- Move upstreamed patches into sorted section
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020).
- Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb3: show beginning time for per share stats (bsc#1224020).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- Sort recent BHI patches
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1141539SUSE bug 1174585SUSE bug 1181674SUSE bug 1187716SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200465SUSE bug 1205205SUSE bug 1207284SUSE bug 1207361SUSE bug 1207948SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1209980SUSE bug 1210335SUSE bug 1213863SUSE bug 1214852SUSE bug 1215322SUSE bug 1215702SUSE bug 1216358SUSE bug 1216702SUSE bug 1217169SUSE bug 1217339SUSE bug 1217515SUSE bug 1218447SUSE bug 1220021SUSE bug 1220267SUSE bug 1220363SUSE bug 1220783SUSE bug 1221044SUSE bug 1221081SUSE bug 1221615SUSE bug 1221777SUSE bug 1221816SUSE bug 1221829SUSE bug 1222011SUSE bug 1222374SUSE bug 1222385SUSE bug 1222413SUSE bug 1222464SUSE bug 1222513SUSE bug 1222559SUSE bug 1222561SUSE bug 1222608SUSE bug 1222619SUSE bug 1222627SUSE bug 1222721SUSE bug 1222765SUSE bug 1222770SUSE bug 1222783SUSE bug 1222793SUSE bug 1222870SUSE bug 1222893SUSE bug 1222960SUSE bug 1222961SUSE bug 1222974SUSE bug 1222975SUSE bug 1222976SUSE bug 1223011SUSE bug 1223023SUSE bug 1223027SUSE bug 1223031SUSE bug 1223043SUSE bug 1223046SUSE bug 1223048SUSE bug 1223049SUSE bug 1223084SUSE bug 1223113SUSE bug 1223119SUSE bug 1223137SUSE bug 1223138SUSE bug 1223140SUSE bug 1223188SUSE bug 1223203SUSE bug 1223207SUSE bug 1223315SUSE bug 1223360SUSE bug 1223384SUSE bug 1223390SUSE bug 1223432SUSE bug 1223489SUSE bug 1223505SUSE bug 1223532SUSE bug 1223575SUSE bug 1223595SUSE bug 1223626SUSE bug 1223627SUSE bug 1223628SUSE bug 1223631SUSE bug 1223633SUSE bug 1223638SUSE bug 1223650SUSE bug 1223653SUSE bug 1223666SUSE bug 1223670SUSE bug 1223671SUSE bug 1223675SUSE bug 1223677SUSE bug 1223678SUSE bug 1223679SUSE bug 1223698SUSE bug 1223712SUSE bug 1223715SUSE bug 1223717SUSE bug 1223718SUSE bug 1223737SUSE bug 1223738SUSE bug 1223741SUSE bug 1223744SUSE bug 1223747SUSE bug 1223748SUSE bug 1223750SUSE bug 1223752SUSE bug 1223754SUSE bug 1223756SUSE bug 1223757SUSE bug 1223762SUSE bug 1223769SUSE bug 1223770SUSE bug 1223779SUSE bug 1223780SUSE bug 1223781SUSE bug 1223788SUSE bug 1223802SUSE bug 1223819SUSE bug 1223823SUSE bug 1223826SUSE bug 1223828SUSE bug 1223829SUSE bug 1223837SUSE bug 1223842SUSE bug 1223843SUSE bug 1223844SUSE bug 1223847SUSE bug 1223858SUSE bug 1223875SUSE bug 1223879SUSE bug 1223895SUSE bug 1223959SUSE bug 1223961SUSE bug 1223991SUSE bug 1223996SUSE bug 1224020SUSE bug 1224076SUSE bug 1224096SUSE bug 1224098SUSE bug 1224099SUSE bug 1224137SUSE bug 1224166SUSE bug 1224174SUSE bug 1224177SUSE bug 1224180SUSE bug 1224181SUSE bug 1224187SUSE bug 1224331SUSE bug 1224346SUSE bug 1224423SUSE bug 1224432SUSE bug 1224437SUSE bug 1224438SUSE bug 1224442SUSE bug 1224443SUSE bug 1224445SUSE bug 1224449SUSE bug 1224479SUSE bug 1224482SUSE bug 1224487SUSE bug 1224488SUSE bug 1224492SUSE bug 1224494SUSE bug 1224495SUSE bug 1224502SUSE bug 1224508SUSE bug 1224509SUSE bug 1224511SUSE bug 1224519SUSE bug 1224524SUSE bug 1224525SUSE bug 1224530SUSE bug 1224531SUSE bug 1224534SUSE bug 1224535SUSE bug 1224537SUSE bug 1224541SUSE bug 1224543SUSE bug 1224549SUSE bug 1224550SUSE bug 1224558SUSE bug 1224559SUSE bug 1224566SUSE bug 1224567SUSE bug 1224571SUSE bug 1224575SUSE bug 1224576SUSE bug 1224579SUSE bug 1224580SUSE bug 1224581SUSE bug 1224582SUSE bug 1224586SUSE bug 1224587SUSE bug 1224592SUSE bug 1224598SUSE bug 1224601SUSE bug 1224607SUSE bug 1224608SUSE bug 1224611SUSE bug 1224615SUSE bug 1224617SUSE bug 1224618SUSE bug 1224621SUSE bug 1224622SUSE bug 1224624SUSE bug 1224627SUSE bug 1224628SUSE bug 1224629SUSE bug 1224632SUSE bug 1224636SUSE bug 1224637SUSE bug 1224638SUSE bug 1224640SUSE bug 1224643SUSE bug 1224644SUSE bug 1224645SUSE bug 1224647SUSE bug 1224648SUSE bug 1224649SUSE bug 1224650SUSE bug 1224651SUSE bug 1224657SUSE bug 1224659SUSE bug 1224660SUSE bug 1224663SUSE bug 1224664SUSE bug 1224665SUSE bug 1224666SUSE bug 1224667SUSE bug 1224668SUSE bug 1224671SUSE bug 1224672SUSE bug 1224676SUSE bug 1224678SUSE bug 1224679SUSE bug 1224680SUSE bug 1224681SUSE bug 1224682SUSE bug 1224685SUSE bug 1224686SUSE bug 1224692SUSE bug 1224697SUSE bug 1224699SUSE bug 1224701SUSE bug 1224703SUSE bug 1224705SUSE bug 1224707SUSE bug 1224717SUSE bug 1224718SUSE bug 1224721SUSE bug 1224722SUSE bug 1224723SUSE bug 1224725SUSE bug 1224727SUSE bug 1224728SUSE bug 1224729SUSE bug 1224730SUSE bug 1224731SUSE bug 1224732SUSE bug 1224733SUSE bug 1224736SUSE bug 1224738SUSE bug 1224739SUSE bug 1224740SUSE bug 1224747SUSE bug 1224749SUSE bug 1224759SUSE bug 1224763SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224794SUSE bug 1224795SUSE bug 1224796SUSE bug 1224803SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224929SUSE bug 1224930SUSE bug 1224931SUSE bug 1224932SUSE bug 1224936SUSE bug 1224937SUSE bug 1224941SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1224992SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225008SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225041SUSE bug 1225044SUSE bug 1225053SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225085SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225097SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225114SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225138SUSE bug 1225139SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225222SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225382SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225408SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225424SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225442SUSE bug 1225443SUSE bug 1225444SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225467SUSE bug 1225468SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225480SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225502SUSE bug 1225506SUSE bug 1225508SUSE bug 1225510SUSE bug 1225513SUSE bug 1225515SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225535SUSE bug 1225548SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225555SUSE bug 1225556SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225568SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225587SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225593SUSE bug 1225595SUSE bug 1225599SUSE bug 1225616SUSE bug 1225640SUSE bug 1225642SUSE bug 1225705SUSE bug 1225708SUSE bug 1225715SUSE bug 1225720SUSE bug 1225722SUSE bug 1225734SUSE bug 1225735SUSE bug 1225747SUSE bug 1225748SUSE bug 1225756SUSE bug 1225761SUSE bug 1225766SUSE bug 1225775SUSE bug 1225810SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225842CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47504 at SUSECVE-2021-47504 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47508 at SUSECVE-2021-47508 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47530 at SUSECVE-2021-47530 at NVDCVE-2021-47531 at SUSECVE-2021-47531 at NVDCVE-2021-47532 at SUSECVE-2021-47532 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47548 at SUSECVE-2021-47548 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47552 at SUSECVE-2021-47552 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2021-47569 at SUSECVE-2021-47569 at NVDCVE-2022-48633 at SUSECVE-2022-48633 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48669 at SUSECVE-2022-48669 at NVDCVE-2022-48689 at SUSECVE-2022-48689 at NVDCVE-2022-48691 at SUSECVE-2022-48691 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48705 at SUSECVE-2022-48705 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-42755 at SUSECVE-2023-42755 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52586 at SUSECVE-2023-52586 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52618 at SUSECVE-2023-52618 at NVDCVE-2023-52642 at SUSECVE-2023-52642 at NVDCVE-2023-52643 at SUSECVE-2023-52643 at NVDCVE-2023-52644 at SUSECVE-2023-52644 at NVDCVE-2023-52646 at SUSECVE-2023-52646 at NVDCVE-2023-52650 at SUSECVE-2023-52650 at NVDCVE-2023-52653 at SUSECVE-2023-52653 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52656 at SUSECVE-2023-52656 at NVDCVE-2023-52657 at SUSECVE-2023-52657 at NVDCVE-2023-52659 at SUSECVE-2023-52659 at NVDCVE-2023-52660 at SUSECVE-2023-52660 at NVDCVE-2023-52661 at SUSECVE-2023-52661 at NVDCVE-2023-52662 at SUSECVE-2023-52662 at NVDCVE-2023-52664 at SUSECVE-2023-52664 at NVDCVE-2023-52669 at SUSECVE-2023-52669 at NVDCVE-2023-52671 at SUSECVE-2023-52671 at NVDCVE-2023-52674 at SUSECVE-2023-52674 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52678 at SUSECVE-2023-52678 at NVDCVE-2023-52679 at SUSECVE-2023-52679 at NVDCVE-2023-52680 at SUSECVE-2023-52680 at NVDCVE-2023-52683 at SUSECVE-2023-52683 at NVDCVE-2023-52685 at SUSECVE-2023-52685 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52691 at SUSECVE-2023-52691 at NVDCVE-2023-52692 at SUSECVE-2023-52692 at NVDCVE-2023-52693 at SUSECVE-2023-52693 at NVDCVE-2023-52694 at SUSECVE-2023-52694 at NVDCVE-2023-52696 at SUSECVE-2023-52696 at NVDCVE-2023-52698 at SUSECVE-2023-52698 at NVDCVE-2023-52699 at SUSECVE-2023-52699 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52705 at SUSECVE-2023-52705 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52731 at SUSECVE-2023-52731 at NVDCVE-2023-52732 at SUSECVE-2023-52732 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52746 at SUSECVE-2023-52746 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52757 at SUSECVE-2023-52757 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52773 at SUSECVE-2023-52773 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52777 at SUSECVE-2023-52777 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52795 at SUSECVE-2023-52795 at NVDCVE-2023-52796 at SUSECVE-2023-52796 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52803 at SUSECVE-2023-52803 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52807 at SUSECVE-2023-52807 at NVDCVE-2023-52808 at SUSECVE-2023-52808 at NVDCVE-2023-52809 at SUSECVE-2023-52809 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52815 at SUSECVE-2023-52815 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52851 at SUSECVE-2023-52851 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52860 at SUSECVE-2023-52860 at NVDCVE-2023-52861 at SUSECVE-2023-52861 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-26597 at SUSECVE-2024-26597 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26679 at SUSECVE-2024-26679 at NVDCVE-2024-26692 at SUSECVE-2024-26692 at NVDCVE-2024-26698 at SUSECVE-2024-26698 at NVDCVE-2024-26700 at SUSECVE-2024-26700 at NVDCVE-2024-26715 at SUSECVE-2024-26715 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26742 at SUSECVE-2024-26742 at NVDCVE-2024-26748 at SUSECVE-2024-26748 at NVDCVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26775 at SUSECVE-2024-26775 at NVDCVE-2024-26777 at SUSECVE-2024-26777 at NVDCVE-2024-26778 at SUSECVE-2024-26778 at NVDCVE-2024-26788 at SUSECVE-2024-26788 at NVDCVE-2024-26791 at SUSECVE-2024-26791 at NVDCVE-2024-26801 at SUSECVE-2024-26801 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26829 at SUSECVE-2024-26829 at NVDCVE-2024-26838 at SUSECVE-2024-26838 at NVDCVE-2024-26839 at SUSECVE-2024-26839 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26846 at SUSECVE-2024-26846 at NVDCVE-2024-26859 at SUSECVE-2024-26859 at NVDCVE-2024-26870 at SUSECVE-2024-26870 at NVDCVE-2024-26874 at SUSECVE-2024-26874 at NVDCVE-2024-26876 at SUSECVE-2024-26876 at NVDCVE-2024-26877 at SUSECVE-2024-26877 at NVDCVE-2024-26880 at SUSECVE-2024-26880 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26894 at SUSECVE-2024-26894 at NVDCVE-2024-26900 at SUSECVE-2024-26900 at NVDCVE-2024-26907 at SUSECVE-2024-26907 at NVDCVE-2024-26915 at SUSECVE-2024-26915 at NVDCVE-2024-26916 at SUSECVE-2024-26916 at NVDCVE-2024-26919 at SUSECVE-2024-26919 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26922 at SUSECVE-2024-26922 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-26931 at SUSECVE-2024-26931 at NVDCVE-2024-26933 at SUSECVE-2024-26933 at NVDCVE-2024-26934 at SUSECVE-2024-26934 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26937 at SUSECVE-2024-26937 at NVDCVE-2024-26938 at SUSECVE-2024-26938 at NVDCVE-2024-26939 at SUSECVE-2024-26939 at NVDCVE-2024-26940 at SUSECVE-2024-26940 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-26957 at SUSECVE-2024-26957 at NVDCVE-2024-26958 at SUSECVE-2024-26958 at NVDCVE-2024-26964 at SUSECVE-2024-26964 at NVDCVE-2024-26974 at SUSECVE-2024-26974 at NVDCVE-2024-26977 at SUSECVE-2024-26977 at NVDCVE-2024-26979 at SUSECVE-2024-26979 at NVDCVE-2024-26984 at SUSECVE-2024-26984 at NVDCVE-2024-26988 at SUSECVE-2024-26988 at NVDCVE-2024-26989 at SUSECVE-2024-26989 at NVDCVE-2024-26994 at SUSECVE-2024-26994 at NVDCVE-2024-26996 at SUSECVE-2024-26996 at NVDCVE-2024-26997 at SUSECVE-2024-26997 at NVDCVE-2024-26999 at SUSECVE-2024-26999 at NVDCVE-2024-27000 at SUSECVE-2024-27000 at NVDCVE-2024-27001 at SUSECVE-2024-27001 at NVDCVE-2024-27004 at SUSECVE-2024-27004 at NVDCVE-2024-27008 at SUSECVE-2024-27008 at NVDCVE-2024-27028 at SUSECVE-2024-27028 at NVDCVE-2024-27037 at SUSECVE-2024-27037 at NVDCVE-2024-27042 at SUSECVE-2024-27042 at NVDCVE-2024-27045 at SUSECVE-2024-27045 at NVDCVE-2024-27047 at SUSECVE-2024-27047 at NVDCVE-2024-27051 at SUSECVE-2024-27051 at NVDCVE-2024-27052 at SUSECVE-2024-27052 at NVDCVE-2024-27053 at SUSECVE-2024-27053 at NVDCVE-2024-27054 at SUSECVE-2024-27054 at NVDCVE-2024-27059 at SUSECVE-2024-27059 at NVDCVE-2024-27072 at SUSECVE-2024-27072 at NVDCVE-2024-27073 at SUSECVE-2024-27073 at NVDCVE-2024-27074 at SUSECVE-2024-27074 at NVDCVE-2024-27075 at SUSECVE-2024-27075 at NVDCVE-2024-27076 at SUSECVE-2024-27076 at NVDCVE-2024-27077 at SUSECVE-2024-27077 at NVDCVE-2024-27078 at SUSECVE-2024-27078 at NVDCVE-2024-27388 at SUSECVE-2024-27388 at NVDCVE-2024-27393 at SUSECVE-2024-27393 at NVDCVE-2024-27395 at SUSECVE-2024-27395 at NVDCVE-2024-27396 at SUSECVE-2024-27396 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27399 at SUSECVE-2024-27399 at NVDCVE-2024-27400 at SUSECVE-2024-27400 at NVDCVE-2024-27401 at SUSECVE-2024-27401 at NVDCVE-2024-27405 at SUSECVE-2024-27405 at NVDCVE-2024-27410 at SUSECVE-2024-27410 at NVDCVE-2024-27412 at SUSECVE-2024-27412 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-27416 at SUSECVE-2024-27416 at NVDCVE-2024-27417 at SUSECVE-2024-27417 at NVDCVE-2024-27419 at SUSECVE-2024-27419 at NVDCVE-2024-27431 at SUSECVE-2024-27431 at NVDCVE-2024-27435 at SUSECVE-2024-27435 at NVDCVE-2024-27436 at SUSECVE-2024-27436 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35791 at SUSECVE-2024-35791 at NVDCVE-2024-35796 at SUSECVE-2024-35796 at NVDCVE-2024-35799 at SUSECVE-2024-35799 at NVDCVE-2024-35801 at SUSECVE-2024-35801 at NVDCVE-2024-35804 at SUSECVE-2024-35804 at NVDCVE-2024-35806 at SUSECVE-2024-35806 at NVDCVE-2024-35809 at SUSECVE-2024-35809 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35812 at SUSECVE-2024-35812 at NVDCVE-2024-35813 at SUSECVE-2024-35813 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35821 at SUSECVE-2024-35821 at NVDCVE-2024-35822 at SUSECVE-2024-35822 at NVDCVE-2024-35823 at SUSECVE-2024-35823 at NVDCVE-2024-35825 at SUSECVE-2024-35825 at NVDCVE-2024-35828 at SUSECVE-2024-35828 at NVDCVE-2024-35829 at SUSECVE-2024-35829 at NVDCVE-2024-35830 at SUSECVE-2024-35830 at NVDCVE-2024-35833 at SUSECVE-2024-35833 at NVDCVE-2024-35845 at SUSECVE-2024-35845 at NVDCVE-2024-35847 at SUSECVE-2024-35847 at NVDCVE-2024-35849 at SUSECVE-2024-35849 at NVDCVE-2024-35851 at SUSECVE-2024-35851 at NVDCVE-2024-35852 at SUSECVE-2024-35852 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35860 at SUSECVE-2024-35860 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35865 at SUSECVE-2024-35865 at NVDCVE-2024-35866 at SUSECVE-2024-35866 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35870 at SUSECVE-2024-35870 at NVDCVE-2024-35872 at SUSECVE-2024-35872 at NVDCVE-2024-35875 at SUSECVE-2024-35875 at NVDCVE-2024-35877 at SUSECVE-2024-35877 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35879 at SUSECVE-2024-35879 at NVDCVE-2024-35885 at SUSECVE-2024-35885 at NVDCVE-2024-35887 at SUSECVE-2024-35887 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35907 at SUSECVE-2024-35907 at NVDCVE-2024-35912 at SUSECVE-2024-35912 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-35915 at SUSECVE-2024-35915 at NVDCVE-2024-35922 at SUSECVE-2024-35922 at NVDCVE-2024-35924 at SUSECVE-2024-35924 at NVDCVE-2024-35930 at SUSECVE-2024-35930 at NVDCVE-2024-35932 at SUSECVE-2024-35932 at NVDCVE-2024-35933 at SUSECVE-2024-35933 at NVDCVE-2024-35935 at SUSECVE-2024-35935 at NVDCVE-2024-35936 at SUSECVE-2024-35936 at NVDCVE-2024-35938 at SUSECVE-2024-35938 at NVDCVE-2024-35939 at SUSECVE-2024-35939 at NVDCVE-2024-35940 at SUSECVE-2024-35940 at NVDCVE-2024-35943 at SUSECVE-2024-35943 at NVDCVE-2024-35944 at SUSECVE-2024-35944 at NVDCVE-2024-35947 at SUSECVE-2024-35947 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35951 at SUSECVE-2024-35951 at NVDCVE-2024-35952 at SUSECVE-2024-35952 at NVDCVE-2024-35955 at SUSECVE-2024-35955 at NVDCVE-2024-35959 at SUSECVE-2024-35959 at NVDCVE-2024-35963 at SUSECVE-2024-35963 at NVDCVE-2024-35964 at SUSECVE-2024-35964 at NVDCVE-2024-35965 at SUSECVE-2024-35965 at NVDCVE-2024-35966 at SUSECVE-2024-35966 at NVDCVE-2024-35967 at SUSECVE-2024-35967 at NVDCVE-2024-35969 at SUSECVE-2024-35969 at NVDCVE-2024-35973 at SUSECVE-2024-35973 at NVDCVE-2024-35976 at SUSECVE-2024-35976 at NVDCVE-2024-35978 at SUSECVE-2024-35978 at NVDCVE-2024-35982 at SUSECVE-2024-35982 at NVDCVE-2024-35984 at SUSECVE-2024-35984 at NVDCVE-2024-35989 at SUSECVE-2024-35989 at NVDCVE-2024-35990 at SUSECVE-2024-35990 at NVDCVE-2024-35998 at SUSECVE-2024-35998 at NVDCVE-2024-35999 at SUSECVE-2024-35999 at NVDCVE-2024-36006 at SUSECVE-2024-36006 at NVDCVE-2024-36007 at SUSECVE-2024-36007 at NVDCVE-2024-36012 at SUSECVE-2024-36012 at NVDCVE-2024-36014 at SUSECVE-2024-36014 at NVDCVE-2024-36015 at SUSECVE-2024-36015 at NVDCVE-2024-36016 at SUSECVE-2024-36016 at NVDCVE-2024-36026 at SUSECVE-2024-36026 at NVDCVE-2024-36029 at SUSECVE-2024-36029 at NVDCVE-2024-36032 at SUSECVE-2024-36032 at NVDCVE-2024-36880 at SUSECVE-2024-36880 at NVDCVE-2024-36893 at SUSECVE-2024-36893 at NVDCVE-2024-36896 at SUSECVE-2024-36896 at NVDCVE-2024-36897 at SUSECVE-2024-36897 at NVDCVE-2024-36906 at SUSECVE-2024-36906 at NVDCVE-2024-36918 at SUSECVE-2024-36918 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36928 at SUSECVE-2024-36928 at NVDCVE-2024-36931 at SUSECVE-2024-36931 at NVDCVE-2024-36938 at SUSECVE-2024-36938 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDcpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Collect component Role rules under operator Role instead of
ClusterRole (bsc#1223965, CVE-2024-33394)
- Ensure procps is installed (provides ps for tests)
This update also rebuilds it against current go releases.
ImportantSUSE bug 1223965CVE-2024-33394 at SUSECVE-2024-33394 at NVDcpe:/o:suse:sle-micro:5.5Security update for libndp (Important)SUSE Linux Enterprise Micro 5.5
This update for libndp fixes the following issues:
- CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771)
ImportantSUSE bug 1225771CVE-2024-5564 at SUSECVE-2024-5564 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed a potential leak of sensitive information on
HTTP log file (bsc#1227052).
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:suse:sle-micro:5.5Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.5
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:suse:sle-micro:5.5Security update for cockpit (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cockpit fixes the following issues:
- CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040).
ModerateSUSE bug 1226040CVE-2024-6126 at SUSECVE-2024-6126 at NVDcpe:/o:suse:sle-micro:5.5Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:sle-micro:5.5Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.5
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
ModerateSUSE bug 1217653CVE-2023-45539 at SUSECVE-2023-45539 at NVDcpe:/o:suse:sle-micro:5.5Security update for jbigkit (Low)SUSE Linux Enterprise Micro 5.5
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:suse:sle-micro:5.5Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
ModerateSUSE bug 1218571CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.5Security update for ppp (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ModerateSUSE bug 1218251CVE-2022-4603 at SUSECVE-2022-4603 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958.
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
The following non-security bugs were fixed:
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- Add remote for nfs maintainer
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- Fix new build warnings regarding unused variables: Changed build warnings: ***** 2 warnings ***** * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work': ../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable] * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work': ../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- HID: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- Revert 'Add remote for nfs maintainer'
- Revert 'build initrd without systemd' (bsc#1195775)'
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576: Drop 'always-running' property (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193883SUSE bug 1194826SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195775SUSE bug 1196746SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202767SUSE bug 1202780SUSE bug 1205205SUSE bug 1207361SUSE bug 1217912SUSE bug 1218148SUSE bug 1218570SUSE bug 1218820SUSE bug 1219224SUSE bug 1219633SUSE bug 1219847SUSE bug 1220368SUSE bug 1220812SUSE bug 1220958SUSE bug 1221086SUSE bug 1221282SUSE bug 1221958SUSE bug 1222015SUSE bug 1222072SUSE bug 1222080SUSE bug 1222241SUSE bug 1222254SUSE bug 1222364SUSE bug 1222893SUSE bug 1223013SUSE bug 1223018SUSE bug 1223265SUSE bug 1223384SUSE bug 1223641SUSE bug 1224020SUSE bug 1224331SUSE bug 1224488SUSE bug 1224497SUSE bug 1224498SUSE bug 1224504SUSE bug 1224520SUSE bug 1224539SUSE bug 1224540SUSE bug 1224552SUSE bug 1224583SUSE bug 1224588SUSE bug 1224602SUSE bug 1224603SUSE bug 1224605SUSE bug 1224612SUSE bug 1224614SUSE bug 1224619SUSE bug 1224661SUSE bug 1224662SUSE bug 1224670SUSE bug 1224671SUSE bug 1224674SUSE bug 1224677SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224712SUSE bug 1224716SUSE bug 1224719SUSE bug 1224735SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1224946SUSE bug 1224951SUSE bug 1225050SUSE bug 1225098SUSE bug 1225105SUSE bug 1225300SUSE bug 1225389SUSE bug 1225391SUSE bug 1225419SUSE bug 1225426SUSE bug 1225448SUSE bug 1225452SUSE bug 1225467SUSE bug 1225475SUSE bug 1225484SUSE bug 1225487SUSE bug 1225514SUSE bug 1225518SUSE bug 1225535SUSE bug 1225585SUSE bug 1225602SUSE bug 1225611SUSE bug 1225681SUSE bug 1225692SUSE bug 1225698SUSE bug 1225699SUSE bug 1225704SUSE bug 1225714SUSE bug 1225726SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225758SUSE bug 1225759SUSE bug 1225760SUSE bug 1225767SUSE bug 1225770SUSE bug 1225823SUSE bug 1225834SUSE bug 1225840SUSE bug 1225866SUSE bug 1225872SUSE bug 1225894SUSE bug 1226022SUSE bug 1226131SUSE bug 1226145SUSE bug 1226149SUSE bug 1226155SUSE bug 1226211SUSE bug 1226212SUSE bug 1226226SUSE bug 1226514SUSE bug 1226520SUSE bug 1226537SUSE bug 1226538SUSE bug 1226539SUSE bug 1226550SUSE bug 1226552SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226566SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226579SUSE bug 1226580SUSE bug 1226581SUSE bug 1226582SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226588SUSE bug 1226593SUSE bug 1226595SUSE bug 1226597SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226610SUSE bug 1226614SUSE bug 1226616SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226622SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226632SUSE bug 1226633SUSE bug 1226634SUSE bug 1226637SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226653SUSE bug 1226657SUSE bug 1226658SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226678SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226693SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226704SUSE bug 1226705SUSE bug 1226706SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226718SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226730SUSE bug 1226732SUSE bug 1226734SUSE bug 1226735SUSE bug 1226737SUSE bug 1226738SUSE bug 1226739SUSE bug 1226740SUSE bug 1226744SUSE bug 1226746SUSE bug 1226747SUSE bug 1226749SUSE bug 1226754SUSE bug 1226762SUSE bug 1226764SUSE bug 1226767SUSE bug 1226768SUSE bug 1226769SUSE bug 1226771SUSE bug 1226774SUSE bug 1226777SUSE bug 1226780SUSE bug 1226781SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226791SUSE bug 1226839SUSE bug 1226840SUSE bug 1226841SUSE bug 1226842SUSE bug 1226848SUSE bug 1226852SUSE bug 1226857SUSE bug 1226861SUSE bug 1226863SUSE bug 1226864SUSE bug 1226867SUSE bug 1226868SUSE bug 1226876SUSE bug 1226878SUSE bug 1226883SUSE bug 1226886SUSE bug 1226890SUSE bug 1226891SUSE bug 1226895SUSE bug 1226908SUSE bug 1226915SUSE bug 1226928SUSE bug 1226948SUSE bug 1226949SUSE bug 1226950SUSE bug 1226953SUSE bug 1226962SUSE bug 1226976SUSE bug 1226992SUSE bug 1226994SUSE bug 1226996SUSE bug 1227066SUSE bug 1227096SUSE bug 1227101SUSE bug 1227103SUSE bug 1227274CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47089 at SUSECVE-2021-47089 at NVDCVE-2021-47432 at SUSECVE-2021-47432 at NVDCVE-2021-47515 at SUSECVE-2021-47515 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47539 at SUSECVE-2021-47539 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47566 at SUSECVE-2021-47566 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47572 at SUSECVE-2021-47572 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47577 at SUSECVE-2021-47577 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47604 at SUSECVE-2021-47604 at NVDCVE-2021-47605 at SUSECVE-2021-47605 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47610 at SUSECVE-2021-47610 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48714 at SUSECVE-2022-48714 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48716 at SUSECVE-2022-48716 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48718 at SUSECVE-2022-48718 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48733 at SUSECVE-2022-48733 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48753 at SUSECVE-2022-48753 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48755 at SUSECVE-2022-48755 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48766 at SUSECVE-2022-48766 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48770 at SUSECVE-2022-48770 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48772 at SUSECVE-2022-48772 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52622 at SUSECVE-2023-52622 at NVDCVE-2023-52658 at SUSECVE-2023-52658 at NVDCVE-2023-52667 at SUSECVE-2023-52667 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52672 at SUSECVE-2023-52672 at NVDCVE-2023-52675 at SUSECVE-2023-52675 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52737 at SUSECVE-2023-52737 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52784 at SUSECVE-2023-52784 at NVDCVE-2023-52787 at SUSECVE-2023-52787 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52835 at SUSECVE-2023-52835 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52843 at SUSECVE-2023-52843 at NVDCVE-2023-52845 at SUSECVE-2023-52845 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52869 at SUSECVE-2023-52869 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52882 at SUSECVE-2023-52882 at NVDCVE-2023-52884 at SUSECVE-2023-52884 at NVDCVE-2024-26625 at SUSECVE-2024-26625 at NVDCVE-2024-26644 at SUSECVE-2024-26644 at NVDCVE-2024-26720 at SUSECVE-2024-26720 at NVDCVE-2024-26842 at SUSECVE-2024-26842 at NVDCVE-2024-26845 at SUSECVE-2024-26845 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-26973 at SUSECVE-2024-26973 at NVDCVE-2024-27432 at SUSECVE-2024-27432 at NVDCVE-2024-33619 at SUSECVE-2024-33619 at NVDCVE-2024-35247 at SUSECVE-2024-35247 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35790 at SUSECVE-2024-35790 at NVDCVE-2024-35807 at SUSECVE-2024-35807 at NVDCVE-2024-35814 at SUSECVE-2024-35814 at NVDCVE-2024-35835 at SUSECVE-2024-35835 at NVDCVE-2024-35848 at SUSECVE-2024-35848 at NVDCVE-2024-35857 at SUSECVE-2024-35857 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35884 at SUSECVE-2024-35884 at NVDCVE-2024-35886 at SUSECVE-2024-35886 at NVDCVE-2024-35896 at SUSECVE-2024-35896 at NVDCVE-2024-35898 at SUSECVE-2024-35898 at NVDCVE-2024-35900 at SUSECVE-2024-35900 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35925 at SUSECVE-2024-35925 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35956 at SUSECVE-2024-35956 at NVDCVE-2024-35958 at SUSECVE-2024-35958 at NVDCVE-2024-35960 at SUSECVE-2024-35960 at NVDCVE-2024-35962 at SUSECVE-2024-35962 at NVDCVE-2024-35997 at SUSECVE-2024-35997 at NVDCVE-2024-36005 at SUSECVE-2024-36005 at NVDCVE-2024-36008 at SUSECVE-2024-36008 at NVDCVE-2024-36017 at SUSECVE-2024-36017 at NVDCVE-2024-36020 at SUSECVE-2024-36020 at NVDCVE-2024-36021 at SUSECVE-2024-36021 at NVDCVE-2024-36025 at SUSECVE-2024-36025 at NVDCVE-2024-36477 at SUSECVE-2024-36477 at NVDCVE-2024-36478 at SUSECVE-2024-36478 at NVDCVE-2024-36479 at SUSECVE-2024-36479 at NVDCVE-2024-36890 at SUSECVE-2024-36890 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36900 at SUSECVE-2024-36900 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-36916 at SUSECVE-2024-36916 at NVDCVE-2024-36917 at SUSECVE-2024-36917 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36934 at SUSECVE-2024-36934 at NVDCVE-2024-36937 at SUSECVE-2024-36937 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36945 at SUSECVE-2024-36945 at NVDCVE-2024-36949 at SUSECVE-2024-36949 at NVDCVE-2024-36960 at SUSECVE-2024-36960 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36965 at SUSECVE-2024-36965 at NVDCVE-2024-36967 at SUSECVE-2024-36967 at NVDCVE-2024-36969 at SUSECVE-2024-36969 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-36975 at SUSECVE-2024-36975 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-37021 at SUSECVE-2024-37021 at NVDCVE-2024-37078 at SUSECVE-2024-37078 at NVDCVE-2024-37354 at SUSECVE-2024-37354 at NVDCVE-2024-38381 at SUSECVE-2024-38381 at NVDCVE-2024-38388 at SUSECVE-2024-38388 at NVDCVE-2024-38390 at SUSECVE-2024-38390 at NVDCVE-2024-38540 at SUSECVE-2024-38540 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38544 at SUSECVE-2024-38544 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38546 at SUSECVE-2024-38546 at NVDCVE-2024-38547 at SUSECVE-2024-38547 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38549 at SUSECVE-2024-38549 at NVDCVE-2024-38550 at SUSECVE-2024-38550 at NVDCVE-2024-38552 at SUSECVE-2024-38552 at NVDCVE-2024-38553 at SUSECVE-2024-38553 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38556 at SUSECVE-2024-38556 at NVDCVE-2024-38557 at SUSECVE-2024-38557 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38565 at SUSECVE-2024-38565 at NVDCVE-2024-38567 at SUSECVE-2024-38567 at NVDCVE-2024-38568 at SUSECVE-2024-38568 at NVDCVE-2024-38571 at SUSECVE-2024-38571 at NVDCVE-2024-38573 at SUSECVE-2024-38573 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDCVE-2024-38579 at SUSECVE-2024-38579 at NVDCVE-2024-38580 at SUSECVE-2024-38580 at NVDCVE-2024-38581 at SUSECVE-2024-38581 at NVDCVE-2024-38582 at SUSECVE-2024-38582 at NVDCVE-2024-38583 at SUSECVE-2024-38583 at NVDCVE-2024-38587 at SUSECVE-2024-38587 at NVDCVE-2024-38590 at SUSECVE-2024-38590 at NVDCVE-2024-38591 at SUSECVE-2024-38591 at NVDCVE-2024-38594 at SUSECVE-2024-38594 at NVDCVE-2024-38597 at SUSECVE-2024-38597 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-38600 at SUSECVE-2024-38600 at NVDCVE-2024-38601 at SUSECVE-2024-38601 at NVDCVE-2024-38603 at SUSECVE-2024-38603 at NVDCVE-2024-38605 at SUSECVE-2024-38605 at NVDCVE-2024-38608 at SUSECVE-2024-38608 at NVDCVE-2024-38616 at SUSECVE-2024-38616 at NVDCVE-2024-38618 at SUSECVE-2024-38618 at NVDCVE-2024-38619 at SUSECVE-2024-38619 at NVDCVE-2024-38621 at SUSECVE-2024-38621 at NVDCVE-2024-38627 at SUSECVE-2024-38627 at NVDCVE-2024-38630 at SUSECVE-2024-38630 at NVDCVE-2024-38633 at SUSECVE-2024-38633 at NVDCVE-2024-38634 at SUSECVE-2024-38634 at NVDCVE-2024-38635 at SUSECVE-2024-38635 at NVDCVE-2024-38659 at SUSECVE-2024-38659 at NVDCVE-2024-38661 at SUSECVE-2024-38661 at NVDCVE-2024-38780 at SUSECVE-2024-38780 at NVDCVE-2024-39301 at SUSECVE-2024-39301 at NVDCVE-2024-39468 at SUSECVE-2024-39468 at NVDCVE-2024-39469 at SUSECVE-2024-39469 at NVDCVE-2024-39471 at SUSECVE-2024-39471 at NVDcpe:/o:suse:sle-micro:5.5Security update for oniguruma (Moderate)SUSE Linux Enterprise Micro 5.5
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:suse:sle-micro:5.5Security update for cni (Important)SUSE Linux Enterprise Micro 5.5
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.5Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.5
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:sle-micro:5.5Security update for libeconf (Important)SUSE Linux Enterprise Micro 5.5
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
ImportantSUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.5
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:sle-micro:5.5Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.5
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:sle-micro:5.5Security update for zchunk (Important)SUSE Linux Enterprise Micro 5.5
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
ImportantSUSE bug 1216268CVE-2023-46228 at SUSECVE-2023-46228 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3-setuptools (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:sle-micro:5.5Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:sle-micro:5.5Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.5
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:sle-micro:5.5Security update for fdo-client (Moderate)SUSE Linux Enterprise Micro 5.5
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
ModerateSUSE bug 1216293cpe:/o:suse:sle-micro:5.5Security update for traceroute (Moderate)SUSE Linux Enterprise Micro 5.5
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
ModerateSUSE bug 1216591CVE-2023-46316 at SUSECVE-2023-46316 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075SUSE bug 1226447SUSE bug 1226448CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984).
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
ImportantSUSE bug 1027519SUSE bug 1214718SUSE bug 1221984SUSE bug 1227355CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
ModerateSUSE bug 1222693CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.5Security update for git (Important)SUSE Linux Enterprise Micro 5.5
This update for git fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
ImportantSUSE bug 1219660CVE-2024-24577 at SUSECVE-2024-24577 at NVDcpe:/o:suse:sle-micro:5.5Security update for shadow (Important)SUSE Linux Enterprise Micro 5.5
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
- CVE-2023-46840: Fixed VT-d: Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080)
ModerateSUSE bug 1218851SUSE bug 1219080CVE-2023-46839 at SUSECVE-2023-46839 at NVDCVE-2023-46840 at SUSECVE-2023-46840 at NVDcpe:/o:suse:sle-micro:5.5Security update for gtk2 (Important)SUSE Linux Enterprise Micro 5.5
This update for gtk2 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.5Security update for gtk3 (Important)SUSE Linux Enterprise Micro 5.5
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:suse:sle-micro:5.5Security update for orc (Important)SUSE Linux Enterprise Micro 5.5
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.59.0
* Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.59.0
* Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.1
Moderatecpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Update to version 1.2.2
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.2
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.1
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.0
- Use predefined configuration files for libvirt
- Install psmisc (provides killall for tests)
Moderatecpe:/o:suse:sle-micro:5.5Recommended update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.5
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added 'Provides: nss' so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1223724SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118SUSE bug 1227918CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.5Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.5
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:sle-micro:5.5Security update for bind (Important)SUSE Linux Enterprise Micro 5.5
This update for bind fixes the following issues:
Update to 9.16.50:
- Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737, bsc#1228256)
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975, bsc#1228257)
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076, bsc#1228258)
ImportantSUSE bug 1228256SUSE bug 1228257SUSE bug 1228258CVE-2024-1737 at SUSECVE-2024-1737 at NVDCVE-2024-1975 at SUSECVE-2024-1975 at NVDCVE-2024-4076 at SUSECVE-2024-4076 at NVDcpe:/o:suse:sle-micro:5.5Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.5
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571)
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071)
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869)
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323)
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700)
- CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722)
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518)
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520)
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565)
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580)
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617)
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470)
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591)
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723)
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- ACPI: EC: Abort address space access upon error (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products (stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- ASoC: amd: Adjust error handling in case of absent codec device (git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error (git-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- block, loop: support partitions without scanning (bsc#1227162).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fix build warning
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- HID: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kernel-binary: vdso: Own module_dir
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- KVM: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- KVM: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes).
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- NFSD enforce filehandle check for source file in COPY (git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- NFSD: Replace the 'init once' mechanism (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: verify the opened dentry after setting a delegation (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- NFSD: Zero counters when the filecache is re-initialized (git-fixes).
- NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- PCI: Extend ACS configurability (bsc#1228090).
- PCI: Fix resource double counting on remove & rescan (git-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- RDMA/hns: Check atomic wr length (git-fixes)
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783).
- Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783).
- Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
- Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rpm/guards: fix precedence issue with control flow operator With perl 5.40 it report the following error on rpm/guards script: Possible precedence issue with control flow operator (exit) at scripts/guards line 208. Fix the issue by adding parenthesis around ternary operator.
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf:
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- USB: serial: option: add Rolling RW350-GL variants (stable-fixes).
- USB: serial: option: add support for Foxconn T99W651 (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- USB: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
ImportantSUSE bug 1082555SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1194324SUSE bug 1194869SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1202346SUSE bug 1202686SUSE bug 1208783SUSE bug 1209636SUSE bug 1213123SUSE bug 1215492SUSE bug 1215587SUSE bug 1216834SUSE bug 1219832SUSE bug 1220138SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1220869SUSE bug 1220876SUSE bug 1220942SUSE bug 1220952SUSE bug 1221010SUSE bug 1221044SUSE bug 1221647SUSE bug 1221654SUSE bug 1221656SUSE bug 1221659SUSE bug 1221777SUSE bug 1222011SUSE bug 1222323SUSE bug 1222326SUSE bug 1222328SUSE bug 1222625SUSE bug 1222702SUSE bug 1222728SUSE bug 1222799SUSE bug 1222809SUSE bug 1222810SUSE bug 1223021SUSE bug 1223180SUSE bug 1223635SUSE bug 1223652SUSE bug 1223675SUSE bug 1223778SUSE bug 1223806SUSE bug 1223813SUSE bug 1223815SUSE bug 1223836SUSE bug 1223863SUSE bug 1224414SUSE bug 1224499SUSE bug 1224500SUSE bug 1224512SUSE bug 1224516SUSE bug 1224517SUSE bug 1224545SUSE bug 1224548SUSE bug 1224557SUSE bug 1224572SUSE bug 1224573SUSE bug 1224585SUSE bug 1224604SUSE bug 1224636SUSE bug 1224641SUSE bug 1224683SUSE bug 1224694SUSE bug 1224700SUSE bug 1224743SUSE bug 1225088SUSE bug 1225272SUSE bug 1225301SUSE bug 1225475SUSE bug 1225489SUSE bug 1225504SUSE bug 1225505SUSE bug 1225564SUSE bug 1225573SUSE bug 1225581SUSE bug 1225586SUSE bug 1225711SUSE bug 1225717SUSE bug 1225719SUSE bug 1225744SUSE bug 1225745SUSE bug 1225746SUSE bug 1225752SUSE bug 1225753SUSE bug 1225757SUSE bug 1225767SUSE bug 1225810SUSE bug 1225815SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225838SUSE bug 1225839SUSE bug 1225843SUSE bug 1225847SUSE bug 1225851SUSE bug 1225856SUSE bug 1225895SUSE bug 1225898SUSE bug 1225903SUSE bug 1226202SUSE bug 1226502SUSE bug 1226519SUSE bug 1226551SUSE bug 1226555SUSE bug 1226565SUSE bug 1226568SUSE bug 1226570SUSE bug 1226571SUSE bug 1226574SUSE bug 1226588SUSE bug 1226607SUSE bug 1226650SUSE bug 1226698SUSE bug 1226713SUSE bug 1226716SUSE bug 1226750SUSE bug 1226757SUSE bug 1226758SUSE bug 1226775SUSE bug 1226783SUSE bug 1226785SUSE bug 1226834SUSE bug 1226837SUSE bug 1226911SUSE bug 1226990SUSE bug 1226993SUSE bug 1227090SUSE bug 1227121SUSE bug 1227157SUSE bug 1227162SUSE bug 1227362SUSE bug 1227383SUSE bug 1227432SUSE bug 1227435SUSE bug 1227447SUSE bug 1227487SUSE bug 1227549SUSE bug 1227573SUSE bug 1227618SUSE bug 1227620SUSE bug 1227626SUSE bug 1227635SUSE bug 1227661SUSE bug 1227716SUSE bug 1227722SUSE bug 1227724SUSE bug 1227725SUSE bug 1227728SUSE bug 1227729SUSE bug 1227730SUSE bug 1227732SUSE bug 1227733SUSE bug 1227750SUSE bug 1227754SUSE bug 1227755SUSE bug 1227760SUSE bug 1227762SUSE bug 1227763SUSE bug 1227764SUSE bug 1227766SUSE bug 1227770SUSE bug 1227771SUSE bug 1227772SUSE bug 1227774SUSE bug 1227779SUSE bug 1227780SUSE bug 1227783SUSE bug 1227786SUSE bug 1227787SUSE bug 1227790SUSE bug 1227792SUSE bug 1227796SUSE bug 1227797SUSE bug 1227798SUSE bug 1227800SUSE bug 1227802SUSE bug 1227806SUSE bug 1227808SUSE bug 1227810SUSE bug 1227812SUSE bug 1227813SUSE bug 1227814SUSE bug 1227816SUSE bug 1227820SUSE bug 1227823SUSE bug 1227824SUSE bug 1227828SUSE bug 1227829SUSE bug 1227836SUSE bug 1227846SUSE bug 1227849SUSE bug 1227851SUSE bug 1227862SUSE bug 1227864SUSE bug 1227865SUSE bug 1227866SUSE bug 1227870SUSE bug 1227884SUSE bug 1227886SUSE bug 1227891SUSE bug 1227893SUSE bug 1227899SUSE bug 1227900SUSE bug 1227910SUSE bug 1227913SUSE bug 1227917SUSE bug 1227919SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227927SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227936SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227947SUSE bug 1227948SUSE bug 1227949SUSE bug 1227950SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227957SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227992SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228003SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228011SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228020SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228067SUSE bug 1228068SUSE bug 1228071SUSE bug 1228079SUSE bug 1228090SUSE bug 1228114SUSE bug 1228140SUSE bug 1228190SUSE bug 1228191SUSE bug 1228195SUSE bug 1228202SUSE bug 1228226SUSE bug 1228235SUSE bug 1228237SUSE bug 1228247SUSE bug 1228327SUSE bug 1228328SUSE bug 1228330SUSE bug 1228403SUSE bug 1228405SUSE bug 1228408SUSE bug 1228409SUSE bug 1228410SUSE bug 1228418SUSE bug 1228440SUSE bug 1228459SUSE bug 1228462SUSE bug 1228470SUSE bug 1228518SUSE bug 1228520SUSE bug 1228530SUSE bug 1228561SUSE bug 1228565SUSE bug 1228580SUSE bug 1228581SUSE bug 1228591SUSE bug 1228599SUSE bug 1228617SUSE bug 1228625SUSE bug 1228626SUSE bug 1228633SUSE bug 1228640SUSE bug 1228644SUSE bug 1228649SUSE bug 1228655SUSE bug 1228665SUSE bug 1228672SUSE bug 1228680SUSE bug 1228705SUSE bug 1228723SUSE bug 1228743SUSE bug 1228756SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857CVE-2021-47086 at SUSECVE-2021-47086 at NVDCVE-2021-47103 at SUSECVE-2021-47103 at NVDCVE-2021-47186 at SUSECVE-2021-47186 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2021-47547 at SUSECVE-2021-47547 at NVDCVE-2021-47588 at SUSECVE-2021-47588 at NVDCVE-2021-47590 at SUSECVE-2021-47590 at NVDCVE-2021-47591 at SUSECVE-2021-47591 at NVDCVE-2021-47593 at SUSECVE-2021-47593 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47599 at SUSECVE-2021-47599 at NVDCVE-2021-47606 at SUSECVE-2021-47606 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47623 at SUSECVE-2021-47623 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48785 at SUSECVE-2022-48785 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48809 at SUSECVE-2022-48809 at NVDCVE-2022-48810 at SUSECVE-2022-48810 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48844 at SUSECVE-2022-48844 at NVDCVE-2022-48846 at SUSECVE-2022-48846 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48850 at SUSECVE-2022-48850 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48852 at SUSECVE-2022-48852 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48855 at SUSECVE-2022-48855 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48864 at SUSECVE-2022-48864 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-52435 at SUSECVE-2023-52435 at NVDCVE-2023-52573 at SUSECVE-2023-52573 at NVDCVE-2023-52580 at SUSECVE-2023-52580 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52751 at SUSECVE-2023-52751 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52775 at SUSECVE-2023-52775 at NVDCVE-2023-52812 at SUSECVE-2023-52812 at NVDCVE-2023-52857 at SUSECVE-2023-52857 at NVDCVE-2023-52863 at SUSECVE-2023-52863 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-25741 at SUSECVE-2024-25741 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26615 at SUSECVE-2024-26615 at NVDCVE-2024-26633 at SUSECVE-2024-26633 at NVDCVE-2024-26635 at SUSECVE-2024-26635 at NVDCVE-2024-26636 at SUSECVE-2024-26636 at NVDCVE-2024-26641 at SUSECVE-2024-26641 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26663 at SUSECVE-2024-26663 at NVDCVE-2024-26665 at SUSECVE-2024-26665 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26802 at SUSECVE-2024-26802 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26863 at SUSECVE-2024-26863 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26961 at SUSECVE-2024-26961 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-27015 at SUSECVE-2024-27015 at NVDCVE-2024-27019 at SUSECVE-2024-27019 at NVDCVE-2024-27020 at SUSECVE-2024-27020 at NVDCVE-2024-27025 at SUSECVE-2024-27025 at NVDCVE-2024-27065 at SUSECVE-2024-27065 at NVDCVE-2024-27402 at SUSECVE-2024-27402 at NVDCVE-2024-27437 at SUSECVE-2024-27437 at NVDCVE-2024-35805 at SUSECVE-2024-35805 at NVDCVE-2024-35819 at SUSECVE-2024-35819 at NVDCVE-2024-35837 at SUSECVE-2024-35837 at NVDCVE-2024-35853 at SUSECVE-2024-35853 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35855 at SUSECVE-2024-35855 at NVDCVE-2024-35889 at SUSECVE-2024-35889 at NVDCVE-2024-35890 at SUSECVE-2024-35890 at NVDCVE-2024-35893 at SUSECVE-2024-35893 at NVDCVE-2024-35899 at SUSECVE-2024-35899 at NVDCVE-2024-35934 at SUSECVE-2024-35934 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-35961 at SUSECVE-2024-35961 at NVDCVE-2024-35979 at SUSECVE-2024-35979 at NVDCVE-2024-35995 at SUSECVE-2024-35995 at NVDCVE-2024-36000 at SUSECVE-2024-36000 at NVDCVE-2024-36004 at SUSECVE-2024-36004 at NVDCVE-2024-36288 at SUSECVE-2024-36288 at NVDCVE-2024-36889 at SUSECVE-2024-36889 at NVDCVE-2024-36901 at SUSECVE-2024-36901 at NVDCVE-2024-36902 at SUSECVE-2024-36902 at NVDCVE-2024-36909 at SUSECVE-2024-36909 at NVDCVE-2024-36910 at SUSECVE-2024-36910 at NVDCVE-2024-36911 at SUSECVE-2024-36911 at NVDCVE-2024-36912 at SUSECVE-2024-36912 at NVDCVE-2024-36913 at SUSECVE-2024-36913 at NVDCVE-2024-36914 at SUSECVE-2024-36914 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36923 at SUSECVE-2024-36923 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36939 at SUSECVE-2024-36939 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36946 at SUSECVE-2024-36946 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38558 at SUSECVE-2024-38558 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38570 at SUSECVE-2024-38570 at NVDCVE-2024-38586 at SUSECVE-2024-38586 at NVDCVE-2024-38588 at SUSECVE-2024-38588 at NVDCVE-2024-38598 at SUSECVE-2024-38598 at NVDCVE-2024-38628 at SUSECVE-2024-38628 at NVDCVE-2024-39276 at SUSECVE-2024-39276 at NVDCVE-2024-39371 at SUSECVE-2024-39371 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39472 at SUSECVE-2024-39472 at NVDCVE-2024-39475 at SUSECVE-2024-39475 at NVDCVE-2024-39482 at SUSECVE-2024-39482 at NVDCVE-2024-39487 at SUSECVE-2024-39487 at NVDCVE-2024-39488 at SUSECVE-2024-39488 at NVDCVE-2024-39490 at SUSECVE-2024-39490 at NVDCVE-2024-39493 at SUSECVE-2024-39493 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-39497 at SUSECVE-2024-39497 at NVDCVE-2024-39499 at SUSECVE-2024-39499 at NVDCVE-2024-39500 at SUSECVE-2024-39500 at NVDCVE-2024-39501 at SUSECVE-2024-39501 at NVDCVE-2024-39502 at SUSECVE-2024-39502 at NVDCVE-2024-39505 at SUSECVE-2024-39505 at NVDCVE-2024-39506 at SUSECVE-2024-39506 at NVDCVE-2024-39507 at SUSECVE-2024-39507 at NVDCVE-2024-39508 at SUSECVE-2024-39508 at NVDCVE-2024-39509 at SUSECVE-2024-39509 at NVDCVE-2024-40900 at SUSECVE-2024-40900 at NVDCVE-2024-40901 at SUSECVE-2024-40901 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40903 at SUSECVE-2024-40903 at NVDCVE-2024-40904 at SUSECVE-2024-40904 at NVDCVE-2024-40906 at SUSECVE-2024-40906 at NVDCVE-2024-40908 at SUSECVE-2024-40908 at NVDCVE-2024-40909 at SUSECVE-2024-40909 at NVDCVE-2024-40911 at SUSECVE-2024-40911 at NVDCVE-2024-40912 at SUSECVE-2024-40912 at NVDCVE-2024-40916 at SUSECVE-2024-40916 at NVDCVE-2024-40919 at SUSECVE-2024-40919 at NVDCVE-2024-40923 at SUSECVE-2024-40923 at NVDCVE-2024-40924 at SUSECVE-2024-40924 at NVDCVE-2024-40927 at SUSECVE-2024-40927 at NVDCVE-2024-40929 at SUSECVE-2024-40929 at NVDCVE-2024-40931 at SUSECVE-2024-40931 at NVDCVE-2024-40932 at SUSECVE-2024-40932 at NVDCVE-2024-40934 at SUSECVE-2024-40934 at NVDCVE-2024-40935 at SUSECVE-2024-40935 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40940 at SUSECVE-2024-40940 at NVDCVE-2024-40941 at SUSECVE-2024-40941 at NVDCVE-2024-40942 at SUSECVE-2024-40942 at NVDCVE-2024-40943 at SUSECVE-2024-40943 at NVDCVE-2024-40945 at SUSECVE-2024-40945 at NVDCVE-2024-40953 at SUSECVE-2024-40953 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40958 at SUSECVE-2024-40958 at NVDCVE-2024-40959 at SUSECVE-2024-40959 at NVDCVE-2024-40960 at SUSECVE-2024-40960 at NVDCVE-2024-40961 at SUSECVE-2024-40961 at NVDCVE-2024-40966 at SUSECVE-2024-40966 at NVDCVE-2024-40967 at SUSECVE-2024-40967 at NVDCVE-2024-40970 at SUSECVE-2024-40970 at NVDCVE-2024-40972 at SUSECVE-2024-40972 at NVDCVE-2024-40976 at SUSECVE-2024-40976 at NVDCVE-2024-40977 at SUSECVE-2024-40977 at NVDCVE-2024-40981 at SUSECVE-2024-40981 at NVDCVE-2024-40982 at SUSECVE-2024-40982 at NVDCVE-2024-40984 at SUSECVE-2024-40984 at NVDCVE-2024-40987 at SUSECVE-2024-40987 at NVDCVE-2024-40988 at SUSECVE-2024-40988 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40990 at SUSECVE-2024-40990 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-40998 at SUSECVE-2024-40998 at NVDCVE-2024-40999 at SUSECVE-2024-40999 at NVDCVE-2024-41002 at SUSECVE-2024-41002 at NVDCVE-2024-41004 at SUSECVE-2024-41004 at NVDCVE-2024-41006 at SUSECVE-2024-41006 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41013 at SUSECVE-2024-41013 at NVDCVE-2024-41014 at SUSECVE-2024-41014 at NVDCVE-2024-41015 at SUSECVE-2024-41015 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41017 at SUSECVE-2024-41017 at NVDCVE-2024-41040 at SUSECVE-2024-41040 at NVDCVE-2024-41041 at SUSECVE-2024-41041 at NVDCVE-2024-41044 at SUSECVE-2024-41044 at NVDCVE-2024-41048 at SUSECVE-2024-41048 at NVDCVE-2024-41057 at SUSECVE-2024-41057 at NVDCVE-2024-41058 at SUSECVE-2024-41058 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41063 at SUSECVE-2024-41063 at NVDCVE-2024-41064 at SUSECVE-2024-41064 at NVDCVE-2024-41066 at SUSECVE-2024-41066 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41070 at SUSECVE-2024-41070 at NVDCVE-2024-41071 at SUSECVE-2024-41071 at NVDCVE-2024-41072 at SUSECVE-2024-41072 at NVDCVE-2024-41076 at SUSECVE-2024-41076 at NVDCVE-2024-41078 at SUSECVE-2024-41078 at NVDCVE-2024-41081 at SUSECVE-2024-41081 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-41091 at SUSECVE-2024-41091 at NVDCVE-2024-42070 at SUSECVE-2024-42070 at NVDCVE-2024-42079 at SUSECVE-2024-42079 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42096 at SUSECVE-2024-42096 at NVDCVE-2024-42105 at SUSECVE-2024-42105 at NVDCVE-2024-42122 at SUSECVE-2024-42122 at NVDCVE-2024-42124 at SUSECVE-2024-42124 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42161 at SUSECVE-2024-42161 at NVDCVE-2024-42224 at SUSECVE-2024-42224 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869).
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323).
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
- CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
- CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103).
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722).
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- acpi: EC: Abort address space access upon error (stable-fixes).
- acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- acpi: x86: Force StorageD3Enable on more products (stable-fixes).
- acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes).
- alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- alsa: emux: improve patch ioctl data validation (stable-fixes).
- alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- alsa: timer: Set lower bound of start tick time (stable-fixes).
- alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- asoc: amd: acp: add a null check for chip_pdev structure (git-fixes).
- asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- asoc: amd: Adjust error handling in case of absent codec device (git-fixes).
- asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- asoc: max98088: Check for clk_prepare_enable() error (git-fixes).
- asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- asoc: rt715-sdca: volume step modification (stable-fixes).
- asoc: rt715: add vendor clear control register (stable-fixes).
- asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block, loop: support partitions without scanning (bsc#1227162).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN .
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- hid: Add quirk for Logitech Casa touchpad (stable-fixes).
- hid: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- input: qt1050 - handle CHIP_ID reading error (git-fixes).
- input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kabi: bpf: callback fixes kABI workaround (bsc#1225903).
- kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kabi: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-binary: vdso: Own module_dir
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869).
- kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- kvm: x86: Add IBPB_BRTYPE support (bsc#1228079).
- kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes).
- kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- nfsd enforce filehandle check for source file in COPY (git-fixes).
- nfsd: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- nfsd: Clean up nfsd_open_verified() (git-fixes).
- nfsd: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up unused code after rhashtable conversion (git-fixes).
- nfsd: Convert filecache to rhltable (git-fixes).
- nfsd: Convert the filecache to use rhashtable (git-fixes).
- nfsd: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- nfsd: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- nfsd: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- nfsd: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- nfsd: Flesh out a documenting comment for filecache.c (git-fixes).
- nfsd: handle errors better in write_ports_addfd() (git-fixes).
- nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- nfsd: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- nfsd: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- nfsd: nfsd_file_put() can sleep (git-fixes).
- nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- nfsd: No longer record nf_hashval in the trace log (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- nfsd: Record number of flush calls (git-fixes).
- nfsd: Refactor __nfsd_file_close_inode() (git-fixes).
- nfsd: Refactor nfsd_create_setattr() (git-fixes).
- nfsd: Refactor nfsd_file_gc() (git-fixes).
- nfsd: Refactor nfsd_file_lru_scan() (git-fixes).
- nfsd: Refactor NFSv3 CREATE (git-fixes).
- nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- nfsd: Remove do_nfsd_create() (git-fixes).
- nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- nfsd: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: Replace the 'init once' mechanism (git-fixes).
- nfsd: Report average age of filecache items (git-fixes).
- nfsd: Report count of calls to nfsd_file_acquire() (git-fixes).
- nfsd: Report count of freed filecache items (git-fixes).
- nfsd: Report filecache LRU size (git-fixes).
- nfsd: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- nfsd: Separate tracepoints for acquire and create (git-fixes).
- nfsd: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- nfsd: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- nfsd: Trace filecache LRU activity (git-fixes).
- nfsd: Trace filecache opens (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: verify the opened dentry after setting a delegation (git-fixes).
- nfsd: WARN when freeing an item still linked via nf_lru (git-fixes).
- nfsd: Write verifier might go backwards (git-fixes).
- nfsd: Zero counters when the filecache is re-initialized (git-fixes).
- nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nfsv4: Fixup smatch warning for ambiguous return (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: ensure reset state check ordering (bsc#1215492).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- pci: Clear Secondary Status errors after enumeration (bsc#1226928)
- pci: Extend ACS configurability (bsc#1228090).
- pci: Fix resource double counting on remove & rescan (git-fixes).
- pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- pci: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- pci: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pci/aspm: Update save_state when configuration changes (bsc#1226915)
- pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- pwm: stm32: Always do lazy disabling (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- ras/amd/atl: Fix MI300 bank hash (bsc#1225300).
- ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- rdma/cache: Release GID table even if leak is detected (git-fixes)
- rdma/device: Return error earlier if port in not valid (git-fixes)
- rdma/hns: Check atomic wr length (git-fixes)
- rdma/hns: Fix incorrect sge nums calculation (git-fixes)
- rdma/hns: Fix insufficient extend DB for VFs. (git-fixes)
- rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- rdma/irdma: Drop unused kernel push code (git-fixes)
- rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- rdma/mana_ib: Ignore optional access flags for MRs (git-fixes).
- rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- rdma/mlx4: Fix truncated output warning in mad.c (git-fixes)
- rdma/mlx5: Add check for srq max_sge attribute (git-fixes)
- rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- rdma/restrack: Fix potential invalid address access (git-fixes)
- rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- Revert 'Add remote for nfs maintainer'
- Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783).
- Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783).
- Revert 'build initrd without systemd' (bsc#1195775)'.
- Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
- Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rpm/guards: fix precedence issue with control flow operator
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211)
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679.
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- sunrpc: Fix gss_free_in_token_pages() (git-fixes).
- sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- sunrpc: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: serial: mos7840: fix crash on resume (git-fixes).
- usb: serial: option: add Fibocom FM350-GL (stable-fixes).
- usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- usb: serial: option: add Rolling RW350-GL variants (stable-fixes).
- usb: serial: option: add support for Foxconn T99W651 (stable-fixes).
- usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- usb: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- usb: xhci-plat: fix legacy PHY double init (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- watchdog: bd9576: Drop 'always-running' property (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x.509: Fix the parser of extended key usage for length (bsc#1218820).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
ImportantSUSE bug 1082555SUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195775SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1205205SUSE bug 1207361SUSE bug 1208783SUSE bug 1209636SUSE bug 1213123SUSE bug 1215492SUSE bug 1215587SUSE bug 1216834SUSE bug 1217912SUSE bug 1218148SUSE bug 1218570SUSE bug 1218820SUSE bug 1219224SUSE bug 1219633SUSE bug 1219832SUSE bug 1219847SUSE bug 1220138SUSE bug 1220185SUSE bug 1220186SUSE bug 1220368SUSE bug 1220812SUSE bug 1220869SUSE bug 1220876SUSE bug 1220942SUSE bug 1220952SUSE bug 1220958SUSE bug 1221010SUSE bug 1221086SUSE bug 1221282SUSE bug 1221647SUSE bug 1221654SUSE bug 1221656SUSE bug 1221659SUSE bug 1221958SUSE bug 1222015SUSE bug 1222072SUSE bug 1222080SUSE bug 1222241SUSE bug 1222254SUSE bug 1222323SUSE bug 1222326SUSE bug 1222328SUSE bug 1222364SUSE bug 1222625SUSE bug 1222702SUSE bug 1222728SUSE bug 1222799SUSE bug 1222809SUSE bug 1222810SUSE bug 1222893SUSE bug 1223013SUSE bug 1223018SUSE bug 1223021SUSE bug 1223180SUSE bug 1223265SUSE bug 1223384SUSE bug 1223635SUSE bug 1223641SUSE bug 1223652SUSE bug 1223675SUSE bug 1223778SUSE bug 1223806SUSE bug 1223813SUSE bug 1223815SUSE bug 1223836SUSE bug 1223863SUSE bug 1224020SUSE bug 1224331SUSE bug 1224414SUSE bug 1224488SUSE bug 1224497SUSE bug 1224498SUSE bug 1224499SUSE bug 1224500SUSE bug 1224504SUSE bug 1224512SUSE bug 1224516SUSE bug 1224517SUSE bug 1224520SUSE bug 1224539SUSE bug 1224540SUSE bug 1224545SUSE bug 1224548SUSE bug 1224552SUSE bug 1224557SUSE bug 1224572SUSE bug 1224573SUSE bug 1224583SUSE bug 1224585SUSE bug 1224588SUSE bug 1224602SUSE bug 1224603SUSE bug 1224604SUSE bug 1224605SUSE bug 1224612SUSE bug 1224614SUSE bug 1224619SUSE bug 1224636SUSE bug 1224641SUSE bug 1224661SUSE bug 1224662SUSE bug 1224670SUSE bug 1224671SUSE bug 1224674SUSE bug 1224677SUSE bug 1224679SUSE bug 1224683SUSE bug 1224694SUSE bug 1224696SUSE bug 1224700SUSE bug 1224703SUSE bug 1224712SUSE bug 1224716SUSE bug 1224719SUSE bug 1224735SUSE bug 1224743SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1224946SUSE bug 1224951SUSE bug 1225050SUSE bug 1225088SUSE bug 1225098SUSE bug 1225105SUSE bug 1225272SUSE bug 1225300SUSE bug 1225389SUSE bug 1225391SUSE bug 1225419SUSE bug 1225426SUSE bug 1225448SUSE bug 1225452SUSE bug 1225467SUSE bug 1225475SUSE bug 1225484SUSE bug 1225487SUSE bug 1225489SUSE bug 1225504SUSE bug 1225505SUSE bug 1225514SUSE bug 1225518SUSE bug 1225535SUSE bug 1225564SUSE bug 1225573SUSE bug 1225581SUSE bug 1225585SUSE bug 1225586SUSE bug 1225602SUSE bug 1225611SUSE bug 1225681SUSE bug 1225692SUSE bug 1225698SUSE bug 1225699SUSE bug 1225704SUSE bug 1225711SUSE bug 1225714SUSE bug 1225717SUSE bug 1225719SUSE bug 1225726SUSE bug 1225732SUSE bug 1225737SUSE bug 1225744SUSE bug 1225745SUSE bug 1225746SUSE bug 1225749SUSE bug 1225752SUSE bug 1225753SUSE bug 1225757SUSE bug 1225758SUSE bug 1225759SUSE bug 1225760SUSE bug 1225767SUSE bug 1225770SUSE bug 1225815SUSE bug 1225823SUSE bug 1225834SUSE bug 1225838SUSE bug 1225840SUSE bug 1225851SUSE bug 1225866SUSE bug 1225872SUSE bug 1225894SUSE bug 1225903SUSE bug 1226022SUSE bug 1226131SUSE bug 1226145SUSE bug 1226149SUSE bug 1226155SUSE bug 1226202SUSE bug 1226211SUSE bug 1226212SUSE bug 1226226SUSE bug 1226502SUSE bug 1226514SUSE bug 1226519SUSE bug 1226520SUSE bug 1226537SUSE bug 1226538SUSE bug 1226539SUSE bug 1226550SUSE bug 1226551SUSE bug 1226552SUSE bug 1226553SUSE bug 1226554SUSE bug 1226555SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226565SUSE bug 1226566SUSE bug 1226567SUSE bug 1226568SUSE bug 1226569SUSE bug 1226570SUSE bug 1226571SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226579SUSE bug 1226580SUSE bug 1226581SUSE bug 1226582SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226588SUSE bug 1226593SUSE bug 1226595SUSE bug 1226597SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226610SUSE bug 1226614SUSE bug 1226616SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226622SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226632SUSE bug 1226633SUSE bug 1226634SUSE bug 1226637SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226653SUSE bug 1226657SUSE bug 1226658SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226678SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226693SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226704SUSE bug 1226705SUSE bug 1226706SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226718SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226730SUSE bug 1226732SUSE bug 1226734SUSE bug 1226735SUSE bug 1226737SUSE bug 1226738SUSE bug 1226739SUSE bug 1226740SUSE bug 1226744SUSE bug 1226746SUSE bug 1226747SUSE bug 1226749SUSE bug 1226750SUSE bug 1226754SUSE bug 1226757SUSE bug 1226762SUSE bug 1226764SUSE bug 1226767SUSE bug 1226768SUSE bug 1226769SUSE bug 1226771SUSE bug 1226774SUSE bug 1226775SUSE bug 1226777SUSE bug 1226780SUSE bug 1226781SUSE bug 1226783SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226791SUSE bug 1226834SUSE bug 1226837SUSE bug 1226839SUSE bug 1226840SUSE bug 1226841SUSE bug 1226842SUSE bug 1226848SUSE bug 1226852SUSE bug 1226857SUSE bug 1226861SUSE bug 1226863SUSE bug 1226864SUSE bug 1226867SUSE bug 1226868SUSE bug 1226876SUSE bug 1226878SUSE bug 1226883SUSE bug 1226886SUSE bug 1226890SUSE bug 1226891SUSE bug 1226895SUSE bug 1226908SUSE bug 1226911SUSE bug 1226915SUSE bug 1226928SUSE bug 1226948SUSE bug 1226949SUSE bug 1226950SUSE bug 1226953SUSE bug 1226962SUSE bug 1226976SUSE bug 1226990SUSE bug 1226992SUSE bug 1226993SUSE bug 1226994SUSE bug 1226996SUSE bug 1227066SUSE bug 1227090SUSE bug 1227096SUSE bug 1227101SUSE bug 1227103SUSE bug 1227121SUSE bug 1227157SUSE bug 1227162SUSE bug 1227274SUSE bug 1227362SUSE bug 1227383SUSE bug 1227432SUSE bug 1227435SUSE bug 1227447SUSE bug 1227487SUSE bug 1227573SUSE bug 1227618SUSE bug 1227620SUSE bug 1227626SUSE bug 1227635SUSE bug 1227661SUSE bug 1227716SUSE bug 1227722SUSE bug 1227724SUSE bug 1227725SUSE bug 1227728SUSE bug 1227729SUSE bug 1227730SUSE bug 1227732SUSE bug 1227733SUSE bug 1227750SUSE bug 1227754SUSE bug 1227755SUSE bug 1227760SUSE bug 1227762SUSE bug 1227763SUSE bug 1227764SUSE bug 1227766SUSE bug 1227770SUSE bug 1227771SUSE bug 1227772SUSE bug 1227774SUSE bug 1227779SUSE bug 1227780SUSE bug 1227783SUSE bug 1227786SUSE bug 1227787SUSE bug 1227790SUSE bug 1227792SUSE bug 1227796SUSE bug 1227797SUSE bug 1227798SUSE bug 1227800SUSE bug 1227802SUSE bug 1227806SUSE bug 1227808SUSE bug 1227810SUSE bug 1227812SUSE bug 1227813SUSE bug 1227814SUSE bug 1227816SUSE bug 1227820SUSE bug 1227823SUSE bug 1227824SUSE bug 1227828SUSE bug 1227829SUSE bug 1227836SUSE bug 1227846SUSE bug 1227849SUSE bug 1227851SUSE bug 1227862SUSE bug 1227864SUSE bug 1227865SUSE bug 1227866SUSE bug 1227870SUSE bug 1227884SUSE bug 1227886SUSE bug 1227891SUSE bug 1227893SUSE bug 1227899SUSE bug 1227900SUSE bug 1227910SUSE bug 1227913SUSE bug 1227917SUSE bug 1227919SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227927SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227936SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227947SUSE bug 1227948SUSE bug 1227949SUSE bug 1227950SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227957SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227992SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228003SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228011SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228020SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228067SUSE bug 1228068SUSE bug 1228071SUSE bug 1228079SUSE bug 1228090SUSE bug 1228114SUSE bug 1228140SUSE bug 1228190SUSE bug 1228191SUSE bug 1228226SUSE bug 1228235SUSE bug 1228247SUSE bug 1228327SUSE bug 1228328SUSE bug 1228330SUSE bug 1228403SUSE bug 1228405SUSE bug 1228408SUSE bug 1228409SUSE bug 1228410SUSE bug 1228418SUSE bug 1228459SUSE bug 1228462SUSE bug 1228470SUSE bug 1228518SUSE bug 1228520SUSE bug 1228530SUSE bug 1228561SUSE bug 1228565SUSE bug 1228580SUSE bug 1228581SUSE bug 1228591SUSE bug 1228599SUSE bug 1228617SUSE bug 1228625SUSE bug 1228626SUSE bug 1228633SUSE bug 1228640SUSE bug 1228644SUSE bug 1228649SUSE bug 1228655SUSE bug 1228665SUSE bug 1228672SUSE bug 1228680SUSE bug 1228705SUSE bug 1228723SUSE bug 1228743SUSE bug 1228756SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47086 at SUSECVE-2021-47086 at NVDCVE-2021-47089 at SUSECVE-2021-47089 at NVDCVE-2021-47103 at SUSECVE-2021-47103 at NVDCVE-2021-47186 at SUSECVE-2021-47186 at NVDCVE-2021-47432 at SUSECVE-2021-47432 at NVDCVE-2021-47515 at SUSECVE-2021-47515 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47539 at SUSECVE-2021-47539 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2021-47547 at SUSECVE-2021-47547 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47566 at SUSECVE-2021-47566 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47572 at SUSECVE-2021-47572 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47577 at SUSECVE-2021-47577 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47588 at SUSECVE-2021-47588 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47590 at SUSECVE-2021-47590 at NVDCVE-2021-47591 at SUSECVE-2021-47591 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47593 at SUSECVE-2021-47593 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47599 at SUSECVE-2021-47599 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47604 at SUSECVE-2021-47604 at NVDCVE-2021-47605 at SUSECVE-2021-47605 at NVDCVE-2021-47606 at SUSECVE-2021-47606 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47610 at SUSECVE-2021-47610 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47623 at SUSECVE-2021-47623 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48714 at SUSECVE-2022-48714 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48716 at SUSECVE-2022-48716 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48718 at SUSECVE-2022-48718 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48733 at SUSECVE-2022-48733 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48753 at SUSECVE-2022-48753 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48755 at SUSECVE-2022-48755 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48766 at SUSECVE-2022-48766 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48770 at SUSECVE-2022-48770 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48772 at SUSECVE-2022-48772 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48785 at SUSECVE-2022-48785 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48809 at SUSECVE-2022-48809 at NVDCVE-2022-48810 at SUSECVE-2022-48810 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48844 at SUSECVE-2022-48844 at NVDCVE-2022-48846 at SUSECVE-2022-48846 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48850 at SUSECVE-2022-48850 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48852 at SUSECVE-2022-48852 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48855 at SUSECVE-2022-48855 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48864 at SUSECVE-2022-48864 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52435 at SUSECVE-2023-52435 at NVDCVE-2023-52573 at SUSECVE-2023-52573 at NVDCVE-2023-52580 at SUSECVE-2023-52580 at NVDCVE-2023-52622 at SUSECVE-2023-52622 at NVDCVE-2023-52658 at SUSECVE-2023-52658 at NVDCVE-2023-52667 at SUSECVE-2023-52667 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52672 at SUSECVE-2023-52672 at NVDCVE-2023-52675 at SUSECVE-2023-52675 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52737 at SUSECVE-2023-52737 at NVDCVE-2023-52751 at SUSECVE-2023-52751 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52775 at SUSECVE-2023-52775 at NVDCVE-2023-52784 at SUSECVE-2023-52784 at NVDCVE-2023-52787 at SUSECVE-2023-52787 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52812 at SUSECVE-2023-52812 at NVDCVE-2023-52835 at SUSECVE-2023-52835 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52843 at SUSECVE-2023-52843 at NVDCVE-2023-52845 at SUSECVE-2023-52845 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52857 at SUSECVE-2023-52857 at NVDCVE-2023-52863 at SUSECVE-2023-52863 at NVDCVE-2023-52869 at SUSECVE-2023-52869 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52882 at SUSECVE-2023-52882 at NVDCVE-2023-52884 at SUSECVE-2023-52884 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-25741 at SUSECVE-2024-25741 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26615 at SUSECVE-2024-26615 at NVDCVE-2024-26625 at SUSECVE-2024-26625 at NVDCVE-2024-26633 at SUSECVE-2024-26633 at NVDCVE-2024-26635 at SUSECVE-2024-26635 at NVDCVE-2024-26636 at SUSECVE-2024-26636 at NVDCVE-2024-26641 at SUSECVE-2024-26641 at NVDCVE-2024-26644 at SUSECVE-2024-26644 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26663 at SUSECVE-2024-26663 at NVDCVE-2024-26665 at SUSECVE-2024-26665 at NVDCVE-2024-26720 at SUSECVE-2024-26720 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26802 at SUSECVE-2024-26802 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26842 at SUSECVE-2024-26842 at NVDCVE-2024-26845 at SUSECVE-2024-26845 at NVDCVE-2024-26863 at SUSECVE-2024-26863 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26961 at SUSECVE-2024-26961 at NVDCVE-2024-26973 at SUSECVE-2024-26973 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-27015 at SUSECVE-2024-27015 at NVDCVE-2024-27019 at SUSECVE-2024-27019 at NVDCVE-2024-27020 at SUSECVE-2024-27020 at NVDCVE-2024-27025 at SUSECVE-2024-27025 at NVDCVE-2024-27065 at SUSECVE-2024-27065 at NVDCVE-2024-27402 at SUSECVE-2024-27402 at NVDCVE-2024-27432 at SUSECVE-2024-27432 at NVDCVE-2024-27437 at SUSECVE-2024-27437 at NVDCVE-2024-33619 at SUSECVE-2024-33619 at NVDCVE-2024-35247 at SUSECVE-2024-35247 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35790 at SUSECVE-2024-35790 at NVDCVE-2024-35805 at SUSECVE-2024-35805 at NVDCVE-2024-35807 at SUSECVE-2024-35807 at NVDCVE-2024-35814 at SUSECVE-2024-35814 at NVDCVE-2024-35819 at SUSECVE-2024-35819 at NVDCVE-2024-35835 at SUSECVE-2024-35835 at NVDCVE-2024-35837 at SUSECVE-2024-35837 at NVDCVE-2024-35848 at SUSECVE-2024-35848 at NVDCVE-2024-35853 at SUSECVE-2024-35853 at NVDCVE-2024-35855 at SUSECVE-2024-35855 at NVDCVE-2024-35857 at SUSECVE-2024-35857 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35884 at SUSECVE-2024-35884 at NVDCVE-2024-35886 at SUSECVE-2024-35886 at NVDCVE-2024-35889 at SUSECVE-2024-35889 at NVDCVE-2024-35890 at SUSECVE-2024-35890 at NVDCVE-2024-35893 at SUSECVE-2024-35893 at NVDCVE-2024-35896 at SUSECVE-2024-35896 at NVDCVE-2024-35898 at SUSECVE-2024-35898 at NVDCVE-2024-35899 at SUSECVE-2024-35899 at NVDCVE-2024-35900 at SUSECVE-2024-35900 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35925 at SUSECVE-2024-35925 at NVDCVE-2024-35934 at SUSECVE-2024-35934 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35956 at SUSECVE-2024-35956 at NVDCVE-2024-35958 at SUSECVE-2024-35958 at NVDCVE-2024-35960 at SUSECVE-2024-35960 at NVDCVE-2024-35961 at SUSECVE-2024-35961 at NVDCVE-2024-35962 at SUSECVE-2024-35962 at NVDCVE-2024-35979 at SUSECVE-2024-35979 at NVDCVE-2024-35995 at SUSECVE-2024-35995 at NVDCVE-2024-35997 at SUSECVE-2024-35997 at NVDCVE-2024-36000 at SUSECVE-2024-36000 at NVDCVE-2024-36004 at SUSECVE-2024-36004 at NVDCVE-2024-36005 at SUSECVE-2024-36005 at NVDCVE-2024-36008 at SUSECVE-2024-36008 at NVDCVE-2024-36017 at SUSECVE-2024-36017 at NVDCVE-2024-36020 at SUSECVE-2024-36020 at NVDCVE-2024-36021 at SUSECVE-2024-36021 at NVDCVE-2024-36025 at SUSECVE-2024-36025 at NVDCVE-2024-36288 at SUSECVE-2024-36288 at NVDCVE-2024-36477 at SUSECVE-2024-36477 at NVDCVE-2024-36478 at SUSECVE-2024-36478 at NVDCVE-2024-36479 at SUSECVE-2024-36479 at NVDCVE-2024-36889 at SUSECVE-2024-36889 at NVDCVE-2024-36890 at SUSECVE-2024-36890 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36900 at SUSECVE-2024-36900 at NVDCVE-2024-36901 at SUSECVE-2024-36901 at NVDCVE-2024-36902 at SUSECVE-2024-36902 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36909 at SUSECVE-2024-36909 at NVDCVE-2024-36910 at SUSECVE-2024-36910 at NVDCVE-2024-36911 at SUSECVE-2024-36911 at NVDCVE-2024-36912 at SUSECVE-2024-36912 at NVDCVE-2024-36913 at SUSECVE-2024-36913 at NVDCVE-2024-36914 at SUSECVE-2024-36914 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-36916 at SUSECVE-2024-36916 at NVDCVE-2024-36917 at SUSECVE-2024-36917 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36923 at SUSECVE-2024-36923 at NVDCVE-2024-36934 at SUSECVE-2024-36934 at NVDCVE-2024-36937 at SUSECVE-2024-36937 at NVDCVE-2024-36939 at SUSECVE-2024-36939 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36945 at SUSECVE-2024-36945 at NVDCVE-2024-36946 at SUSECVE-2024-36946 at NVDCVE-2024-36949 at SUSECVE-2024-36949 at NVDCVE-2024-36960 at SUSECVE-2024-36960 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36965 at SUSECVE-2024-36965 at NVDCVE-2024-36967 at SUSECVE-2024-36967 at NVDCVE-2024-36969 at SUSECVE-2024-36969 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-36975 at SUSECVE-2024-36975 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-37021 at SUSECVE-2024-37021 at NVDCVE-2024-37078 at SUSECVE-2024-37078 at NVDCVE-2024-37354 at SUSECVE-2024-37354 at NVDCVE-2024-38381 at SUSECVE-2024-38381 at NVDCVE-2024-38388 at SUSECVE-2024-38388 at NVDCVE-2024-38390 at SUSECVE-2024-38390 at NVDCVE-2024-38540 at SUSECVE-2024-38540 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38544 at SUSECVE-2024-38544 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38546 at SUSECVE-2024-38546 at NVDCVE-2024-38547 at SUSECVE-2024-38547 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38549 at SUSECVE-2024-38549 at NVDCVE-2024-38550 at SUSECVE-2024-38550 at NVDCVE-2024-38552 at SUSECVE-2024-38552 at NVDCVE-2024-38553 at SUSECVE-2024-38553 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38556 at SUSECVE-2024-38556 at NVDCVE-2024-38557 at SUSECVE-2024-38557 at NVDCVE-2024-38558 at SUSECVE-2024-38558 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38565 at SUSECVE-2024-38565 at NVDCVE-2024-38567 at SUSECVE-2024-38567 at NVDCVE-2024-38568 at SUSECVE-2024-38568 at NVDCVE-2024-38570 at SUSECVE-2024-38570 at NVDCVE-2024-38571 at SUSECVE-2024-38571 at NVDCVE-2024-38573 at SUSECVE-2024-38573 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDCVE-2024-38579 at SUSECVE-2024-38579 at NVDCVE-2024-38580 at SUSECVE-2024-38580 at NVDCVE-2024-38581 at SUSECVE-2024-38581 at NVDCVE-2024-38582 at SUSECVE-2024-38582 at NVDCVE-2024-38583 at SUSECVE-2024-38583 at NVDCVE-2024-38586 at SUSECVE-2024-38586 at NVDCVE-2024-38587 at SUSECVE-2024-38587 at NVDCVE-2024-38588 at SUSECVE-2024-38588 at NVDCVE-2024-38590 at SUSECVE-2024-38590 at NVDCVE-2024-38591 at SUSECVE-2024-38591 at NVDCVE-2024-38594 at SUSECVE-2024-38594 at NVDCVE-2024-38597 at SUSECVE-2024-38597 at NVDCVE-2024-38598 at SUSECVE-2024-38598 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-38600 at SUSECVE-2024-38600 at NVDCVE-2024-38601 at SUSECVE-2024-38601 at NVDCVE-2024-38603 at SUSECVE-2024-38603 at NVDCVE-2024-38605 at SUSECVE-2024-38605 at NVDCVE-2024-38608 at SUSECVE-2024-38608 at NVDCVE-2024-38616 at SUSECVE-2024-38616 at NVDCVE-2024-38618 at SUSECVE-2024-38618 at NVDCVE-2024-38619 at SUSECVE-2024-38619 at NVDCVE-2024-38621 at SUSECVE-2024-38621 at NVDCVE-2024-38627 at SUSECVE-2024-38627 at NVDCVE-2024-38628 at SUSECVE-2024-38628 at NVDCVE-2024-38630 at SUSECVE-2024-38630 at NVDCVE-2024-38633 at SUSECVE-2024-38633 at NVDCVE-2024-38634 at SUSECVE-2024-38634 at NVDCVE-2024-38635 at SUSECVE-2024-38635 at NVDCVE-2024-38659 at SUSECVE-2024-38659 at NVDCVE-2024-38661 at SUSECVE-2024-38661 at NVDCVE-2024-38780 at SUSECVE-2024-38780 at NVDCVE-2024-39276 at SUSECVE-2024-39276 at NVDCVE-2024-39301 at SUSECVE-2024-39301 at NVDCVE-2024-39371 at SUSECVE-2024-39371 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39468 at SUSECVE-2024-39468 at NVDCVE-2024-39469 at SUSECVE-2024-39469 at NVDCVE-2024-39471 at SUSECVE-2024-39471 at NVDCVE-2024-39472 at SUSECVE-2024-39472 at NVDCVE-2024-39475 at SUSECVE-2024-39475 at NVDCVE-2024-39482 at SUSECVE-2024-39482 at NVDCVE-2024-39487 at SUSECVE-2024-39487 at NVDCVE-2024-39488 at SUSECVE-2024-39488 at NVDCVE-2024-39490 at SUSECVE-2024-39490 at NVDCVE-2024-39493 at SUSECVE-2024-39493 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-39497 at SUSECVE-2024-39497 at NVDCVE-2024-39499 at SUSECVE-2024-39499 at NVDCVE-2024-39500 at SUSECVE-2024-39500 at NVDCVE-2024-39501 at SUSECVE-2024-39501 at NVDCVE-2024-39502 at SUSECVE-2024-39502 at NVDCVE-2024-39505 at SUSECVE-2024-39505 at NVDCVE-2024-39506 at SUSECVE-2024-39506 at NVDCVE-2024-39507 at SUSECVE-2024-39507 at NVDCVE-2024-39508 at SUSECVE-2024-39508 at NVDCVE-2024-39509 at SUSECVE-2024-39509 at NVDCVE-2024-40900 at SUSECVE-2024-40900 at NVDCVE-2024-40901 at SUSECVE-2024-40901 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40903 at SUSECVE-2024-40903 at NVDCVE-2024-40904 at SUSECVE-2024-40904 at NVDCVE-2024-40906 at SUSECVE-2024-40906 at NVDCVE-2024-40908 at SUSECVE-2024-40908 at NVDCVE-2024-40909 at SUSECVE-2024-40909 at NVDCVE-2024-40911 at SUSECVE-2024-40911 at NVDCVE-2024-40912 at SUSECVE-2024-40912 at NVDCVE-2024-40916 at SUSECVE-2024-40916 at NVDCVE-2024-40919 at SUSECVE-2024-40919 at NVDCVE-2024-40923 at SUSECVE-2024-40923 at NVDCVE-2024-40924 at SUSECVE-2024-40924 at NVDCVE-2024-40927 at SUSECVE-2024-40927 at NVDCVE-2024-40929 at SUSECVE-2024-40929 at NVDCVE-2024-40931 at SUSECVE-2024-40931 at NVDCVE-2024-40932 at SUSECVE-2024-40932 at NVDCVE-2024-40934 at SUSECVE-2024-40934 at NVDCVE-2024-40935 at SUSECVE-2024-40935 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40940 at SUSECVE-2024-40940 at NVDCVE-2024-40941 at SUSECVE-2024-40941 at NVDCVE-2024-40942 at SUSECVE-2024-40942 at NVDCVE-2024-40943 at SUSECVE-2024-40943 at NVDCVE-2024-40945 at SUSECVE-2024-40945 at NVDCVE-2024-40953 at SUSECVE-2024-40953 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40958 at SUSECVE-2024-40958 at NVDCVE-2024-40959 at SUSECVE-2024-40959 at NVDCVE-2024-40960 at SUSECVE-2024-40960 at NVDCVE-2024-40961 at SUSECVE-2024-40961 at NVDCVE-2024-40966 at SUSECVE-2024-40966 at NVDCVE-2024-40967 at SUSECVE-2024-40967 at NVDCVE-2024-40970 at SUSECVE-2024-40970 at NVDCVE-2024-40972 at SUSECVE-2024-40972 at NVDCVE-2024-40976 at SUSECVE-2024-40976 at NVDCVE-2024-40977 at SUSECVE-2024-40977 at NVDCVE-2024-40981 at SUSECVE-2024-40981 at NVDCVE-2024-40982 at SUSECVE-2024-40982 at NVDCVE-2024-40984 at SUSECVE-2024-40984 at NVDCVE-2024-40987 at SUSECVE-2024-40987 at NVDCVE-2024-40988 at SUSECVE-2024-40988 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40990 at SUSECVE-2024-40990 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-40998 at SUSECVE-2024-40998 at NVDCVE-2024-40999 at SUSECVE-2024-40999 at NVDCVE-2024-41002 at SUSECVE-2024-41002 at NVDCVE-2024-41004 at SUSECVE-2024-41004 at NVDCVE-2024-41006 at SUSECVE-2024-41006 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41013 at SUSECVE-2024-41013 at NVDCVE-2024-41014 at SUSECVE-2024-41014 at NVDCVE-2024-41015 at SUSECVE-2024-41015 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41017 at SUSECVE-2024-41017 at NVDCVE-2024-41040 at SUSECVE-2024-41040 at NVDCVE-2024-41041 at SUSECVE-2024-41041 at NVDCVE-2024-41044 at SUSECVE-2024-41044 at NVDCVE-2024-41048 at SUSECVE-2024-41048 at NVDCVE-2024-41057 at SUSECVE-2024-41057 at NVDCVE-2024-41058 at SUSECVE-2024-41058 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41063 at SUSECVE-2024-41063 at NVDCVE-2024-41064 at SUSECVE-2024-41064 at NVDCVE-2024-41066 at SUSECVE-2024-41066 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41070 at SUSECVE-2024-41070 at NVDCVE-2024-41071 at SUSECVE-2024-41071 at NVDCVE-2024-41072 at SUSECVE-2024-41072 at NVDCVE-2024-41076 at SUSECVE-2024-41076 at NVDCVE-2024-41078 at SUSECVE-2024-41078 at NVDCVE-2024-41081 at SUSECVE-2024-41081 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-41091 at SUSECVE-2024-41091 at NVDCVE-2024-42070 at SUSECVE-2024-42070 at NVDCVE-2024-42079 at SUSECVE-2024-42079 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42096 at SUSECVE-2024-42096 at NVDCVE-2024-42105 at SUSECVE-2024-42105 at NVDCVE-2024-42122 at SUSECVE-2024-42122 at NVDCVE-2024-42124 at SUSECVE-2024-42124 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42161 at SUSECVE-2024-42161 at NVDCVE-2024-42224 at SUSECVE-2024-42224 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Important)SUSE Linux Enterprise Micro 5.5
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.5Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.5
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:suse:sle-micro:5.5Security update for unbound (Low)SUSE Linux Enterprise Micro 5.5
This update for unbound fixes the following issues:
- CVE-2024-43167: Fix null pointer dereference issue in function ub_ctx_set_fwd (bsc#1229068)
LowSUSE bug 1229068CVE-2024-43167 at SUSECVE-2024-43167 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
Other fixes:
- Update to Xen 4.17.5 security bug fix release (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1228574SUSE bug 1228575CVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
ImportantSUSE bug 1227322CVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:suse:sle-micro:5.5Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware fixes the following issues:
- CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:suse:sle-micro:5.5Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)
ModerateSUSE bug 1228924CVE-2024-7006 at SUSECVE-2024-7006 at NVDcpe:/o:suse:sle-micro:5.5Security update for buildah, docker (Critical)SUSE Linux Enterprise Micro 5.5
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.5Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.5
This update for systemd fixes the following issues:
- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)
Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).
ModerateSUSE bug 1218297SUSE bug 1221479SUSE bug 1226414SUSE bug 1228091CVE-2023-7008 at SUSECVE-2023-7008 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes).
- ACPI: bus: Rework system-level device notification handling (git-fixes).
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes).
- afs: Do not cross .backup mountpoint from backup volume (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- ceph: issue a cap release immediately if no cap exists (bsc#1225162).
- ceph: periodically flush the cap releases (bsc#1225162).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: Fix && vs || typos (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: Validate hw_points_num before using it (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- exfat: fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- exfat: redefine DIR_DELETED as the bad cluster number (git-fixes).
- exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229453).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq: Do not return error on missing optional irq_request_resources() (git-fixes).
- genirq: Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy (git-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix potential TX stall after interface reopen (git-fixes).
- net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- powerpc: Mark .opd section read-only (bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- RDMA/rxe: Handle zero length rdma (git-fixes)
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203329SUSE bug 1203330SUSE bug 1203360SUSE bug 1205462SUSE bug 1206006SUSE bug 1206258SUSE bug 1206843SUSE bug 1207158SUSE bug 1208783SUSE bug 1210644SUSE bug 1213580SUSE bug 1213632SUSE bug 1214285SUSE bug 1216834SUSE bug 1220428SUSE bug 1220877SUSE bug 1220962SUSE bug 1221269SUSE bug 1221326SUSE bug 1221630SUSE bug 1221645SUSE bug 1222335SUSE bug 1222350SUSE bug 1222372SUSE bug 1222387SUSE bug 1222634SUSE bug 1222808SUSE bug 1222967SUSE bug 1223074SUSE bug 1223191SUSE bug 1223508SUSE bug 1223720SUSE bug 1223742SUSE bug 1223777SUSE bug 1223803SUSE bug 1223807SUSE bug 1224105SUSE bug 1224415SUSE bug 1224496SUSE bug 1224510SUSE bug 1224542SUSE bug 1224578SUSE bug 1224639SUSE bug 1225162SUSE bug 1225352SUSE bug 1225428SUSE bug 1225524SUSE bug 1225578SUSE bug 1225582SUSE bug 1225773SUSE bug 1225814SUSE bug 1225827SUSE bug 1225832SUSE bug 1225903SUSE bug 1226168SUSE bug 1226530SUSE bug 1226613SUSE bug 1226742SUSE bug 1226765SUSE bug 1226798SUSE bug 1226801SUSE bug 1226874SUSE bug 1226885SUSE bug 1227079SUSE bug 1227623SUSE bug 1227761SUSE bug 1227830SUSE bug 1227863SUSE bug 1227867SUSE bug 1227929SUSE bug 1227937SUSE bug 1227958SUSE bug 1228020SUSE bug 1228065SUSE bug 1228114SUSE bug 1228410SUSE bug 1228426SUSE bug 1228427SUSE bug 1228429SUSE bug 1228446SUSE bug 1228447SUSE bug 1228449SUSE bug 1228450SUSE bug 1228452SUSE bug 1228456SUSE bug 1228463SUSE bug 1228466SUSE bug 1228467SUSE bug 1228469SUSE bug 1228480SUSE bug 1228481SUSE bug 1228482SUSE bug 1228483SUSE bug 1228484SUSE bug 1228485SUSE bug 1228487SUSE bug 1228489SUSE bug 1228491SUSE bug 1228493SUSE bug 1228494SUSE bug 1228495SUSE bug 1228496SUSE bug 1228501SUSE bug 1228503SUSE bug 1228509SUSE bug 1228513SUSE bug 1228515SUSE bug 1228516SUSE bug 1228526SUSE bug 1228531SUSE bug 1228563SUSE bug 1228564SUSE bug 1228567SUSE bug 1228576SUSE bug 1228579SUSE bug 1228584SUSE bug 1228588SUSE bug 1228590SUSE bug 1228615SUSE bug 1228616SUSE bug 1228635SUSE bug 1228636SUSE bug 1228654SUSE bug 1228656SUSE bug 1228658SUSE bug 1228660SUSE bug 1228662SUSE bug 1228667SUSE bug 1228673SUSE bug 1228677SUSE bug 1228687SUSE bug 1228706SUSE bug 1228708SUSE bug 1228710SUSE bug 1228718SUSE bug 1228720SUSE bug 1228721SUSE bug 1228722SUSE bug 1228724SUSE bug 1228726SUSE bug 1228727SUSE bug 1228733SUSE bug 1228748SUSE bug 1228766SUSE bug 1228779SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857SUSE bug 1228959SUSE bug 1228964SUSE bug 1228966SUSE bug 1228967SUSE bug 1228979SUSE bug 1228988SUSE bug 1228989SUSE bug 1228991SUSE bug 1228992SUSE bug 1229042SUSE bug 1229054SUSE bug 1229086SUSE bug 1229136SUSE bug 1229154SUSE bug 1229187SUSE bug 1229188SUSE bug 1229190SUSE bug 1229287SUSE bug 1229290SUSE bug 1229292SUSE bug 1229296SUSE bug 1229297SUSE bug 1229301SUSE bug 1229303SUSE bug 1229304SUSE bug 1229305SUSE bug 1229307SUSE bug 1229309SUSE bug 1229312SUSE bug 1229314SUSE bug 1229315SUSE bug 1229317SUSE bug 1229318SUSE bug 1229319SUSE bug 1229327SUSE bug 1229341SUSE bug 1229345SUSE bug 1229346SUSE bug 1229347SUSE bug 1229349SUSE bug 1229350SUSE bug 1229351SUSE bug 1229354SUSE bug 1229356SUSE bug 1229357SUSE bug 1229358SUSE bug 1229359SUSE bug 1229360SUSE bug 1229366SUSE bug 1229370SUSE bug 1229373SUSE bug 1229374SUSE bug 1229381SUSE bug 1229382SUSE bug 1229383SUSE bug 1229386SUSE bug 1229388SUSE bug 1229391SUSE bug 1229392SUSE bug 1229395SUSE bug 1229398SUSE bug 1229399SUSE bug 1229400SUSE bug 1229407SUSE bug 1229409SUSE bug 1229410SUSE bug 1229411SUSE bug 1229413SUSE bug 1229414SUSE bug 1229417SUSE bug 1229418SUSE bug 1229444SUSE bug 1229453SUSE bug 1229454SUSE bug 1229481SUSE bug 1229482SUSE bug 1229488SUSE bug 1229489SUSE bug 1229490SUSE bug 1229493SUSE bug 1229495SUSE bug 1229497SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229521SUSE bug 1229522SUSE bug 1229523SUSE bug 1229524SUSE bug 1229525SUSE bug 1229526SUSE bug 1229527SUSE bug 1229528SUSE bug 1229529SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229545SUSE bug 1229546SUSE bug 1229547SUSE bug 1229548SUSE bug 1229554SUSE bug 1229557SUSE bug 1229558SUSE bug 1229559SUSE bug 1229560SUSE bug 1229562SUSE bug 1229564SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229569SUSE bug 1229572SUSE bug 1229573SUSE bug 1229576SUSE bug 1229581SUSE bug 1229588SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229605SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229615SUSE bug 1229616SUSE bug 1229617SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229632SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229658SUSE bug 1229662SUSE bug 1229664SUSE bug 1229707SUSE bug 1229739SUSE bug 1229743SUSE bug 1229746SUSE bug 1229754SUSE bug 1229755SUSE bug 1229756SUSE bug 1229759SUSE bug 1229761SUSE bug 1229767SUSE bug 1229768SUSE bug 1229781SUSE bug 1229784SUSE bug 1229787SUSE bug 1229788SUSE bug 1229789SUSE bug 1229792SUSE bug 1229820CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2021-47106 at SUSECVE-2021-47106 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2022-48645 at SUSECVE-2022-48645 at NVDCVE-2022-48706 at SUSECVE-2022-48706 at NVDCVE-2022-48808 at SUSECVE-2022-48808 at NVDCVE-2022-48865 at SUSECVE-2022-48865 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48881 at SUSECVE-2022-48881 at NVDCVE-2022-48882 at SUSECVE-2022-48882 at NVDCVE-2022-48883 at SUSECVE-2022-48883 at NVDCVE-2022-48884 at SUSECVE-2022-48884 at NVDCVE-2022-48885 at SUSECVE-2022-48885 at NVDCVE-2022-48886 at SUSECVE-2022-48886 at NVDCVE-2022-48887 at SUSECVE-2022-48887 at NVDCVE-2022-48888 at SUSECVE-2022-48888 at NVDCVE-2022-48889 at SUSECVE-2022-48889 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48893 at SUSECVE-2022-48893 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48906 at SUSECVE-2022-48906 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48910 at SUSECVE-2022-48910 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48920 at SUSECVE-2022-48920 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48939 at SUSECVE-2022-48939 at NVDCVE-2022-48940 at SUSECVE-2022-48940 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-52458 at SUSECVE-2023-52458 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52498 at SUSECVE-2023-52498 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52859 at SUSECVE-2023-52859 at NVDCVE-2023-52887 at SUSECVE-2023-52887 at NVDCVE-2023-52889 at SUSECVE-2023-52889 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52899 at SUSECVE-2023-52899 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52904 at SUSECVE-2023-52904 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52906 at SUSECVE-2023-52906 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52908 at SUSECVE-2023-52908 at NVDCVE-2023-52909 at SUSECVE-2023-52909 at NVDCVE-2023-52910 at SUSECVE-2023-52910 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2023-52912 at SUSECVE-2023-52912 at NVDCVE-2023-52913 at SUSECVE-2023-52913 at NVDCVE-2024-26631 at SUSECVE-2024-26631 at NVDCVE-2024-26668 at SUSECVE-2024-26668 at NVDCVE-2024-26669 at SUSECVE-2024-26669 at NVDCVE-2024-26677 at SUSECVE-2024-26677 at NVDCVE-2024-26735 at SUSECVE-2024-26735 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26812 at SUSECVE-2024-26812 at NVDCVE-2024-26835 at SUSECVE-2024-26835 at NVDCVE-2024-26851 at SUSECVE-2024-26851 at NVDCVE-2024-27010 at SUSECVE-2024-27010 at NVDCVE-2024-27011 at SUSECVE-2024-27011 at NVDCVE-2024-27016 at SUSECVE-2024-27016 at NVDCVE-2024-27024 at SUSECVE-2024-27024 at NVDCVE-2024-27079 at SUSECVE-2024-27079 at NVDCVE-2024-27403 at SUSECVE-2024-27403 at NVDCVE-2024-31076 at SUSECVE-2024-31076 at NVDCVE-2024-35897 at SUSECVE-2024-35897 at NVDCVE-2024-35902 at SUSECVE-2024-35902 at NVDCVE-2024-35945 at SUSECVE-2024-35945 at NVDCVE-2024-35971 at SUSECVE-2024-35971 at NVDCVE-2024-36009 at SUSECVE-2024-36009 at NVDCVE-2024-36013 at SUSECVE-2024-36013 at NVDCVE-2024-36270 at SUSECVE-2024-36270 at NVDCVE-2024-36286 at SUSECVE-2024-36286 at NVDCVE-2024-36489 at SUSECVE-2024-36489 at NVDCVE-2024-36929 at SUSECVE-2024-36929 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-36936 at SUSECVE-2024-36936 at NVDCVE-2024-36962 at SUSECVE-2024-36962 at NVDCVE-2024-38554 at SUSECVE-2024-38554 at NVDCVE-2024-38602 at SUSECVE-2024-38602 at NVDCVE-2024-38662 at SUSECVE-2024-38662 at NVDCVE-2024-39489 at SUSECVE-2024-39489 at NVDCVE-2024-40905 at SUSECVE-2024-40905 at NVDCVE-2024-40978 at SUSECVE-2024-40978 at NVDCVE-2024-40980 at SUSECVE-2024-40980 at NVDCVE-2024-40995 at SUSECVE-2024-40995 at NVDCVE-2024-41000 at SUSECVE-2024-41000 at NVDCVE-2024-41007 at SUSECVE-2024-41007 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41020 at SUSECVE-2024-41020 at NVDCVE-2024-41022 at SUSECVE-2024-41022 at NVDCVE-2024-41035 at SUSECVE-2024-41035 at NVDCVE-2024-41036 at SUSECVE-2024-41036 at NVDCVE-2024-41038 at SUSECVE-2024-41038 at NVDCVE-2024-41039 at SUSECVE-2024-41039 at NVDCVE-2024-41042 at SUSECVE-2024-41042 at NVDCVE-2024-41045 at SUSECVE-2024-41045 at NVDCVE-2024-41056 at SUSECVE-2024-41056 at NVDCVE-2024-41060 at SUSECVE-2024-41060 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41065 at SUSECVE-2024-41065 at NVDCVE-2024-41068 at SUSECVE-2024-41068 at NVDCVE-2024-41073 at SUSECVE-2024-41073 at NVDCVE-2024-41079 at SUSECVE-2024-41079 at NVDCVE-2024-41080 at SUSECVE-2024-41080 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41088 at SUSECVE-2024-41088 at NVDCVE-2024-41089 at SUSECVE-2024-41089 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-41093 at SUSECVE-2024-41093 at NVDCVE-2024-41095 at SUSECVE-2024-41095 at NVDCVE-2024-41097 at SUSECVE-2024-41097 at NVDCVE-2024-41098 at SUSECVE-2024-41098 at NVDCVE-2024-42069 at SUSECVE-2024-42069 at NVDCVE-2024-42074 at SUSECVE-2024-42074 at NVDCVE-2024-42076 at SUSECVE-2024-42076 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42080 at SUSECVE-2024-42080 at NVDCVE-2024-42082 at SUSECVE-2024-42082 at NVDCVE-2024-42085 at SUSECVE-2024-42085 at NVDCVE-2024-42086 at SUSECVE-2024-42086 at NVDCVE-2024-42087 at SUSECVE-2024-42087 at NVDCVE-2024-42089 at SUSECVE-2024-42089 at NVDCVE-2024-42090 at SUSECVE-2024-42090 at NVDCVE-2024-42092 at SUSECVE-2024-42092 at NVDCVE-2024-42095 at SUSECVE-2024-42095 at NVDCVE-2024-42097 at SUSECVE-2024-42097 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42101 at SUSECVE-2024-42101 at NVDCVE-2024-42104 at SUSECVE-2024-42104 at NVDCVE-2024-42106 at SUSECVE-2024-42106 at NVDCVE-2024-42107 at SUSECVE-2024-42107 at NVDCVE-2024-42110 at SUSECVE-2024-42110 at NVDCVE-2024-42114 at SUSECVE-2024-42114 at NVDCVE-2024-42115 at SUSECVE-2024-42115 at NVDCVE-2024-42119 at SUSECVE-2024-42119 at NVDCVE-2024-42120 at SUSECVE-2024-42120 at NVDCVE-2024-42121 at SUSECVE-2024-42121 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42127 at SUSECVE-2024-42127 at NVDCVE-2024-42130 at SUSECVE-2024-42130 at NVDCVE-2024-42137 at SUSECVE-2024-42137 at NVDCVE-2024-42139 at SUSECVE-2024-42139 at NVDCVE-2024-42142 at SUSECVE-2024-42142 at NVDCVE-2024-42143 at SUSECVE-2024-42143 at NVDCVE-2024-42148 at SUSECVE-2024-42148 at NVDCVE-2024-42152 at SUSECVE-2024-42152 at NVDCVE-2024-42155 at SUSECVE-2024-42155 at NVDCVE-2024-42156 at SUSECVE-2024-42156 at NVDCVE-2024-42157 at SUSECVE-2024-42157 at NVDCVE-2024-42158 at SUSECVE-2024-42158 at NVDCVE-2024-42162 at SUSECVE-2024-42162 at NVDCVE-2024-42223 at SUSECVE-2024-42223 at NVDCVE-2024-42225 at SUSECVE-2024-42225 at NVDCVE-2024-42228 at SUSECVE-2024-42228 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42236 at SUSECVE-2024-42236 at NVDCVE-2024-42237 at SUSECVE-2024-42237 at NVDCVE-2024-42238 at SUSECVE-2024-42238 at NVDCVE-2024-42239 at SUSECVE-2024-42239 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-42244 at SUSECVE-2024-42244 at NVDCVE-2024-42246 at SUSECVE-2024-42246 at NVDCVE-2024-42247 at SUSECVE-2024-42247 at NVDCVE-2024-42268 at SUSECVE-2024-42268 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-42274 at SUSECVE-2024-42274 at NVDCVE-2024-42276 at SUSECVE-2024-42276 at NVDCVE-2024-42277 at SUSECVE-2024-42277 at NVDCVE-2024-42280 at SUSECVE-2024-42280 at NVDCVE-2024-42281 at SUSECVE-2024-42281 at NVDCVE-2024-42283 at SUSECVE-2024-42283 at NVDCVE-2024-42284 at SUSECVE-2024-42284 at NVDCVE-2024-42285 at SUSECVE-2024-42285 at NVDCVE-2024-42286 at SUSECVE-2024-42286 at NVDCVE-2024-42287 at SUSECVE-2024-42287 at NVDCVE-2024-42288 at SUSECVE-2024-42288 at NVDCVE-2024-42289 at SUSECVE-2024-42289 at NVDCVE-2024-42291 at SUSECVE-2024-42291 at NVDCVE-2024-42292 at SUSECVE-2024-42292 at NVDCVE-2024-42295 at SUSECVE-2024-42295 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-42302 at SUSECVE-2024-42302 at NVDCVE-2024-42308 at SUSECVE-2024-42308 at NVDCVE-2024-42309 at SUSECVE-2024-42309 at NVDCVE-2024-42310 at SUSECVE-2024-42310 at NVDCVE-2024-42311 at SUSECVE-2024-42311 at NVDCVE-2024-42312 at SUSECVE-2024-42312 at NVDCVE-2024-42313 at SUSECVE-2024-42313 at NVDCVE-2024-42315 at SUSECVE-2024-42315 at NVDCVE-2024-42318 at SUSECVE-2024-42318 at NVDCVE-2024-42319 at SUSECVE-2024-42319 at NVDCVE-2024-42320 at SUSECVE-2024-42320 at NVDCVE-2024-42322 at SUSECVE-2024-42322 at NVDCVE-2024-43816 at SUSECVE-2024-43816 at NVDCVE-2024-43818 at SUSECVE-2024-43818 at NVDCVE-2024-43819 at SUSECVE-2024-43819 at NVDCVE-2024-43821 at SUSECVE-2024-43821 at NVDCVE-2024-43823 at SUSECVE-2024-43823 at NVDCVE-2024-43829 at SUSECVE-2024-43829 at NVDCVE-2024-43830 at SUSECVE-2024-43830 at NVDCVE-2024-43831 at SUSECVE-2024-43831 at NVDCVE-2024-43834 at SUSECVE-2024-43834 at NVDCVE-2024-43837 at SUSECVE-2024-43837 at NVDCVE-2024-43839 at SUSECVE-2024-43839 at NVDCVE-2024-43841 at SUSECVE-2024-43841 at NVDCVE-2024-43842 at SUSECVE-2024-43842 at NVDCVE-2024-43846 at SUSECVE-2024-43846 at NVDCVE-2024-43849 at SUSECVE-2024-43849 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-43856 at SUSECVE-2024-43856 at NVDCVE-2024-43858 at SUSECVE-2024-43858 at NVDCVE-2024-43860 at SUSECVE-2024-43860 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43863 at SUSECVE-2024-43863 at NVDCVE-2024-43866 at SUSECVE-2024-43866 at NVDCVE-2024-43867 at SUSECVE-2024-43867 at NVDCVE-2024-43871 at SUSECVE-2024-43871 at NVDCVE-2024-43872 at SUSECVE-2024-43872 at NVDCVE-2024-43873 at SUSECVE-2024-43873 at NVDCVE-2024-43879 at SUSECVE-2024-43879 at NVDCVE-2024-43880 at SUSECVE-2024-43880 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-43884 at SUSECVE-2024-43884 at NVDCVE-2024-43889 at SUSECVE-2024-43889 at NVDCVE-2024-43892 at SUSECVE-2024-43892 at NVDCVE-2024-43893 at SUSECVE-2024-43893 at NVDCVE-2024-43894 at SUSECVE-2024-43894 at NVDCVE-2024-43895 at SUSECVE-2024-43895 at NVDCVE-2024-43899 at SUSECVE-2024-43899 at NVDCVE-2024-43900 at SUSECVE-2024-43900 at NVDCVE-2024-43902 at SUSECVE-2024-43902 at NVDCVE-2024-43903 at SUSECVE-2024-43903 at NVDCVE-2024-43904 at SUSECVE-2024-43904 at NVDCVE-2024-43905 at SUSECVE-2024-43905 at NVDCVE-2024-43907 at SUSECVE-2024-43907 at NVDCVE-2024-43908 at SUSECVE-2024-43908 at NVDCVE-2024-43909 at SUSECVE-2024-43909 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44939 at SUSECVE-2024-44939 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:sle-micro:5.5Security update for libpcap (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
ModerateSUSE bug 1230093CVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:suse:sle-micro:5.5Security update for containerd (Important)SUSE Linux Enterprise Micro 5.5
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Low)SUSE Linux Enterprise Micro 5.5
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-dnspython (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-dnspython fixes the following issue:
- Fix CVE-2023-29483 (bsc#1230353).
ModerateSUSE bug 1230353CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following non-security bugs were fixed:
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
ImportantSUSE bug 1230413cpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ModerateSUSE bug 1230366CVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:suse:sle-micro:5.5Security update for opensc (Low)SUSE Linux Enterprise Micro 5.5
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596SUSE bug 1230227CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798)
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42308: Update DRM patch reference (bsc#1229411)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- Indicate support for the Generic Event Device thru _OSC (git-fixes).
- Rework system-level device notification handling (git-fixes).
- Drop nocrt parameter (git-fixes).
- x86: s2 Post-increment variables when getting constraints (git-fixes).
- Do not cross .backup mountpoint from backup volume (git-fixes).
- Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- line6: Fix racy access to midibuf (stable-fixes).
- Relax start tick time check for slave timer elements (git-fixes).
- Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- Re-add ScratchAmp quirk entries (git-fixes).
- Support Yamaha P-125 quirk entry (stable-fixes).
- Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: Restore spec_bar() macro (git-fixes)
- arm64: Add missing .field_width for GIC system registers (git-fixes)
- arm64: Fix the visibility of compat hwcaps (git-fixes)
- arm64: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: Add Cortex-A720 definitions (git-fixes)
- arm64: Add Cortex-A725 definitions (git-fixes)
- arm64: Add Cortex-X1C definitions (git-fixes)
- arm64: Add Cortex-X3 definitions (git-fixes)
- arm64: Add Cortex-X4 definitions (git-fixes)
- arm64: Add Cortex-X925 definitions (git-fixes)
- arm64: Add Neoverse-V3 definitions (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: Expand speculative SSBS workaround (git-fixes)
- arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- wcd938 Correct Soundwire ports mask (git-fixes).
- wsa881 Correct Soundwire ports mask (git-fixes).
- fix irq scheduling issue with PREEMPT_RT (git-fixes).
- Introduce async_schedule_dev_nocall() (bsc#1221269).
- Split async_schedule_node_domain() (bsc#1221269).
- Fix usage of __hci_cmd_sync_status (git-fixes).
- hci_ Fix not handling hibernation actions (git-fixes).
- l2 always unlock channel in l2cap_conless_channel() (git-fixes).
- L2 Fix deadlock (git-fixes).
- Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- remove unused declaring of bpf_kprobe_override (git-fixes).
- fix leak of qgroup extent records after transaction abort (git-fixes).
- make btrfs_destroy_delayed_refs() return void (git-fixes).
- remove unnecessary prototype declarations at disk-io.c (git-fixes).
- update fs features directory asynchronously (bsc#1226168).
- propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- issue a cap release immediately if no cap exists (bsc#1225162).
- periodically flush the cap releases (bsc#1225162).
- Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes).
- Fix register ID of SPSR_FIQ (git-fixes).
- add missing MODULE_DESCRIPTION() macros (stable-fixes).
- Add labels for both Valve Steam Deck revisions (stable-fixes).
- Add quirk for Aya Neo KUN (stable-fixes).
- Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- Add quirk for Nanote UMPC-01 (stable-fixes).
- Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- avoid using null object of framebuffer (git-fixes).
- Fix && vs || typos (git-fixes).
- Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- Validate hw_points_num before using it (stable-fixes).
- Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- Actually check flags for all context ops (stable-fixes).
- Add lock around VF RLCG interface (stable-fixes).
- fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- Fix the null pointer dereference to ras_manager (stable-fixes).
- Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- Fix the null pointer dereference for smu7 (stable-fixes).
- Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- Fix the param type of set_power_profile_mode (stable-fixes).
- analogix_ properly handle zero sized AUX transactions (stable-fixes).
- tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes).
- set gp bus_stop bit before hard reset (stable-fixes).
- reset the link phy params before link training (git-fixes).
- cleanup FB if dpu_format_populate_layout fails (git-fixes).
- do not play tricks with debug macros (git-fixes).
- Zero-initialize iosys_map (stable-fixes).
- fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- redefine DIR_DELETED as the bad cluster number (git-fixes).
- support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453).
- Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- Add might_sleep() to disable_irq() (git-fixes).
- Always limit the affinity to online CPUs (git-fixes).
- Do not return error on missing optional irq_request_resources() (git-fixes).
- Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- Do not try to remove non-existing sysfs files (git-fixes).
- Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2 Improve handling of stuck alerts (git-fixes).
- i2 Send alert notifications to all devices if source not found (git-fixes).
- Convert comma to semicolon (git-fixes).
- ip6_ Fix broken GRO (bsc#1229444).
- ipv6: fix incorrect unregister order (git-fixes).
- Drop bogus fwspec-mapping error handling (git-fixes).
- Fix association race (git-fixes).
- Fix disassociation race (git-fixes).
- Fix domain registration race (git-fixes).
- Fix mapping-creation race (git-fixes).
- Fixed unbalanced fwnode get and put (git-fixes).
- Look for existing mapping only once (git-fixes).
- Refactor __irq_domain_alloc_irqs() (git-fixes).
- Report irq number for NOMAP domains (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes).
- Fix to check symbol prefixes correctly (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, fix infinite recursion due to RCU critical section (git-fixes).
- prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- dw_ allow biu and ciu clocks to defer (git-fixes).
- mmc_ Fix NULL dereference on allocation failure (git-fixes).
- ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- ks8851: Fix potential TX stall after interface reopen (git-fixes).
- ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- remove two BUG() from skb_checksum_help() (bsc#1229312).
- qmi_ fix memory leak for not ip packets (git-fixes).
- fix possible cp null dereference (git-fixes).
- initialize noop_qdisc owner (git-fixes).
- pn533: Add poll mod list filling check (git-fixes).
- expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- make the rpc_stat per net namespace (git-fixes).
- add posix ACLs to struct nfsd_attrs (git-fixes).
- add security label to struct nfsd_attrs (git-fixes).
- fix regression with setting ACLs (git-fixes).
- Fix strncpy() fortify warning (git-fixes).
- Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- introduce struct nfsd_attrs (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- Optimize DRC bucket pruning (git-fixes).
- return error if nfs4_setacl fails (git-fixes).
- set attributes when creating symlinks (git-fixes).
- use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_ scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86 Add support for ACPI based probing (jsc#PED-8779).
- platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86 Create static func to handle platdev (jsc#PED-8779).
- platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86 Move hsmp_test to probe (jsc#PED-8779).
- platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86 Restructure sysfs group creation (jsc#PED-8779).
- platform/x86 switch to use device_add_groups() (jsc#PED-8779).
- axp288_ Fix constant_charge_voltage writes (git-fixes).
- axp288_ Round constant_charge_voltage writes down (git-fixes).
- Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- Mark .opd section read-only (bsc#1194869).
- use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- xor_ Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_ fix cpus node update to FDT (bsc#1194869).
- make the update_cpus_node() function public (bsc#1194869).
- split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- Whitelist dtl slub object for copying to userspace (bsc#1194869).
- Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes).
- Fix incomplete state save in rxe_requester (git-fixes)
- Fix rxe_modify_srq (git-fixes)
- Handle zero length rdma (git-fixes)
- Move work queue code to subroutines (git-fixes)
- s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390 Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390 Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- Fix scldiv calculation (git-fixes).
- add a struct rpc_stats arg to rpc_create_args (git-fixes).
- Fix a race to wake a sync task (git-fixes).
- fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- add check for crypto_shash_tfm_digest (git-fixes).
- dbg_orphan_ Fix missed key type checking (git-fixes).
- Fix adding orphan entry twice for the same inode (git-fixes).
- Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- fix potential memory leak in vfio_intx_enable() (git-fixes).
- fix wgds rev 3 exact size (git-fixes).
- duplicate static structs used in driver instances (git-fixes).
- x86 drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86 Fix pti_clone_entry_text() for i386 (git-fixes).
- x86 Check if fixed MTRRs exist before saving them (git-fixes).
- x86 Work around false positive kmemleak report in msr_build_context() (git-fixes).
- Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- Fix rpcrdma_reqs_reset() (git-fixes).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203329SUSE bug 1203330SUSE bug 1203360SUSE bug 1205462SUSE bug 1206006SUSE bug 1206258SUSE bug 1206843SUSE bug 1207158SUSE bug 1208783SUSE bug 1210644SUSE bug 1213580SUSE bug 1213632SUSE bug 1214285SUSE bug 1216834SUSE bug 1220428SUSE bug 1220877SUSE bug 1220962SUSE bug 1221269SUSE bug 1221326SUSE bug 1221630SUSE bug 1221645SUSE bug 1222335SUSE bug 1222350SUSE bug 1222372SUSE bug 1222387SUSE bug 1222634SUSE bug 1222808SUSE bug 1222967SUSE bug 1223074SUSE bug 1223191SUSE bug 1223508SUSE bug 1223720SUSE bug 1223742SUSE bug 1223777SUSE bug 1223803SUSE bug 1223807SUSE bug 1224105SUSE bug 1224415SUSE bug 1224496SUSE bug 1224510SUSE bug 1224542SUSE bug 1224578SUSE bug 1224639SUSE bug 1225162SUSE bug 1225352SUSE bug 1225428SUSE bug 1225524SUSE bug 1225578SUSE bug 1225582SUSE bug 1225773SUSE bug 1225814SUSE bug 1225827SUSE bug 1225832SUSE bug 1225903SUSE bug 1226168SUSE bug 1226530SUSE bug 1226613SUSE bug 1226742SUSE bug 1226765SUSE bug 1226798SUSE bug 1226801SUSE bug 1226874SUSE bug 1226885SUSE bug 1227079SUSE bug 1227623SUSE bug 1227761SUSE bug 1227830SUSE bug 1227863SUSE bug 1227867SUSE bug 1227929SUSE bug 1227937SUSE bug 1227958SUSE bug 1228020SUSE bug 1228065SUSE bug 1228114SUSE bug 1228410SUSE bug 1228426SUSE bug 1228427SUSE bug 1228429SUSE bug 1228446SUSE bug 1228447SUSE bug 1228449SUSE bug 1228450SUSE bug 1228452SUSE bug 1228456SUSE bug 1228463SUSE bug 1228466SUSE bug 1228467SUSE bug 1228469SUSE bug 1228480SUSE bug 1228481SUSE bug 1228482SUSE bug 1228483SUSE bug 1228484SUSE bug 1228485SUSE bug 1228487SUSE bug 1228489SUSE bug 1228491SUSE bug 1228493SUSE bug 1228494SUSE bug 1228495SUSE bug 1228496SUSE bug 1228501SUSE bug 1228503SUSE bug 1228509SUSE bug 1228513SUSE bug 1228515SUSE bug 1228516SUSE bug 1228526SUSE bug 1228531SUSE bug 1228563SUSE bug 1228564SUSE bug 1228567SUSE bug 1228576SUSE bug 1228579SUSE bug 1228584SUSE bug 1228588SUSE bug 1228590SUSE bug 1228615SUSE bug 1228616SUSE bug 1228635SUSE bug 1228636SUSE bug 1228654SUSE bug 1228656SUSE bug 1228658SUSE bug 1228660SUSE bug 1228662SUSE bug 1228667SUSE bug 1228673SUSE bug 1228677SUSE bug 1228687SUSE bug 1228706SUSE bug 1228708SUSE bug 1228710SUSE bug 1228718SUSE bug 1228720SUSE bug 1228721SUSE bug 1228722SUSE bug 1228724SUSE bug 1228726SUSE bug 1228727SUSE bug 1228733SUSE bug 1228748SUSE bug 1228766SUSE bug 1228779SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857SUSE bug 1228959SUSE bug 1228964SUSE bug 1228966SUSE bug 1228967SUSE bug 1228979SUSE bug 1228988SUSE bug 1228989SUSE bug 1228991SUSE bug 1228992SUSE bug 1229042SUSE bug 1229054SUSE bug 1229086SUSE bug 1229136SUSE bug 1229154SUSE bug 1229187SUSE bug 1229188SUSE bug 1229190SUSE bug 1229287SUSE bug 1229290SUSE bug 1229292SUSE bug 1229296SUSE bug 1229297SUSE bug 1229301SUSE bug 1229303SUSE bug 1229304SUSE bug 1229305SUSE bug 1229307SUSE bug 1229309SUSE bug 1229312SUSE bug 1229314SUSE bug 1229315SUSE bug 1229317SUSE bug 1229318SUSE bug 1229319SUSE bug 1229327SUSE bug 1229341SUSE bug 1229345SUSE bug 1229346SUSE bug 1229347SUSE bug 1229349SUSE bug 1229350SUSE bug 1229351SUSE bug 1229354SUSE bug 1229356SUSE bug 1229357SUSE bug 1229358SUSE bug 1229359SUSE bug 1229360SUSE bug 1229366SUSE bug 1229370SUSE bug 1229373SUSE bug 1229374SUSE bug 1229381SUSE bug 1229382SUSE bug 1229383SUSE bug 1229386SUSE bug 1229388SUSE bug 1229391SUSE bug 1229392SUSE bug 1229395SUSE bug 1229398SUSE bug 1229399SUSE bug 1229400SUSE bug 1229407SUSE bug 1229409SUSE bug 1229410SUSE bug 1229411SUSE bug 1229413SUSE bug 1229414SUSE bug 1229417SUSE bug 1229418SUSE bug 1229444SUSE bug 1229453SUSE bug 1229454SUSE bug 1229481SUSE bug 1229482SUSE bug 1229488SUSE bug 1229489SUSE bug 1229490SUSE bug 1229493SUSE bug 1229495SUSE bug 1229497SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229521SUSE bug 1229522SUSE bug 1229523SUSE bug 1229524SUSE bug 1229525SUSE bug 1229526SUSE bug 1229527SUSE bug 1229528SUSE bug 1229529SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229545SUSE bug 1229546SUSE bug 1229547SUSE bug 1229548SUSE bug 1229554SUSE bug 1229557SUSE bug 1229558SUSE bug 1229559SUSE bug 1229560SUSE bug 1229562SUSE bug 1229564SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229569SUSE bug 1229572SUSE bug 1229573SUSE bug 1229576SUSE bug 1229581SUSE bug 1229588SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229605SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229615SUSE bug 1229616SUSE bug 1229617SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229632SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229658SUSE bug 1229662SUSE bug 1229664SUSE bug 1229707SUSE bug 1229739SUSE bug 1229743SUSE bug 1229746SUSE bug 1229754SUSE bug 1229755SUSE bug 1229756SUSE bug 1229759SUSE bug 1229761SUSE bug 1229767SUSE bug 1229768SUSE bug 1229781SUSE bug 1229784SUSE bug 1229787SUSE bug 1229788SUSE bug 1229789SUSE bug 1229792SUSE bug 1229820SUSE bug 1230413CVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2021-47106 at SUSECVE-2021-47106 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-48645 at SUSECVE-2022-48645 at NVDCVE-2022-48706 at SUSECVE-2022-48706 at NVDCVE-2022-48808 at SUSECVE-2022-48808 at NVDCVE-2022-48865 at SUSECVE-2022-48865 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48881 at SUSECVE-2022-48881 at NVDCVE-2022-48882 at SUSECVE-2022-48882 at NVDCVE-2022-48883 at SUSECVE-2022-48883 at NVDCVE-2022-48884 at SUSECVE-2022-48884 at NVDCVE-2022-48885 at SUSECVE-2022-48885 at NVDCVE-2022-48886 at SUSECVE-2022-48886 at NVDCVE-2022-48887 at SUSECVE-2022-48887 at NVDCVE-2022-48888 at SUSECVE-2022-48888 at NVDCVE-2022-48889 at SUSECVE-2022-48889 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48893 at SUSECVE-2022-48893 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48906 at SUSECVE-2022-48906 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48910 at SUSECVE-2022-48910 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48920 at SUSECVE-2022-48920 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48939 at SUSECVE-2022-48939 at NVDCVE-2022-48940 at SUSECVE-2022-48940 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-52458 at SUSECVE-2023-52458 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52498 at SUSECVE-2023-52498 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52859 at SUSECVE-2023-52859 at NVDCVE-2023-52887 at SUSECVE-2023-52887 at NVDCVE-2023-52889 at SUSECVE-2023-52889 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52899 at SUSECVE-2023-52899 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52904 at SUSECVE-2023-52904 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52906 at SUSECVE-2023-52906 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52908 at SUSECVE-2023-52908 at NVDCVE-2023-52909 at SUSECVE-2023-52909 at NVDCVE-2023-52910 at SUSECVE-2023-52910 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2023-52912 at SUSECVE-2023-52912 at NVDCVE-2023-52913 at SUSECVE-2023-52913 at NVDCVE-2024-26631 at SUSECVE-2024-26631 at NVDCVE-2024-26668 at SUSECVE-2024-26668 at NVDCVE-2024-26669 at SUSECVE-2024-26669 at NVDCVE-2024-26677 at SUSECVE-2024-26677 at NVDCVE-2024-26735 at SUSECVE-2024-26735 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26812 at SUSECVE-2024-26812 at NVDCVE-2024-26835 at SUSECVE-2024-26835 at NVDCVE-2024-26851 at SUSECVE-2024-26851 at NVDCVE-2024-27010 at SUSECVE-2024-27010 at NVDCVE-2024-27011 at SUSECVE-2024-27011 at NVDCVE-2024-27016 at SUSECVE-2024-27016 at NVDCVE-2024-27024 at SUSECVE-2024-27024 at NVDCVE-2024-27079 at SUSECVE-2024-27079 at NVDCVE-2024-27403 at SUSECVE-2024-27403 at NVDCVE-2024-31076 at SUSECVE-2024-31076 at NVDCVE-2024-35897 at SUSECVE-2024-35897 at NVDCVE-2024-35902 at SUSECVE-2024-35902 at NVDCVE-2024-35945 at SUSECVE-2024-35945 at NVDCVE-2024-35971 at SUSECVE-2024-35971 at NVDCVE-2024-36009 at SUSECVE-2024-36009 at NVDCVE-2024-36013 at SUSECVE-2024-36013 at NVDCVE-2024-36270 at SUSECVE-2024-36270 at NVDCVE-2024-36286 at SUSECVE-2024-36286 at NVDCVE-2024-36489 at SUSECVE-2024-36489 at NVDCVE-2024-36929 at SUSECVE-2024-36929 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-36936 at SUSECVE-2024-36936 at NVDCVE-2024-36962 at SUSECVE-2024-36962 at NVDCVE-2024-38554 at SUSECVE-2024-38554 at NVDCVE-2024-38602 at SUSECVE-2024-38602 at NVDCVE-2024-38662 at SUSECVE-2024-38662 at NVDCVE-2024-39489 at SUSECVE-2024-39489 at NVDCVE-2024-40905 at SUSECVE-2024-40905 at NVDCVE-2024-40978 at SUSECVE-2024-40978 at NVDCVE-2024-40980 at SUSECVE-2024-40980 at NVDCVE-2024-40995 at SUSECVE-2024-40995 at NVDCVE-2024-41000 at SUSECVE-2024-41000 at NVDCVE-2024-41007 at SUSECVE-2024-41007 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41020 at SUSECVE-2024-41020 at NVDCVE-2024-41022 at SUSECVE-2024-41022 at NVDCVE-2024-41035 at SUSECVE-2024-41035 at NVDCVE-2024-41036 at SUSECVE-2024-41036 at NVDCVE-2024-41038 at SUSECVE-2024-41038 at NVDCVE-2024-41039 at SUSECVE-2024-41039 at NVDCVE-2024-41042 at SUSECVE-2024-41042 at NVDCVE-2024-41045 at SUSECVE-2024-41045 at NVDCVE-2024-41056 at SUSECVE-2024-41056 at NVDCVE-2024-41060 at SUSECVE-2024-41060 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41065 at SUSECVE-2024-41065 at NVDCVE-2024-41068 at SUSECVE-2024-41068 at NVDCVE-2024-41073 at SUSECVE-2024-41073 at NVDCVE-2024-41079 at SUSECVE-2024-41079 at NVDCVE-2024-41080 at SUSECVE-2024-41080 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41088 at SUSECVE-2024-41088 at NVDCVE-2024-41089 at SUSECVE-2024-41089 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-41093 at SUSECVE-2024-41093 at NVDCVE-2024-41095 at SUSECVE-2024-41095 at NVDCVE-2024-41097 at SUSECVE-2024-41097 at NVDCVE-2024-41098 at SUSECVE-2024-41098 at NVDCVE-2024-42069 at SUSECVE-2024-42069 at NVDCVE-2024-42074 at SUSECVE-2024-42074 at NVDCVE-2024-42076 at SUSECVE-2024-42076 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42080 at SUSECVE-2024-42080 at NVDCVE-2024-42082 at SUSECVE-2024-42082 at NVDCVE-2024-42085 at SUSECVE-2024-42085 at NVDCVE-2024-42086 at SUSECVE-2024-42086 at NVDCVE-2024-42087 at SUSECVE-2024-42087 at NVDCVE-2024-42089 at SUSECVE-2024-42089 at NVDCVE-2024-42090 at SUSECVE-2024-42090 at NVDCVE-2024-42092 at SUSECVE-2024-42092 at NVDCVE-2024-42095 at SUSECVE-2024-42095 at NVDCVE-2024-42097 at SUSECVE-2024-42097 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42101 at SUSECVE-2024-42101 at NVDCVE-2024-42104 at SUSECVE-2024-42104 at NVDCVE-2024-42106 at SUSECVE-2024-42106 at NVDCVE-2024-42107 at SUSECVE-2024-42107 at NVDCVE-2024-42110 at SUSECVE-2024-42110 at NVDCVE-2024-42114 at SUSECVE-2024-42114 at NVDCVE-2024-42115 at SUSECVE-2024-42115 at NVDCVE-2024-42119 at SUSECVE-2024-42119 at NVDCVE-2024-42120 at SUSECVE-2024-42120 at NVDCVE-2024-42121 at SUSECVE-2024-42121 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42127 at SUSECVE-2024-42127 at NVDCVE-2024-42130 at SUSECVE-2024-42130 at NVDCVE-2024-42137 at SUSECVE-2024-42137 at NVDCVE-2024-42139 at SUSECVE-2024-42139 at NVDCVE-2024-42142 at SUSECVE-2024-42142 at NVDCVE-2024-42143 at SUSECVE-2024-42143 at NVDCVE-2024-42148 at SUSECVE-2024-42148 at NVDCVE-2024-42152 at SUSECVE-2024-42152 at NVDCVE-2024-42155 at SUSECVE-2024-42155 at NVDCVE-2024-42156 at SUSECVE-2024-42156 at NVDCVE-2024-42157 at SUSECVE-2024-42157 at NVDCVE-2024-42158 at SUSECVE-2024-42158 at NVDCVE-2024-42162 at SUSECVE-2024-42162 at NVDCVE-2024-42223 at SUSECVE-2024-42223 at NVDCVE-2024-42225 at SUSECVE-2024-42225 at NVDCVE-2024-42228 at SUSECVE-2024-42228 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42236 at SUSECVE-2024-42236 at NVDCVE-2024-42237 at SUSECVE-2024-42237 at NVDCVE-2024-42238 at SUSECVE-2024-42238 at NVDCVE-2024-42239 at SUSECVE-2024-42239 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-42244 at SUSECVE-2024-42244 at NVDCVE-2024-42246 at SUSECVE-2024-42246 at NVDCVE-2024-42247 at SUSECVE-2024-42247 at NVDCVE-2024-42268 at SUSECVE-2024-42268 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-42274 at SUSECVE-2024-42274 at NVDCVE-2024-42276 at SUSECVE-2024-42276 at NVDCVE-2024-42277 at SUSECVE-2024-42277 at NVDCVE-2024-42280 at SUSECVE-2024-42280 at NVDCVE-2024-42281 at SUSECVE-2024-42281 at NVDCVE-2024-42283 at SUSECVE-2024-42283 at NVDCVE-2024-42284 at SUSECVE-2024-42284 at NVDCVE-2024-42285 at SUSECVE-2024-42285 at NVDCVE-2024-42286 at SUSECVE-2024-42286 at NVDCVE-2024-42287 at SUSECVE-2024-42287 at NVDCVE-2024-42288 at SUSECVE-2024-42288 at NVDCVE-2024-42289 at SUSECVE-2024-42289 at NVDCVE-2024-42291 at SUSECVE-2024-42291 at NVDCVE-2024-42292 at SUSECVE-2024-42292 at NVDCVE-2024-42295 at SUSECVE-2024-42295 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-42302 at SUSECVE-2024-42302 at NVDCVE-2024-42308 at SUSECVE-2024-42308 at NVDCVE-2024-42309 at SUSECVE-2024-42309 at NVDCVE-2024-42310 at SUSECVE-2024-42310 at NVDCVE-2024-42311 at SUSECVE-2024-42311 at NVDCVE-2024-42312 at SUSECVE-2024-42312 at NVDCVE-2024-42313 at SUSECVE-2024-42313 at NVDCVE-2024-42315 at SUSECVE-2024-42315 at NVDCVE-2024-42318 at SUSECVE-2024-42318 at NVDCVE-2024-42319 at SUSECVE-2024-42319 at NVDCVE-2024-42320 at SUSECVE-2024-42320 at NVDCVE-2024-42322 at SUSECVE-2024-42322 at NVDCVE-2024-43816 at SUSECVE-2024-43816 at NVDCVE-2024-43818 at SUSECVE-2024-43818 at NVDCVE-2024-43819 at SUSECVE-2024-43819 at NVDCVE-2024-43821 at SUSECVE-2024-43821 at NVDCVE-2024-43823 at SUSECVE-2024-43823 at NVDCVE-2024-43829 at SUSECVE-2024-43829 at NVDCVE-2024-43830 at SUSECVE-2024-43830 at NVDCVE-2024-43831 at SUSECVE-2024-43831 at NVDCVE-2024-43834 at SUSECVE-2024-43834 at NVDCVE-2024-43837 at SUSECVE-2024-43837 at NVDCVE-2024-43839 at SUSECVE-2024-43839 at NVDCVE-2024-43841 at SUSECVE-2024-43841 at NVDCVE-2024-43842 at SUSECVE-2024-43842 at NVDCVE-2024-43846 at SUSECVE-2024-43846 at NVDCVE-2024-43849 at SUSECVE-2024-43849 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-43856 at SUSECVE-2024-43856 at NVDCVE-2024-43858 at SUSECVE-2024-43858 at NVDCVE-2024-43860 at SUSECVE-2024-43860 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43863 at SUSECVE-2024-43863 at NVDCVE-2024-43866 at SUSECVE-2024-43866 at NVDCVE-2024-43867 at SUSECVE-2024-43867 at NVDCVE-2024-43871 at SUSECVE-2024-43871 at NVDCVE-2024-43872 at SUSECVE-2024-43872 at NVDCVE-2024-43873 at SUSECVE-2024-43873 at NVDCVE-2024-43879 at SUSECVE-2024-43879 at NVDCVE-2024-43880 at SUSECVE-2024-43880 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-43884 at SUSECVE-2024-43884 at NVDCVE-2024-43889 at SUSECVE-2024-43889 at NVDCVE-2024-43892 at SUSECVE-2024-43892 at NVDCVE-2024-43893 at SUSECVE-2024-43893 at NVDCVE-2024-43894 at SUSECVE-2024-43894 at NVDCVE-2024-43895 at SUSECVE-2024-43895 at NVDCVE-2024-43899 at SUSECVE-2024-43899 at NVDCVE-2024-43900 at SUSECVE-2024-43900 at NVDCVE-2024-43902 at SUSECVE-2024-43902 at NVDCVE-2024-43903 at SUSECVE-2024-43903 at NVDCVE-2024-43904 at SUSECVE-2024-43904 at NVDCVE-2024-43905 at SUSECVE-2024-43905 at NVDCVE-2024-43907 at SUSECVE-2024-43907 at NVDCVE-2024-43908 at SUSECVE-2024-43908 at NVDCVE-2024-43909 at SUSECVE-2024-43909 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44939 at SUSECVE-2024-44939 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
ModerateSUSE bug 1231230CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDcpe:/o:suse:sle-micro:5.5Security update for Mesa (Moderate)SUSE Linux Enterprise Micro 5.5
This update for Mesa fixes the following issues:
- CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040)
- CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041)
- CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042)
ModerateSUSE bug 1222040SUSE bug 1222041SUSE bug 1222042CVE-2023-45913 at SUSECVE-2023-45913 at NVDCVE-2023-45919 at SUSECVE-2023-45919 at NVDCVE-2023-45922 at SUSECVE-2023-45922 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
- CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
- CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
- CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
- CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
- CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
- CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
- CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
- CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
- CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
- CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
- CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
- CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
- CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
- CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786).
- CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116).
The following non-security bugs were fixed:
- ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: topology: Properly initialize soc_enum values (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: add number of queue calc helper (bsc#1229034).
- blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes).
- Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
- cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181).
- cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- devres: Initialize an uninitialized struct member (stable-fixes).
- driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
- driver core: Add missing parameter description to __fwnode_link_add() (git-fixes).
- driver core: Create __fwnode_link_del() helper function (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
- driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
- driver core: Set deferred probe reason when deferred by driver core (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes).
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation (stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes).
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes).
- drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu: fix overflowed array index read warning (stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes).
- drm/amd/pm: check negtive return for table entries (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes).
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/msm/a5xx: disable preemption in submits by default (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
- drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224085).
- firmware_loader: Block path traversal (git-fixes).
- fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592).
- fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
- genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- HID: amd_sfh: free driver_data after destroying hid device (stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
- Input: ilitek_ts_i2c - add report id message validation (git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
- ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
- media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes).
- media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
- media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
- mtd: slram: insert break after errors in parsing the map (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
- net: missing check virtio (git-fixes).
- net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes).
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes).
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes).
- nilfs2: Constify struct kobj_type (git-fixes).
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes).
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes).
- nilfs2: fix state management in error path of log writing function (git-fixes).
- nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
- nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
- nilfs2: use default_groups in kobj_type (git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes).
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- PCI: Wait for Link before restoring Downstream Buses (git-fixes).
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- pcmcia: Use resource_size function on resource object (stable-fixes).
- pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
- power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
- Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848).
- scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
- Squashfs: sanity check symbolic link size (git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
- tools/virtio: fix build (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
- udp: fix receiving fraglist GSO packets (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usbip: Do not submit special requests twice (stable-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
- usbnet: modern method to get random MAC (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
- usb: uas: set host status byte on data completion error (git-fixes).
- usb: uas: set host status byte on data completion error (stable-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- virtiofs: forbid newlines in tags (bsc#1230591).
- virtio_net: checksum offloading handling fix (git-fixes).
- virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio/vsock: fix logic which reduces credit update messages (git-fixes).
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes).
- vsock/virtio: add support for device suspend/resume (git-fixes).
- vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
- vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes).
- vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
- watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes).
- x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- x86/xen: Convert comma to semicolon (git-fixes).
- xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
- xen: allow mapping ACPI data using a different physical address (bsc#1226003).
- xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
- xen: move checks for e820 conflicts further up (bsc#1226003).
- xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003).
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- xen/swiotlb: fix allocated size (git-fixes).
- xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
- xen: use correct end address of kernel for conflict checking (bsc#1226003).
- xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
ImportantSUSE bug 1199769SUSE bug 1216223SUSE bug 1220382SUSE bug 1221610SUSE bug 1221650SUSE bug 1222629SUSE bug 1222973SUSE bug 1223600SUSE bug 1223848SUSE bug 1224085SUSE bug 1225903SUSE bug 1226003SUSE bug 1226606SUSE bug 1226662SUSE bug 1226666SUSE bug 1226846SUSE bug 1226860SUSE bug 1226875SUSE bug 1226915SUSE bug 1227487SUSE bug 1227726SUSE bug 1227819SUSE bug 1227832SUSE bug 1227890SUSE bug 1228507SUSE bug 1228576SUSE bug 1228620SUSE bug 1228771SUSE bug 1229031SUSE bug 1229034SUSE bug 1229086SUSE bug 1229156SUSE bug 1229289SUSE bug 1229334SUSE bug 1229362SUSE bug 1229363SUSE bug 1229364SUSE bug 1229394SUSE bug 1229429SUSE bug 1229453SUSE bug 1229572SUSE bug 1229573SUSE bug 1229585SUSE bug 1229607SUSE bug 1229619SUSE bug 1229633SUSE bug 1229662SUSE bug 1229753SUSE bug 1229764SUSE bug 1229790SUSE bug 1229810SUSE bug 1229830SUSE bug 1229899SUSE bug 1229928SUSE bug 1229947SUSE bug 1230015SUSE bug 1230129SUSE bug 1230130SUSE bug 1230170SUSE bug 1230171SUSE bug 1230174SUSE bug 1230175SUSE bug 1230176SUSE bug 1230178SUSE bug 1230180SUSE bug 1230185SUSE bug 1230192SUSE bug 1230193SUSE bug 1230194SUSE bug 1230200SUSE bug 1230204SUSE bug 1230209SUSE bug 1230211SUSE bug 1230212SUSE bug 1230217SUSE bug 1230224SUSE bug 1230230SUSE bug 1230233SUSE bug 1230244SUSE bug 1230245SUSE bug 1230247SUSE bug 1230248SUSE bug 1230269SUSE bug 1230339SUSE bug 1230340SUSE bug 1230392SUSE bug 1230398SUSE bug 1230431SUSE bug 1230433SUSE bug 1230434SUSE bug 1230440SUSE bug 1230442SUSE bug 1230444SUSE bug 1230450SUSE bug 1230451SUSE bug 1230454SUSE bug 1230506SUSE bug 1230507SUSE bug 1230511SUSE bug 1230515SUSE bug 1230517SUSE bug 1230524SUSE bug 1230533SUSE bug 1230535SUSE bug 1230549SUSE bug 1230556SUSE bug 1230582SUSE bug 1230589SUSE bug 1230591SUSE bug 1230592SUSE bug 1230699SUSE bug 1230700SUSE bug 1230701SUSE bug 1230702SUSE bug 1230703SUSE bug 1230705SUSE bug 1230706SUSE bug 1230707SUSE bug 1230709SUSE bug 1230710SUSE bug 1230711SUSE bug 1230712SUSE bug 1230719SUSE bug 1230724SUSE bug 1230725SUSE bug 1230730SUSE bug 1230731SUSE bug 1230732SUSE bug 1230733SUSE bug 1230747SUSE bug 1230748SUSE bug 1230751SUSE bug 1230752SUSE bug 1230756SUSE bug 1230761SUSE bug 1230766SUSE bug 1230767SUSE bug 1230768SUSE bug 1230771SUSE bug 1230772SUSE bug 1230776SUSE bug 1230783SUSE bug 1230786SUSE bug 1230791SUSE bug 1230794SUSE bug 1230796SUSE bug 1230802SUSE bug 1230806SUSE bug 1230808SUSE bug 1230810SUSE bug 1230812SUSE bug 1230813SUSE bug 1230814SUSE bug 1230815SUSE bug 1230821SUSE bug 1230825SUSE bug 1230830SUSE bug 1231013SUSE bug 1231017SUSE bug 1231116SUSE bug 1231120SUSE bug 1231146SUSE bug 1231180SUSE bug 1231181CVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2023-52610 at SUSECVE-2023-52610 at NVDCVE-2023-52916 at SUSECVE-2023-52916 at NVDCVE-2024-26640 at SUSECVE-2024-26640 at NVDCVE-2024-26759 at SUSECVE-2024-26759 at NVDCVE-2024-26767 at SUSECVE-2024-26767 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-26837 at SUSECVE-2024-26837 at NVDCVE-2024-37353 at SUSECVE-2024-37353 at NVDCVE-2024-38538 at SUSECVE-2024-38538 at NVDCVE-2024-38596 at SUSECVE-2024-38596 at NVDCVE-2024-38632 at SUSECVE-2024-38632 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-40973 at SUSECVE-2024-40973 at NVDCVE-2024-40983 at SUSECVE-2024-40983 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41082 at SUSECVE-2024-41082 at NVDCVE-2024-42154 at SUSECVE-2024-42154 at NVDCVE-2024-42259 at SUSECVE-2024-42259 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-42304 at SUSECVE-2024-42304 at NVDCVE-2024-42305 at SUSECVE-2024-42305 at NVDCVE-2024-42306 at SUSECVE-2024-42306 at NVDCVE-2024-43828 at SUSECVE-2024-43828 at NVDCVE-2024-43835 at SUSECVE-2024-43835 at NVDCVE-2024-43890 at SUSECVE-2024-43890 at NVDCVE-2024-43898 at SUSECVE-2024-43898 at NVDCVE-2024-43912 at SUSECVE-2024-43912 at NVDCVE-2024-43914 at SUSECVE-2024-43914 at NVDCVE-2024-44935 at SUSECVE-2024-44935 at NVDCVE-2024-44944 at SUSECVE-2024-44944 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-44948 at SUSECVE-2024-44948 at NVDCVE-2024-44950 at SUSECVE-2024-44950 at NVDCVE-2024-44952 at SUSECVE-2024-44952 at NVDCVE-2024-44954 at SUSECVE-2024-44954 at NVDCVE-2024-44967 at SUSECVE-2024-44967 at NVDCVE-2024-44969 at SUSECVE-2024-44969 at NVDCVE-2024-44970 at SUSECVE-2024-44970 at NVDCVE-2024-44971 at SUSECVE-2024-44971 at NVDCVE-2024-44972 at SUSECVE-2024-44972 at NVDCVE-2024-44977 at SUSECVE-2024-44977 at NVDCVE-2024-44982 at SUSECVE-2024-44982 at NVDCVE-2024-44986 at SUSECVE-2024-44986 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-44988 at SUSECVE-2024-44988 at NVDCVE-2024-44989 at SUSECVE-2024-44989 at NVDCVE-2024-44990 at SUSECVE-2024-44990 at NVDCVE-2024-44998 at SUSECVE-2024-44998 at NVDCVE-2024-44999 at SUSECVE-2024-44999 at NVDCVE-2024-45000 at SUSECVE-2024-45000 at NVDCVE-2024-45001 at SUSECVE-2024-45001 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45006 at SUSECVE-2024-45006 at NVDCVE-2024-45007 at SUSECVE-2024-45007 at NVDCVE-2024-45008 at SUSECVE-2024-45008 at NVDCVE-2024-45011 at SUSECVE-2024-45011 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45015 at SUSECVE-2024-45015 at NVDCVE-2024-45018 at SUSECVE-2024-45018 at NVDCVE-2024-45020 at SUSECVE-2024-45020 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-45028 at SUSECVE-2024-45028 at NVDCVE-2024-45029 at SUSECVE-2024-45029 at NVDCVE-2024-46673 at SUSECVE-2024-46673 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46675 at SUSECVE-2024-46675 at NVDCVE-2024-46676 at SUSECVE-2024-46676 at NVDCVE-2024-46677 at SUSECVE-2024-46677 at NVDCVE-2024-46679 at SUSECVE-2024-46679 at NVDCVE-2024-46685 at SUSECVE-2024-46685 at NVDCVE-2024-46686 at SUSECVE-2024-46686 at NVDCVE-2024-46689 at SUSECVE-2024-46689 at NVDCVE-2024-46694 at SUSECVE-2024-46694 at NVDCVE-2024-46702 at SUSECVE-2024-46702 at NVDCVE-2024-46707 at SUSECVE-2024-46707 at NVDCVE-2024-46714 at SUSECVE-2024-46714 at NVDCVE-2024-46715 at SUSECVE-2024-46715 at NVDCVE-2024-46717 at SUSECVE-2024-46717 at NVDCVE-2024-46720 at SUSECVE-2024-46720 at NVDCVE-2024-46721 at SUSECVE-2024-46721 at NVDCVE-2024-46722 at SUSECVE-2024-46722 at NVDCVE-2024-46723 at SUSECVE-2024-46723 at NVDCVE-2024-46724 at SUSECVE-2024-46724 at NVDCVE-2024-46725 at SUSECVE-2024-46725 at NVDCVE-2024-46726 at SUSECVE-2024-46726 at NVDCVE-2024-46727 at SUSECVE-2024-46727 at NVDCVE-2024-46728 at SUSECVE-2024-46728 at NVDCVE-2024-46730 at SUSECVE-2024-46730 at NVDCVE-2024-46731 at SUSECVE-2024-46731 at NVDCVE-2024-46732 at SUSECVE-2024-46732 at NVDCVE-2024-46737 at SUSECVE-2024-46737 at NVDCVE-2024-46738 at SUSECVE-2024-46738 at NVDCVE-2024-46739 at SUSECVE-2024-46739 at NVDCVE-2024-46743 at SUSECVE-2024-46743 at NVDCVE-2024-46744 at SUSECVE-2024-46744 at NVDCVE-2024-46745 at SUSECVE-2024-46745 at NVDCVE-2024-46746 at SUSECVE-2024-46746 at NVDCVE-2024-46747 at SUSECVE-2024-46747 at NVDCVE-2024-46750 at SUSECVE-2024-46750 at NVDCVE-2024-46751 at SUSECVE-2024-46751 at NVDCVE-2024-46752 at SUSECVE-2024-46752 at NVDCVE-2024-46753 at SUSECVE-2024-46753 at NVDCVE-2024-46755 at SUSECVE-2024-46755 at NVDCVE-2024-46756 at SUSECVE-2024-46756 at NVDCVE-2024-46758 at SUSECVE-2024-46758 at NVDCVE-2024-46759 at SUSECVE-2024-46759 at NVDCVE-2024-46761 at SUSECVE-2024-46761 at NVDCVE-2024-46771 at SUSECVE-2024-46771 at NVDCVE-2024-46772 at SUSECVE-2024-46772 at NVDCVE-2024-46773 at SUSECVE-2024-46773 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDCVE-2024-46778 at SUSECVE-2024-46778 at NVDCVE-2024-46780 at SUSECVE-2024-46780 at NVDCVE-2024-46781 at SUSECVE-2024-46781 at NVDCVE-2024-46783 at SUSECVE-2024-46783 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2024-46786 at SUSECVE-2024-46786 at NVDCVE-2024-46787 at SUSECVE-2024-46787 at NVDCVE-2024-46791 at SUSECVE-2024-46791 at NVDCVE-2024-46794 at SUSECVE-2024-46794 at NVDCVE-2024-46798 at SUSECVE-2024-46798 at NVDCVE-2024-46822 at SUSECVE-2024-46822 at NVDCVE-2024-46830 at SUSECVE-2024-46830 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
- CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
- CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
- CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
- CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
- CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
- CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
- CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
- CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
- CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
- CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
- CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
- CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
- CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
- CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
- CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783).
- CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786).
- CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116).
The following non-security bugs were fixed:
- ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: topology: Properly initialize soc_enum values (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: add number of queue calc helper (bsc#1229034).
- blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes).
- Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
- cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181).
- cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- devres: Initialize an uninitialized struct member (stable-fixes).
- driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
- driver core: Add missing parameter description to __fwnode_link_add() (git-fixes).
- driver core: Create __fwnode_link_del() helper function (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
- driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
- driver core: Set deferred probe reason when deferred by driver core (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes).
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation (stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes).
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes).
- drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu: fix overflowed array index read warning (stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes).
- drm/amd/pm: check negtive return for table entries (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes).
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/msm/a5xx: disable preemption in submits by default (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
- drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224085).
- firmware_loader: Block path traversal (git-fixes).
- fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592).
- fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
- genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- HID: amd_sfh: free driver_data after destroying hid device (stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
- Input: ilitek_ts_i2c - add report id message validation (git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
- ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
- media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes).
- media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
- media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
- mtd: slram: insert break after errors in parsing the map (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
- net: missing check virtio (git-fixes).
- net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes).
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes).
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes).
- nilfs2: Constify struct kobj_type (git-fixes).
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes).
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes).
- nilfs2: fix state management in error path of log writing function (git-fixes).
- nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
- nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
- nilfs2: use default_groups in kobj_type (git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes).
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- PCI: Wait for Link before restoring Downstream Buses (git-fixes).
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- pcmcia: Use resource_size function on resource object (stable-fixes).
- pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
- power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
- Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848).
- scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
- Squashfs: sanity check symbolic link size (git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
- tools/virtio: fix build (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
- udp: fix receiving fraglist GSO packets (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usbip: Do not submit special requests twice (stable-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
- usbnet: modern method to get random MAC (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
- usb: uas: set host status byte on data completion error (git-fixes).
- usb: uas: set host status byte on data completion error (stable-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- virtiofs: forbid newlines in tags (bsc#1230591).
- virtio_net: checksum offloading handling fix (git-fixes).
- virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio/vsock: fix logic which reduces credit update messages (git-fixes).
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes).
- vsock/virtio: add support for device suspend/resume (git-fixes).
- vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
- vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes).
- vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
- watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes).
- x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- x86/xen: Convert comma to semicolon (git-fixes).
- xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
- xen: allow mapping ACPI data using a different physical address (bsc#1226003).
- xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
- xen: move checks for e820 conflicts further up (bsc#1226003).
- xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003).
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- xen/swiotlb: fix allocated size (git-fixes).
- xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
- xen: use correct end address of kernel for conflict checking (bsc#1226003).
- xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
ImportantSUSE bug 1199769SUSE bug 1216223SUSE bug 1220382SUSE bug 1221610SUSE bug 1221650SUSE bug 1222629SUSE bug 1222973SUSE bug 1223600SUSE bug 1223848SUSE bug 1224085SUSE bug 1225903SUSE bug 1226003SUSE bug 1226606SUSE bug 1226662SUSE bug 1226666SUSE bug 1226846SUSE bug 1226860SUSE bug 1226875SUSE bug 1226915SUSE bug 1227487SUSE bug 1227726SUSE bug 1227819SUSE bug 1227832SUSE bug 1227890SUSE bug 1228507SUSE bug 1228576SUSE bug 1228620SUSE bug 1228771SUSE bug 1229031SUSE bug 1229034SUSE bug 1229086SUSE bug 1229156SUSE bug 1229289SUSE bug 1229334SUSE bug 1229362SUSE bug 1229363SUSE bug 1229364SUSE bug 1229394SUSE bug 1229429SUSE bug 1229453SUSE bug 1229572SUSE bug 1229573SUSE bug 1229585SUSE bug 1229607SUSE bug 1229619SUSE bug 1229633SUSE bug 1229662SUSE bug 1229753SUSE bug 1229764SUSE bug 1229790SUSE bug 1229810SUSE bug 1229830SUSE bug 1229899SUSE bug 1229928SUSE bug 1229947SUSE bug 1230015SUSE bug 1230129SUSE bug 1230130SUSE bug 1230170SUSE bug 1230171SUSE bug 1230174SUSE bug 1230175SUSE bug 1230176SUSE bug 1230178SUSE bug 1230180SUSE bug 1230185SUSE bug 1230192SUSE bug 1230193SUSE bug 1230194SUSE bug 1230200SUSE bug 1230204SUSE bug 1230209SUSE bug 1230211SUSE bug 1230212SUSE bug 1230217SUSE bug 1230224SUSE bug 1230230SUSE bug 1230233SUSE bug 1230244SUSE bug 1230245SUSE bug 1230247SUSE bug 1230248SUSE bug 1230269SUSE bug 1230339SUSE bug 1230340SUSE bug 1230392SUSE bug 1230398SUSE bug 1230431SUSE bug 1230433SUSE bug 1230434SUSE bug 1230440SUSE bug 1230442SUSE bug 1230444SUSE bug 1230450SUSE bug 1230451SUSE bug 1230454SUSE bug 1230506SUSE bug 1230507SUSE bug 1230511SUSE bug 1230515SUSE bug 1230517SUSE bug 1230524SUSE bug 1230533SUSE bug 1230535SUSE bug 1230549SUSE bug 1230556SUSE bug 1230582SUSE bug 1230589SUSE bug 1230591SUSE bug 1230592SUSE bug 1230699SUSE bug 1230700SUSE bug 1230701SUSE bug 1230702SUSE bug 1230703SUSE bug 1230705SUSE bug 1230706SUSE bug 1230707SUSE bug 1230709SUSE bug 1230710SUSE bug 1230711SUSE bug 1230712SUSE bug 1230719SUSE bug 1230724SUSE bug 1230725SUSE bug 1230730SUSE bug 1230731SUSE bug 1230732SUSE bug 1230733SUSE bug 1230747SUSE bug 1230748SUSE bug 1230751SUSE bug 1230752SUSE bug 1230756SUSE bug 1230761SUSE bug 1230766SUSE bug 1230767SUSE bug 1230768SUSE bug 1230771SUSE bug 1230772SUSE bug 1230776SUSE bug 1230783SUSE bug 1230786SUSE bug 1230791SUSE bug 1230794SUSE bug 1230796SUSE bug 1230802SUSE bug 1230806SUSE bug 1230808SUSE bug 1230810SUSE bug 1230812SUSE bug 1230813SUSE bug 1230814SUSE bug 1230815SUSE bug 1230821SUSE bug 1230825SUSE bug 1230830SUSE bug 1231013SUSE bug 1231017SUSE bug 1231116SUSE bug 1231120SUSE bug 1231146SUSE bug 1231180SUSE bug 1231181CVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2023-52610 at SUSECVE-2023-52610 at NVDCVE-2023-52916 at SUSECVE-2023-52916 at NVDCVE-2024-26640 at SUSECVE-2024-26640 at NVDCVE-2024-26759 at SUSECVE-2024-26759 at NVDCVE-2024-26767 at SUSECVE-2024-26767 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-26837 at SUSECVE-2024-26837 at NVDCVE-2024-37353 at SUSECVE-2024-37353 at NVDCVE-2024-38538 at SUSECVE-2024-38538 at NVDCVE-2024-38596 at SUSECVE-2024-38596 at NVDCVE-2024-38632 at SUSECVE-2024-38632 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-40973 at SUSECVE-2024-40973 at NVDCVE-2024-40983 at SUSECVE-2024-40983 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41082 at SUSECVE-2024-41082 at NVDCVE-2024-42154 at SUSECVE-2024-42154 at NVDCVE-2024-42259 at SUSECVE-2024-42259 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-42304 at SUSECVE-2024-42304 at NVDCVE-2024-42305 at SUSECVE-2024-42305 at NVDCVE-2024-42306 at SUSECVE-2024-42306 at NVDCVE-2024-43828 at SUSECVE-2024-43828 at NVDCVE-2024-43835 at SUSECVE-2024-43835 at NVDCVE-2024-43890 at SUSECVE-2024-43890 at NVDCVE-2024-43898 at SUSECVE-2024-43898 at NVDCVE-2024-43912 at SUSECVE-2024-43912 at NVDCVE-2024-43914 at SUSECVE-2024-43914 at NVDCVE-2024-44935 at SUSECVE-2024-44935 at NVDCVE-2024-44944 at SUSECVE-2024-44944 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-44948 at SUSECVE-2024-44948 at NVDCVE-2024-44950 at SUSECVE-2024-44950 at NVDCVE-2024-44952 at SUSECVE-2024-44952 at NVDCVE-2024-44954 at SUSECVE-2024-44954 at NVDCVE-2024-44967 at SUSECVE-2024-44967 at NVDCVE-2024-44969 at SUSECVE-2024-44969 at NVDCVE-2024-44970 at SUSECVE-2024-44970 at NVDCVE-2024-44971 at SUSECVE-2024-44971 at NVDCVE-2024-44972 at SUSECVE-2024-44972 at NVDCVE-2024-44977 at SUSECVE-2024-44977 at NVDCVE-2024-44982 at SUSECVE-2024-44982 at NVDCVE-2024-44986 at SUSECVE-2024-44986 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-44988 at SUSECVE-2024-44988 at NVDCVE-2024-44989 at SUSECVE-2024-44989 at NVDCVE-2024-44990 at SUSECVE-2024-44990 at NVDCVE-2024-44998 at SUSECVE-2024-44998 at NVDCVE-2024-44999 at SUSECVE-2024-44999 at NVDCVE-2024-45000 at SUSECVE-2024-45000 at NVDCVE-2024-45001 at SUSECVE-2024-45001 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45006 at SUSECVE-2024-45006 at NVDCVE-2024-45007 at SUSECVE-2024-45007 at NVDCVE-2024-45008 at SUSECVE-2024-45008 at NVDCVE-2024-45011 at SUSECVE-2024-45011 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45015 at SUSECVE-2024-45015 at NVDCVE-2024-45018 at SUSECVE-2024-45018 at NVDCVE-2024-45020 at SUSECVE-2024-45020 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-45028 at SUSECVE-2024-45028 at NVDCVE-2024-45029 at SUSECVE-2024-45029 at NVDCVE-2024-46673 at SUSECVE-2024-46673 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46675 at SUSECVE-2024-46675 at NVDCVE-2024-46676 at SUSECVE-2024-46676 at NVDCVE-2024-46677 at SUSECVE-2024-46677 at NVDCVE-2024-46679 at SUSECVE-2024-46679 at NVDCVE-2024-46685 at SUSECVE-2024-46685 at NVDCVE-2024-46686 at SUSECVE-2024-46686 at NVDCVE-2024-46689 at SUSECVE-2024-46689 at NVDCVE-2024-46694 at SUSECVE-2024-46694 at NVDCVE-2024-46702 at SUSECVE-2024-46702 at NVDCVE-2024-46707 at SUSECVE-2024-46707 at NVDCVE-2024-46714 at SUSECVE-2024-46714 at NVDCVE-2024-46715 at SUSECVE-2024-46715 at NVDCVE-2024-46717 at SUSECVE-2024-46717 at NVDCVE-2024-46720 at SUSECVE-2024-46720 at NVDCVE-2024-46721 at SUSECVE-2024-46721 at NVDCVE-2024-46722 at SUSECVE-2024-46722 at NVDCVE-2024-46723 at SUSECVE-2024-46723 at NVDCVE-2024-46724 at SUSECVE-2024-46724 at NVDCVE-2024-46725 at SUSECVE-2024-46725 at NVDCVE-2024-46726 at SUSECVE-2024-46726 at NVDCVE-2024-46727 at SUSECVE-2024-46727 at NVDCVE-2024-46728 at SUSECVE-2024-46728 at NVDCVE-2024-46730 at SUSECVE-2024-46730 at NVDCVE-2024-46731 at SUSECVE-2024-46731 at NVDCVE-2024-46732 at SUSECVE-2024-46732 at NVDCVE-2024-46737 at SUSECVE-2024-46737 at NVDCVE-2024-46738 at SUSECVE-2024-46738 at NVDCVE-2024-46739 at SUSECVE-2024-46739 at NVDCVE-2024-46743 at SUSECVE-2024-46743 at NVDCVE-2024-46744 at SUSECVE-2024-46744 at NVDCVE-2024-46745 at SUSECVE-2024-46745 at NVDCVE-2024-46746 at SUSECVE-2024-46746 at NVDCVE-2024-46747 at SUSECVE-2024-46747 at NVDCVE-2024-46750 at SUSECVE-2024-46750 at NVDCVE-2024-46751 at SUSECVE-2024-46751 at NVDCVE-2024-46752 at SUSECVE-2024-46752 at NVDCVE-2024-46753 at SUSECVE-2024-46753 at NVDCVE-2024-46755 at SUSECVE-2024-46755 at NVDCVE-2024-46756 at SUSECVE-2024-46756 at NVDCVE-2024-46758 at SUSECVE-2024-46758 at NVDCVE-2024-46759 at SUSECVE-2024-46759 at NVDCVE-2024-46761 at SUSECVE-2024-46761 at NVDCVE-2024-46771 at SUSECVE-2024-46771 at NVDCVE-2024-46772 at SUSECVE-2024-46772 at NVDCVE-2024-46773 at SUSECVE-2024-46773 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDCVE-2024-46778 at SUSECVE-2024-46778 at NVDCVE-2024-46780 at SUSECVE-2024-46780 at NVDCVE-2024-46781 at SUSECVE-2024-46781 at NVDCVE-2024-46783 at SUSECVE-2024-46783 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2024-46786 at SUSECVE-2024-46786 at NVDCVE-2024-46787 at SUSECVE-2024-46787 at NVDCVE-2024-46791 at SUSECVE-2024-46791 at NVDCVE-2024-46794 at SUSECVE-2024-46794 at NVDCVE-2024-46798 at SUSECVE-2024-46798 at NVDCVE-2024-46822 at SUSECVE-2024-46822 at NVDCVE-2024-46830 at SUSECVE-2024-46830 at NVDcpe:/o:suse:sle-micro:5.5Security update for keepalived (Moderate)SUSE Linux Enterprise Micro 5.5
This update for keepalived fixes the following issues:
- CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123)
ModerateSUSE bug 1228123CVE-2024-41184 at SUSECVE-2024-41184 at NVDcpe:/o:suse:sle-micro:5.5Security update for unbound (Moderate)SUSE Linux Enterprise Micro 5.5
This update for unbound fixes the following issues:
- CVE-2024-8508: Fixed unbounded name compression that could lead to denial of service (bsc#1231284)
ModerateSUSE bug 1231284CVE-2024-8508 at SUSECVE-2024-8508 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-9675: Fixed cache arbitrary directory mount (bsc#1231499).
- CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208).
The following non-security bug was fixed:
- rootless ipv6 containers can't be started (bsc#1214612).
ModerateSUSE bug 1214612SUSE bug 1231208SUSE bug 1231499CVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDcpe:/o:suse:sle-micro:5.5Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.5
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
ImportantSUSE bug 1230778CVE-2024-7254 at SUSECVE-2024-7254 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698)
ModerateSUSE bug 1231698CVE-2024-9676 at SUSECVE-2024-9676 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
ModerateSUSE bug 1232528CVE-2024-9681 at SUSECVE-2024-9681 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-8354: Fixed assertion failure in usb_ep_get() (bsc#1230834).
- CVE-2024-8612: Fixed nformation leak in virtio devices (bsc#1230915).
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007).
ImportantSUSE bug 1229007SUSE bug 1230834SUSE bug 1230915CVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8354 at SUSECVE-2024-8354 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622)
- CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624)
- CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366)
Non-security issues fixed:
- Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542)
- Upstream bug fixes (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1230366SUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45817 at SUSECVE-2024-45817 at NVDCVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49962: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (bsc#1232314).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
The following non-security bugs were fixed:
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- ACPI: battery: Simplify battery hook locking (bsc#1232154)
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda: Fix kctl->id initialization (git-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- Drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- Input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: Fix lockdep false negative during host resume (git-fixes).
- KVM: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- KVM: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- KVM: eventfd: Fix false positive RCU usage warning (git-fixes).
- KVM: fix memoryleak in kvm_init() (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- KVM: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (stable-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- USB: misc: yurex: fix race between read and write (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- block: print symbolic error name instead of error code (bsc#1231872).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kvm/arm64: rework guest entry logic (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
ImportantSUSE bug 1054914SUSE bug 1065729SUSE bug 1194869SUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216813SUSE bug 1218562SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1225762SUSE bug 1226498SUSE bug 1226631SUSE bug 1226797SUSE bug 1227437SUSE bug 1227885SUSE bug 1228119SUSE bug 1228269SUSE bug 1228709SUSE bug 1228743SUSE bug 1228747SUSE bug 1229005SUSE bug 1229019SUSE bug 1229450SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1229769SUSE bug 1229837SUSE bug 1229891SUSE bug 1230055SUSE bug 1230179SUSE bug 1230289SUSE bug 1230405SUSE bug 1230414SUSE bug 1230429SUSE bug 1230456SUSE bug 1230550SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230722SUSE bug 1230763SUSE bug 1230773SUSE bug 1230774SUSE bug 1230801SUSE bug 1230903SUSE bug 1230918SUSE bug 1231016SUSE bug 1231072SUSE bug 1231073SUSE bug 1231084SUSE bug 1231085SUSE bug 1231087SUSE bug 1231094SUSE bug 1231096SUSE bug 1231105SUSE bug 1231114SUSE bug 1231115SUSE bug 1231148SUSE bug 1231179SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231277SUSE bug 1231293SUSE bug 1231327SUSE bug 1231344SUSE bug 1231375SUSE bug 1231383SUSE bug 1231439SUSE bug 1231442SUSE bug 1231496SUSE bug 1231502SUSE bug 1231539SUSE bug 1231540SUSE bug 1231578SUSE bug 1231673SUSE bug 1231857SUSE bug 1231861SUSE bug 1231872SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231889SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231902SUSE bug 1231903SUSE bug 1231907SUSE bug 1231914SUSE bug 1231929SUSE bug 1231935SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231944SUSE bug 1231950SUSE bug 1231954SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231965SUSE bug 1231967SUSE bug 1231968SUSE bug 1231972SUSE bug 1231973SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231990SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1231998SUSE bug 1232001SUSE bug 1232004SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232034SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232043SUSE bug 1232049SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232075SUSE bug 1232083SUSE bug 1232084SUSE bug 1232085SUSE bug 1232089SUSE bug 1232097SUSE bug 1232104SUSE bug 1232105SUSE bug 1232108SUSE bug 1232114SUSE bug 1232116SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232124SUSE bug 1232133SUSE bug 1232135SUSE bug 1232136SUSE bug 1232140SUSE bug 1232145SUSE bug 1232149SUSE bug 1232150SUSE bug 1232151SUSE bug 1232154SUSE bug 1232155SUSE bug 1232160SUSE bug 1232163SUSE bug 1232164SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232175SUSE bug 1232191SUSE bug 1232196SUSE bug 1232199SUSE bug 1232200SUSE bug 1232201SUSE bug 1232217SUSE bug 1232220SUSE bug 1232221SUSE bug 1232229SUSE bug 1232233SUSE bug 1232237SUSE bug 1232251SUSE bug 1232253SUSE bug 1232259SUSE bug 1232260SUSE bug 1232262SUSE bug 1232263SUSE bug 1232282SUSE bug 1232285SUSE bug 1232286SUSE bug 1232304SUSE bug 1232305SUSE bug 1232307SUSE bug 1232309SUSE bug 1232310SUSE bug 1232313SUSE bug 1232314SUSE bug 1232316SUSE bug 1232329SUSE bug 1232332SUSE bug 1232335SUSE bug 1232337SUSE bug 1232342SUSE bug 1232345SUSE bug 1232352SUSE bug 1232354SUSE bug 1232355SUSE bug 1232358SUSE bug 1232361SUSE bug 1232366SUSE bug 1232367SUSE bug 1232368SUSE bug 1232369SUSE bug 1232374SUSE bug 1232381SUSE bug 1232383SUSE bug 1232392SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232435SUSE bug 1232442SUSE bug 1232446SUSE bug 1232501SUSE bug 1232519SUSE bug 1232630SUSE bug 1232631SUSE bug 1232632SUSE bug 1232757CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48957 at SUSECVE-2022-48957 at NVDCVE-2022-48958 at SUSECVE-2022-48958 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48966 at SUSECVE-2022-48966 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48980 at SUSECVE-2022-48980 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49017 at SUSECVE-2022-49017 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49020 at SUSECVE-2022-49020 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-36244 at SUSECVE-2024-36244 at NVDCVE-2024-36957 at SUSECVE-2024-36957 at NVDCVE-2024-39476 at SUSECVE-2024-39476 at NVDCVE-2024-40965 at SUSECVE-2024-40965 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42226 at SUSECVE-2024-42226 at NVDCVE-2024-42253 at SUSECVE-2024-42253 at NVDCVE-2024-44931 at SUSECVE-2024-44931 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-44958 at SUSECVE-2024-44958 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45025 at SUSECVE-2024-45025 at NVDCVE-2024-46678 at SUSECVE-2024-46678 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46719 at SUSECVE-2024-46719 at NVDCVE-2024-46754 at SUSECVE-2024-46754 at NVDCVE-2024-46770 at SUSECVE-2024-46770 at NVDCVE-2024-46775 at SUSECVE-2024-46775 at NVDCVE-2024-46777 at SUSECVE-2024-46777 at NVDCVE-2024-46809 at SUSECVE-2024-46809 at NVDCVE-2024-46811 at SUSECVE-2024-46811 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46826 at SUSECVE-2024-46826 at NVDCVE-2024-46828 at SUSECVE-2024-46828 at NVDCVE-2024-46834 at SUSECVE-2024-46834 at NVDCVE-2024-46840 at SUSECVE-2024-46840 at NVDCVE-2024-46841 at SUSECVE-2024-46841 at NVDCVE-2024-46848 at SUSECVE-2024-46848 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-46855 at SUSECVE-2024-46855 at NVDCVE-2024-46857 at SUSECVE-2024-46857 at NVDCVE-2024-47660 at SUSECVE-2024-47660 at NVDCVE-2024-47661 at SUSECVE-2024-47661 at NVDCVE-2024-47664 at SUSECVE-2024-47664 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47672 at SUSECVE-2024-47672 at NVDCVE-2024-47673 at SUSECVE-2024-47673 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47685 at SUSECVE-2024-47685 at NVDCVE-2024-47692 at SUSECVE-2024-47692 at NVDCVE-2024-47704 at SUSECVE-2024-47704 at NVDCVE-2024-47705 at SUSECVE-2024-47705 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47707 at SUSECVE-2024-47707 at NVDCVE-2024-47710 at SUSECVE-2024-47710 at NVDCVE-2024-47720 at SUSECVE-2024-47720 at NVDCVE-2024-47727 at SUSECVE-2024-47727 at NVDCVE-2024-47730 at SUSECVE-2024-47730 at NVDCVE-2024-47738 at SUSECVE-2024-47738 at NVDCVE-2024-47739 at SUSECVE-2024-47739 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49858 at SUSECVE-2024-49858 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49866 at SUSECVE-2024-49866 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49881 at SUSECVE-2024-49881 at NVDCVE-2024-49882 at SUSECVE-2024-49882 at NVDCVE-2024-49883 at SUSECVE-2024-49883 at NVDCVE-2024-49886 at SUSECVE-2024-49886 at NVDCVE-2024-49890 at SUSECVE-2024-49890 at NVDCVE-2024-49892 at SUSECVE-2024-49892 at NVDCVE-2024-49894 at SUSECVE-2024-49894 at NVDCVE-2024-49895 at SUSECVE-2024-49895 at NVDCVE-2024-49896 at SUSECVE-2024-49896 at NVDCVE-2024-49897 at SUSECVE-2024-49897 at NVDCVE-2024-49899 at SUSECVE-2024-49899 at NVDCVE-2024-49901 at SUSECVE-2024-49901 at NVDCVE-2024-49906 at SUSECVE-2024-49906 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49909 at SUSECVE-2024-49909 at NVDCVE-2024-49911 at SUSECVE-2024-49911 at NVDCVE-2024-49912 at SUSECVE-2024-49912 at NVDCVE-2024-49913 at SUSECVE-2024-49913 at NVDCVE-2024-49914 at SUSECVE-2024-49914 at NVDCVE-2024-49917 at SUSECVE-2024-49917 at NVDCVE-2024-49918 at SUSECVE-2024-49918 at NVDCVE-2024-49919 at SUSECVE-2024-49919 at NVDCVE-2024-49920 at SUSECVE-2024-49920 at NVDCVE-2024-49922 at SUSECVE-2024-49922 at NVDCVE-2024-49923 at SUSECVE-2024-49923 at NVDCVE-2024-49929 at SUSECVE-2024-49929 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49933 at SUSECVE-2024-49933 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49939 at SUSECVE-2024-49939 at NVDCVE-2024-49946 at SUSECVE-2024-49946 at NVDCVE-2024-49949 at SUSECVE-2024-49949 at NVDCVE-2024-49954 at SUSECVE-2024-49954 at NVDCVE-2024-49955 at SUSECVE-2024-49955 at NVDCVE-2024-49958 at SUSECVE-2024-49958 at NVDCVE-2024-49959 at SUSECVE-2024-49959 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49962 at SUSECVE-2024-49962 at NVDCVE-2024-49967 at SUSECVE-2024-49967 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49973 at SUSECVE-2024-49973 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49975 at SUSECVE-2024-49975 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49993 at SUSECVE-2024-49993 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-49996 at SUSECVE-2024-49996 at NVDCVE-2024-50000 at SUSECVE-2024-50000 at NVDCVE-2024-50001 at SUSECVE-2024-50001 at NVDCVE-2024-50002 at SUSECVE-2024-50002 at NVDCVE-2024-50006 at SUSECVE-2024-50006 at NVDCVE-2024-50014 at SUSECVE-2024-50014 at NVDCVE-2024-50019 at SUSECVE-2024-50019 at NVDCVE-2024-50024 at SUSECVE-2024-50024 at NVDCVE-2024-50028 at SUSECVE-2024-50028 at NVDCVE-2024-50033 at SUSECVE-2024-50033 at NVDCVE-2024-50035 at SUSECVE-2024-50035 at NVDCVE-2024-50041 at SUSECVE-2024-50041 at NVDCVE-2024-50045 at SUSECVE-2024-50045 at NVDCVE-2024-50046 at SUSECVE-2024-50046 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50048 at SUSECVE-2024-50048 at NVDCVE-2024-50049 at SUSECVE-2024-50049 at NVDCVE-2024-50055 at SUSECVE-2024-50055 at NVDCVE-2024-50058 at SUSECVE-2024-50058 at NVDCVE-2024-50059 at SUSECVE-2024-50059 at NVDCVE-2024-50061 at SUSECVE-2024-50061 at NVDCVE-2024-50063 at SUSECVE-2024-50063 at NVDCVE-2024-50081 at SUSECVE-2024-50081 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:sle-micro:5.5Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:suse:sle-micro:5.5Security update for ovmf (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ovmf fixes the following issues:
- CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount (bsc#1225889).
ModerateSUSE bug 1225889CVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:suse:sle-micro:5.5Security update for libuv (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
ModerateSUSE bug 1219724CVE-2024-24806 at SUSECVE-2024-24806 at NVDcpe:/o:suse:sle-micro:5.5Security update for wget (Moderate)SUSE Linux Enterprise Micro 5.5
This update for wget fixes the following issues:
- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)
ModerateSUSE bug 1233773CVE-2024-10524 at SUSECVE-2024-10524 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Low)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.5Recommended update for helm (Moderate)SUSE Linux Enterprise Micro 5.5
helm was updated to fix the following issues:
Update to version 3.16.3:
* fix: fix label name
* Fix typo in pkg/lint/rules/chartfile_test.go
* Increasing the size of the runner used for releases.
* fix(hooks): correct hooks delete order
* Bump github.com/containerd/containerd from 1.7.12 to 1.7.23
Update to version 3.16.2:
* Revering change unrelated to issue #13176
* adds tests for handling of Helm index with broken chart
versions #13176
* improves handling of Helm index with broken helm chart versions
#13176
* Bump the k8s-io group with 7 updates
* adding check-latest:true
* Grammar fixes
* Fix typos
Update to version 3.16.1:
* bumping version to 1.22.7
* Merge pull request #13327 from mattfarina/revert-11726
Update to version 3.16.0:
Helm v3.16.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Notable Changes
- added sha512sum template function
- added ActiveHelp for cmds that don't take any more args
- drops very old Kubernetes versions support in helm create
- add --skip-schema-validation flag to helm 'install',
'upgrade' and 'lint'
- fixed bug to now use burst limit setting for discovery
- Added windows arm64 support
* Full changelog see
https://github.com/helm/helm/releases/tag/v3.16.0
Update to version 3.15.4:
* Bump the k8s-io group across 1 directory with 7 updates
* Bump github.com/docker/docker
-------------------------------------------------------------------
Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 3.15.3:
* fix(helm): Use burst limit setting for discovery
* fixed dependency_update_test.go
* fix(dependencyBuild): prevent race condition in concurrent helm
dependency
* fix: respect proxy envvars on helm install/upgrade
* Merge pull request #13085 from
alex-kattathra-johnson/issue-12961
Update to version 3.15.2:
* fix: wrong cli description
* fix typo in load_plugins.go
* fix docs of DeployedAll
* Bump github.com/docker/docker
* bump oras minor version
* feat(load.go): add warning on requirements.lock
Update to version 3.15.1:
* Fixing build issue where wrong version is used
Update to version 3.15.0:
Helm v3.15.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Updating to k8s 1.30 c4e37b3 (Matt Farina)
* bump version to v3.15.0 d7afa3b (Matt Farina)
* bump version to 7743467 (Matt Farina)
* Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
* Update testdata PKI with keys that have validity until 3393
(Fixes #12880) 1b75d48 (Dirk M?ller)
* Modified how created annotation is populated based on package
creation time 0a69a0d (Andrew Block)
* Enabling hide secrets on install and upgrade dry run 25c4738
(Matt Farina)
* Fixing all the linting errors d58d7b3 (Robert Sirchia)
* Add a note about --dry-run displaying secrets a23dd9e (Matt
Farina)
* Updating .gitignore 8b424ba (Robert Sirchia)
* add error messages 8d19bcb (George Jenkins)
* Fix: Ignore alias validation error for index load 68294fd
(George Jenkins)
* validation fix 8e6a514 (Matt Farina)
* bug: add proxy support for oci getter 94c1dea (Ricardo
Maraschini)
* Update architecture detection method 57a1bb8 (weidongkl)
* Improve release action 4790bb9 (George Jenkins)
* Fix grammatical error c25736c (Matt Carr)
* Updated for review comments d2cf8c6 (MichaelMorris)
* Add robustness to wait status checks fc74964 (MichaelMorris)
* refactor: create a helper for checking if a release is
uninstalled f908379 (Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history
9e198fa (Alex Petrov)
Update to version 3.14.4:
Helm v3.14.4 is a patch release. Users are encouraged to upgrade
for the best experience. Users are encouraged to upgrade for the
best experience.
* refactor: create a helper for checking if a release is
uninstalled 81c902a (Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history
5a11c76 (Alex Petrov)
* bug: add proxy support for oci getter aa7d953 (Ricardo
Maraschini)
Update to version 3.14.3:
* Add a note about --dry-run displaying secrets
* add error messages
* Fix: Ignore alias validation error for index load
* Update architecture detection method
Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):
* Fix for uninitialized variable in yaml parsing
Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):
* validation fix
Update to version 3.14.0:
* Notable Changes
- New helm search flag of --fail-on-no-result
- Allow a nested tpl invocation access to defines
- Speed up the tpl function
- Added qps/HELM_QPS parameter that tells Kubernetes packages
how to operate
- Added --kube-version to lint command
- The ignore pkg is now public
* Changelog
- Improve release action
- Fix issues when verify generation readiness was merged
- fix test to use the default code's k8sVersionMinor
- lint: Add --kube-version flag to set capabilities and
deprecation rules
- Removing Asset Transparency
- tests(pkg/engine): test RenderWithClientProvider
- Make the `ignore` pkg public again
- feature(pkg/engine): introduce RenderWithClientProvider
- Updating Helm libraries for k8s 1.28.4
- Remove excessive logging
- Update CONTRIBUTING.md
- Fixing release labelling in rollback
- feat: move livenessProbe and readinessProbe values to default
values file
- Revert 'fix(main): fix basic auth for helm pull or push'
- Revert 'fix(registry): address anonymous pull issue'
- Update get-helm-3
- Drop filterSystemLabels usage from Query method
- Apply review suggestions
- Update get-helm-3 to get version through get.helm.sh
- feat: print failed hook name
- Fixing precedence issue with the import of values.
- chore(create): indent to spaces
- Allow using label selectors for system labels for sql
backend.
- Allow using label selectors for system labels for secrets and
configmap backends.
- remove useless print during prepareUpgrade
- Add missing with clause to release gh action
- FIX Default ServiceAccount yaml
- fix(registry): address anonymous pull issue
- fix(registry): unswallow error
- Fix missing run statement on release action
- Add qps/HELM_QPS parameter
- Write latest version to get.helm.sh bucket
- Increased release information key name max length.
- Pin gox to specific commit
- Remove `GoFish` from package managers for installing the
binary
- Test update for 'Allow a nested `tpl` invocation access to
`defines` in a containing one'
- Test update for 'Speed up `tpl`'
- Add support for RISC-V
- lint and validate dependency metadata to reference
dependencies with a unique key (name or alias)
- Work around template.Clone omitting options
- fix: pass 'passCredentialsAll' as env-var to getter
- feat: pass basic auth to env-vars when running download
plugins
- helm search: New CLI Flag --fail-on-no-result
- Update pkg/kube/ready.go
- fix post install hook deletion due to before-hook-creation
policy
- Allow a nested `tpl` invocation access to `defines` in a
containing one
- Remove the 'reference templates' concept
- Speed up `tpl`
- ready checker- comment update
- ready checker- remove duplicate statefulset generational
check
- Verify generation in readiness checks
- feat(helm): add --reset-then-reuse-values flag to 'helm
upgrade'
ModerateSUSE bug 1219969SUSE bug 1220207CVE-2024-25620 at SUSECVE-2024-25620 at NVDCVE-2024-26147 at SUSECVE-2024-26147 at NVDcpe:/o:suse:sle-micro:5.5Security update for socat (Moderate)SUSE Linux Enterprise Micro 5.5
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
ModerateSUSE bug 1225462CVE-2024-54661 at SUSECVE-2024-54661 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- Drop OCFS2 patch causing a regression (bsc#1233255)
- Fix regression on AMDGPU driver (bsc#1233134)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bugreference to a hv_netvsc patch (bsc#1232413).
- add commit message for the kABI patch
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- qed: avoid truncating work queue length (git-fixes).
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
ImportantSUSE bug 1082555SUSE bug 1194869SUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1221333SUSE bug 1222364SUSE bug 1222590SUSE bug 1223202SUSE bug 1223656SUSE bug 1223848SUSE bug 1223919SUSE bug 1223942SUSE bug 1224518SUSE bug 1224526SUSE bug 1224574SUSE bug 1225725SUSE bug 1225730SUSE bug 1225742SUSE bug 1225764SUSE bug 1225812SUSE bug 1226560SUSE bug 1226592SUSE bug 1226631SUSE bug 1226748SUSE bug 1226872SUSE bug 1227853SUSE bug 1228410SUSE bug 1228430SUSE bug 1228486SUSE bug 1228650SUSE bug 1228857SUSE bug 1229312SUSE bug 1229429SUSE bug 1229585SUSE bug 1229752SUSE bug 1229808SUSE bug 1230055SUSE bug 1230220SUSE bug 1230231SUSE bug 1230270SUSE bug 1230558SUSE bug 1230827SUSE bug 1230918SUSE bug 1231083SUSE bug 1231089SUSE bug 1231098SUSE bug 1231101SUSE bug 1231108SUSE bug 1231111SUSE bug 1231132SUSE bug 1231135SUSE bug 1231138SUSE bug 1231169SUSE bug 1231178SUSE bug 1231180SUSE bug 1231181SUSE bug 1231187SUSE bug 1231202SUSE bug 1231434SUSE bug 1231441SUSE bug 1231452SUSE bug 1231465SUSE bug 1231474SUSE bug 1231481SUSE bug 1231537SUSE bug 1231541SUSE bug 1231646SUSE bug 1231849SUSE bug 1231856SUSE bug 1231858SUSE bug 1231859SUSE bug 1231864SUSE bug 1231904SUSE bug 1231916SUSE bug 1231920SUSE bug 1231923SUSE bug 1231930SUSE bug 1231931SUSE bug 1231947SUSE bug 1231952SUSE bug 1231953SUSE bug 1231959SUSE bug 1231978SUSE bug 1232013SUSE bug 1232015SUSE bug 1232016SUSE bug 1232017SUSE bug 1232027SUSE bug 1232028SUSE bug 1232047SUSE bug 1232048SUSE bug 1232050SUSE bug 1232056SUSE bug 1232076SUSE bug 1232080SUSE bug 1232094SUSE bug 1232096SUSE bug 1232098SUSE bug 1232111SUSE bug 1232126SUSE bug 1232134SUSE bug 1232135SUSE bug 1232141SUSE bug 1232142SUSE bug 1232147SUSE bug 1232152SUSE bug 1232159SUSE bug 1232162SUSE bug 1232165SUSE bug 1232180SUSE bug 1232185SUSE bug 1232187SUSE bug 1232189SUSE bug 1232195SUSE bug 1232198SUSE bug 1232201SUSE bug 1232218SUSE bug 1232224SUSE bug 1232232SUSE bug 1232254SUSE bug 1232255SUSE bug 1232264SUSE bug 1232272SUSE bug 1232279SUSE bug 1232287SUSE bug 1232293SUSE bug 1232312SUSE bug 1232317SUSE bug 1232318SUSE bug 1232333SUSE bug 1232334SUSE bug 1232335SUSE bug 1232339SUSE bug 1232349SUSE bug 1232357SUSE bug 1232359SUSE bug 1232362SUSE bug 1232364SUSE bug 1232370SUSE bug 1232371SUSE bug 1232378SUSE bug 1232385SUSE bug 1232387SUSE bug 1232394SUSE bug 1232413SUSE bug 1232416SUSE bug 1232436SUSE bug 1232483SUSE bug 1232500SUSE bug 1232503SUSE bug 1232504SUSE bug 1232507SUSE bug 1232520SUSE bug 1232552SUSE bug 1232757SUSE bug 1232819SUSE bug 1232860SUSE bug 1232870SUSE bug 1232873SUSE bug 1232877SUSE bug 1232878SUSE bug 1232881SUSE bug 1232884SUSE bug 1232885SUSE bug 1232887SUSE bug 1232888SUSE bug 1232890SUSE bug 1232892SUSE bug 1232896SUSE bug 1232897SUSE bug 1232905SUSE bug 1232907SUSE bug 1232919SUSE bug 1232926SUSE bug 1232928SUSE bug 1232935SUSE bug 1233035SUSE bug 1233049SUSE bug 1233051SUSE bug 1233056SUSE bug 1233057SUSE bug 1233061SUSE bug 1233063SUSE bug 1233065SUSE bug 1233067SUSE bug 1233070SUSE bug 1233073SUSE bug 1233074SUSE bug 1233100SUSE bug 1233103SUSE bug 1233104SUSE bug 1233105SUSE bug 1233106SUSE bug 1233107SUSE bug 1233108SUSE bug 1233110SUSE bug 1233111SUSE bug 1233113SUSE bug 1233114SUSE bug 1233117SUSE bug 1233123SUSE bug 1233125SUSE bug 1233129SUSE bug 1233130SUSE bug 1233134SUSE bug 1233135SUSE bug 1233150SUSE bug 1233189SUSE bug 1233191SUSE bug 1233197SUSE bug 1233205SUSE bug 1233206SUSE bug 1233209SUSE bug 1233210SUSE bug 1233211SUSE bug 1233212SUSE bug 1233214SUSE bug 1233216SUSE bug 1233238SUSE bug 1233241SUSE bug 1233253SUSE bug 1233255SUSE bug 1233293SUSE bug 1233350SUSE bug 1233452SUSE bug 1233453SUSE bug 1233454SUSE bug 1233456SUSE bug 1233457SUSE bug 1233458SUSE bug 1233460SUSE bug 1233462SUSE bug 1233463SUSE bug 1233468SUSE bug 1233471SUSE bug 1233476SUSE bug 1233478SUSE bug 1233479SUSE bug 1233481SUSE bug 1233484SUSE bug 1233487SUSE bug 1233490SUSE bug 1233491SUSE bug 1233528SUSE bug 1233548SUSE bug 1233552SUSE bug 1233553SUSE bug 1233554SUSE bug 1233555SUSE bug 1233557SUSE bug 1233560SUSE bug 1233561SUSE bug 1233570SUSE bug 1233577SUSE bug 1233580SUSE bug 1233977SUSE bug 1234012SUSE bug 1234025SUSE bug 1234085SUSE bug 1234093SUSE bug 1234098SUSE bug 1234108CVE-2021-47594 at SUSECVE-2021-47594 at NVDCVE-2022-48674 at SUSECVE-2022-48674 at NVDCVE-2022-48979 at SUSECVE-2022-48979 at NVDCVE-2022-48982 at SUSECVE-2022-48982 at NVDCVE-2022-48983 at SUSECVE-2022-48983 at NVDCVE-2022-48989 at SUSECVE-2022-48989 at NVDCVE-2022-48990 at SUSECVE-2022-48990 at NVDCVE-2023-52915 at SUSECVE-2023-52915 at NVDCVE-2023-52917 at SUSECVE-2023-52917 at NVDCVE-2023-52918 at SUSECVE-2023-52918 at NVDCVE-2023-52921 at SUSECVE-2023-52921 at NVDCVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-26953 at SUSECVE-2024-26953 at NVDCVE-2024-35888 at SUSECVE-2024-35888 at NVDCVE-2024-35937 at SUSECVE-2024-35937 at NVDCVE-2024-35980 at SUSECVE-2024-35980 at NVDCVE-2024-36484 at SUSECVE-2024-36484 at NVDCVE-2024-36883 at SUSECVE-2024-36883 at NVDCVE-2024-36886 at SUSECVE-2024-36886 at NVDCVE-2024-36905 at SUSECVE-2024-36905 at NVDCVE-2024-36953 at SUSECVE-2024-36953 at NVDCVE-2024-36954 at SUSECVE-2024-36954 at NVDCVE-2024-38577 at SUSECVE-2024-38577 at NVDCVE-2024-38589 at SUSECVE-2024-38589 at NVDCVE-2024-38615 at SUSECVE-2024-38615 at NVDCVE-2024-40997 at SUSECVE-2024-40997 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41023 at SUSECVE-2024-41023 at NVDCVE-2024-41049 at SUSECVE-2024-41049 at NVDCVE-2024-42131 at SUSECVE-2024-42131 at NVDCVE-2024-43817 at SUSECVE-2024-43817 at NVDCVE-2024-43897 at SUSECVE-2024-43897 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-44995 at SUSECVE-2024-44995 at NVDCVE-2024-46681 at SUSECVE-2024-46681 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-46802 at SUSECVE-2024-46802 at NVDCVE-2024-46804 at SUSECVE-2024-46804 at NVDCVE-2024-46805 at SUSECVE-2024-46805 at NVDCVE-2024-46807 at SUSECVE-2024-46807 at NVDCVE-2024-46810 at SUSECVE-2024-46810 at NVDCVE-2024-46812 at SUSECVE-2024-46812 at NVDCVE-2024-46819 at SUSECVE-2024-46819 at NVDCVE-2024-46821 at SUSECVE-2024-46821 at NVDCVE-2024-46835 at SUSECVE-2024-46835 at NVDCVE-2024-46842 at SUSECVE-2024-46842 at NVDCVE-2024-46853 at SUSECVE-2024-46853 at NVDCVE-2024-46859 at SUSECVE-2024-46859 at NVDCVE-2024-46864 at SUSECVE-2024-46864 at NVDCVE-2024-46871 at SUSECVE-2024-46871 at NVDCVE-2024-47663 at SUSECVE-2024-47663 at NVDCVE-2024-47665 at SUSECVE-2024-47665 at NVDCVE-2024-47667 at SUSECVE-2024-47667 at NVDCVE-2024-47669 at SUSECVE-2024-47669 at NVDCVE-2024-47670 at SUSECVE-2024-47670 at NVDCVE-2024-47671 at SUSECVE-2024-47671 at NVDCVE-2024-47679 at SUSECVE-2024-47679 at NVDCVE-2024-47682 at SUSECVE-2024-47682 at NVDCVE-2024-47693 at SUSECVE-2024-47693 at NVDCVE-2024-47695 at SUSECVE-2024-47695 at NVDCVE-2024-47696 at SUSECVE-2024-47696 at NVDCVE-2024-47697 at SUSECVE-2024-47697 at NVDCVE-2024-47698 at SUSECVE-2024-47698 at NVDCVE-2024-47699 at SUSECVE-2024-47699 at NVDCVE-2024-47701 at SUSECVE-2024-47701 at NVDCVE-2024-47709 at SUSECVE-2024-47709 at NVDCVE-2024-47712 at SUSECVE-2024-47712 at NVDCVE-2024-47713 at SUSECVE-2024-47713 at NVDCVE-2024-47718 at SUSECVE-2024-47718 at NVDCVE-2024-47723 at SUSECVE-2024-47723 at NVDCVE-2024-47728 at SUSECVE-2024-47728 at NVDCVE-2024-47735 at SUSECVE-2024-47735 at NVDCVE-2024-47737 at SUSECVE-2024-47737 at NVDCVE-2024-47742 at SUSECVE-2024-47742 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47749 at SUSECVE-2024-47749 at NVDCVE-2024-47756 at SUSECVE-2024-47756 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49850 at SUSECVE-2024-49850 at NVDCVE-2024-49851 at SUSECVE-2024-49851 at NVDCVE-2024-49852 at SUSECVE-2024-49852 at NVDCVE-2024-49855 at SUSECVE-2024-49855 at NVDCVE-2024-49861 at SUSECVE-2024-49861 at NVDCVE-2024-49863 at SUSECVE-2024-49863 at NVDCVE-2024-49868 at SUSECVE-2024-49868 at NVDCVE-2024-49870 at SUSECVE-2024-49870 at NVDCVE-2024-49871 at SUSECVE-2024-49871 at NVDCVE-2024-49875 at SUSECVE-2024-49875 at NVDCVE-2024-49877 at SUSECVE-2024-49877 at NVDCVE-2024-49879 at SUSECVE-2024-49879 at NVDCVE-2024-49884 at SUSECVE-2024-49884 at NVDCVE-2024-49891 at SUSECVE-2024-49891 at NVDCVE-2024-49900 at SUSECVE-2024-49900 at NVDCVE-2024-49902 at SUSECVE-2024-49902 at NVDCVE-2024-49903 at SUSECVE-2024-49903 at NVDCVE-2024-49905 at SUSECVE-2024-49905 at NVDCVE-2024-49907 at SUSECVE-2024-49907 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49921 at SUSECVE-2024-49921 at NVDCVE-2024-49924 at SUSECVE-2024-49924 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49934 at SUSECVE-2024-49934 at NVDCVE-2024-49935 at SUSECVE-2024-49935 at NVDCVE-2024-49938 at SUSECVE-2024-49938 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49947 at SUSECVE-2024-49947 at NVDCVE-2024-49950 at SUSECVE-2024-49950 at NVDCVE-2024-49957 at SUSECVE-2024-49957 at NVDCVE-2024-49963 at SUSECVE-2024-49963 at NVDCVE-2024-49965 at SUSECVE-2024-49965 at NVDCVE-2024-49966 at SUSECVE-2024-49966 at NVDCVE-2024-49968 at SUSECVE-2024-49968 at NVDCVE-2024-49981 at SUSECVE-2024-49981 at NVDCVE-2024-49983 at SUSECVE-2024-49983 at NVDCVE-2024-49985 at SUSECVE-2024-49985 at NVDCVE-2024-49989 at SUSECVE-2024-49989 at NVDCVE-2024-50003 at SUSECVE-2024-50003 at NVDCVE-2024-50007 at SUSECVE-2024-50007 at NVDCVE-2024-50008 at SUSECVE-2024-50008 at NVDCVE-2024-50009 at SUSECVE-2024-50009 at NVDCVE-2024-50013 at SUSECVE-2024-50013 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50025 at SUSECVE-2024-50025 at NVDCVE-2024-50026 at SUSECVE-2024-50026 at NVDCVE-2024-50031 at SUSECVE-2024-50031 at NVDCVE-2024-50044 at SUSECVE-2024-50044 at NVDCVE-2024-50062 at SUSECVE-2024-50062 at NVDCVE-2024-50067 at SUSECVE-2024-50067 at NVDCVE-2024-50073 at SUSECVE-2024-50073 at NVDCVE-2024-50074 at SUSECVE-2024-50074 at NVDCVE-2024-50077 at SUSECVE-2024-50077 at NVDCVE-2024-50078 at SUSECVE-2024-50078 at NVDCVE-2024-50082 at SUSECVE-2024-50082 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50093 at SUSECVE-2024-50093 at NVDCVE-2024-50095 at SUSECVE-2024-50095 at NVDCVE-2024-50096 at SUSECVE-2024-50096 at NVDCVE-2024-50098 at SUSECVE-2024-50098 at NVDCVE-2024-50099 at SUSECVE-2024-50099 at NVDCVE-2024-50103 at SUSECVE-2024-50103 at NVDCVE-2024-50108 at SUSECVE-2024-50108 at NVDCVE-2024-50110 at SUSECVE-2024-50110 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50116 at SUSECVE-2024-50116 at NVDCVE-2024-50117 at SUSECVE-2024-50117 at NVDCVE-2024-50124 at SUSECVE-2024-50124 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-50131 at SUSECVE-2024-50131 at NVDCVE-2024-50134 at SUSECVE-2024-50134 at NVDCVE-2024-50135 at SUSECVE-2024-50135 at NVDCVE-2024-50138 at SUSECVE-2024-50138 at NVDCVE-2024-50141 at SUSECVE-2024-50141 at NVDCVE-2024-50146 at SUSECVE-2024-50146 at NVDCVE-2024-50147 at SUSECVE-2024-50147 at NVDCVE-2024-50148 at SUSECVE-2024-50148 at NVDCVE-2024-50150 at SUSECVE-2024-50150 at NVDCVE-2024-50153 at SUSECVE-2024-50153 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50155 at SUSECVE-2024-50155 at NVDCVE-2024-50156 at SUSECVE-2024-50156 at NVDCVE-2024-50160 at SUSECVE-2024-50160 at NVDCVE-2024-50167 at SUSECVE-2024-50167 at NVDCVE-2024-50171 at SUSECVE-2024-50171 at NVDCVE-2024-50179 at SUSECVE-2024-50179 at NVDCVE-2024-50180 at SUSECVE-2024-50180 at NVDCVE-2024-50182 at SUSECVE-2024-50182 at NVDCVE-2024-50183 at SUSECVE-2024-50183 at NVDCVE-2024-50184 at SUSECVE-2024-50184 at NVDCVE-2024-50186 at SUSECVE-2024-50186 at NVDCVE-2024-50187 at SUSECVE-2024-50187 at NVDCVE-2024-50188 at SUSECVE-2024-50188 at NVDCVE-2024-50189 at SUSECVE-2024-50189 at NVDCVE-2024-50192 at SUSECVE-2024-50192 at NVDCVE-2024-50194 at SUSECVE-2024-50194 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50196 at SUSECVE-2024-50196 at NVDCVE-2024-50198 at SUSECVE-2024-50198 at NVDCVE-2024-50201 at SUSECVE-2024-50201 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50209 at SUSECVE-2024-50209 at NVDCVE-2024-50215 at SUSECVE-2024-50215 at NVDCVE-2024-50218 at SUSECVE-2024-50218 at NVDCVE-2024-50229 at SUSECVE-2024-50229 at NVDCVE-2024-50230 at SUSECVE-2024-50230 at NVDCVE-2024-50232 at SUSECVE-2024-50232 at NVDCVE-2024-50233 at SUSECVE-2024-50233 at NVDCVE-2024-50234 at SUSECVE-2024-50234 at NVDCVE-2024-50236 at SUSECVE-2024-50236 at NVDCVE-2024-50237 at SUSECVE-2024-50237 at NVDCVE-2024-50249 at SUSECVE-2024-50249 at NVDCVE-2024-50255 at SUSECVE-2024-50255 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50261 at SUSECVE-2024-50261 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50265 at SUSECVE-2024-50265 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50268 at SUSECVE-2024-50268 at NVDCVE-2024-50269 at SUSECVE-2024-50269 at NVDCVE-2024-50271 at SUSECVE-2024-50271 at NVDCVE-2024-50273 at SUSECVE-2024-50273 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50282 at SUSECVE-2024-50282 at NVDCVE-2024-50287 at SUSECVE-2024-50287 at NVDCVE-2024-50289 at SUSECVE-2024-50289 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50292 at SUSECVE-2024-50292 at NVDCVE-2024-50295 at SUSECVE-2024-50295 at NVDCVE-2024-50298 at SUSECVE-2024-50298 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53052 at SUSECVE-2024-53052 at NVDCVE-2024-53058 at SUSECVE-2024-53058 at NVDCVE-2024-53059 at SUSECVE-2024-53059 at NVDCVE-2024-53060 at SUSECVE-2024-53060 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53066 at SUSECVE-2024-53066 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDCVE-2024-53079 at SUSECVE-2024-53079 at NVDCVE-2024-53085 at SUSECVE-2024-53085 at NVDCVE-2024-53088 at SUSECVE-2024-53088 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53110 at SUSECVE-2024-53110 at NVDcpe:/o:suse:sle-micro:5.5Security update for vim (Low)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
LowSUSE bug 1229238SUSE bug 1231373CVE-2024-43374 at SUSECVE-2024-43374 at NVDCVE-2024-47814 at SUSECVE-2024-47814 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker (Important)SUSE Linux Enterprise Micro 5.5
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (bsc#1232251).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- acpi: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- acpi: battery: Simplify battery hook locking (bsc#1232154)
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: EC: Do not release locks during operation region accesses (stable-fixes).
- acpi: PAD: fix crash in exit_round_robin() (stable-fixes).
- acpi: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- acpi: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- acpi: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- acpi: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- acpica: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- acpica: iasl: handle empty connection_node (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: asihpi: Fix potential OOB array access (stable-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: core: add isascii() check to card ID generator (stable-fixes).
- alsa: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda: cs35l41: fix module autoloading (git-fixes).
- alsa: hda: Fix kctl->id initialization (git-fixes).
- alsa: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- alsa: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- alsa: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- alsa: hda/cs8409: Fix possible NULL dereference (git-fixes).
- alsa: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- alsa: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- alsa: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- alsa: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: Update default depop procedure (git-fixes).
- alsa: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- alsa: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- alsa: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- alsa: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- alsa: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- alsa: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usb-audio: Define macros for quirk table entries (stable-fixes).
- alsa: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- asoc: allow module autoloading for table db1200_pids (stable-fixes).
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- asoc: intel: fix module autoloading (stable-fixes).
- asoc: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- asoc: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- asoc: tda7419: fix module autoloading (stable-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- block: print symbolic error name instead of error code (bsc#1231872).
- bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- bluetooth: Call iso_exit() on module unload (git-fixes).
- bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: Remove debugfs directory on module init failure (git-fixes).
- bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop OCFS2 patch causing a regression (bsc#1233255)
- drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- Fix regression on AMDGPU driver (bsc#1233134)
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: multitouch: Add support for GT7868Q (stable-fixes).
- hid: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- hid: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- itco_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: Restore exported __arm_smccc_sve_check (git-fixes)
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- kvm: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- kvm: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- kvm: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- kvm: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- kvm: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kvm: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kvm: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- kvm: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- kvm: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- kvm: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- kvm: eventfd: Fix false positive RCU usage warning (git-fixes).
- kvm: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- kvm: Fix lockdep false negative during host resume (git-fixes).
- kvm: fix memoryleak in kvm_init() (git-fixes).
- kvm: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- kvm: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- kvm: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- kvm: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- kvm: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- kvm: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- kvm: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- kvm: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- kvm: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- kvm: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- kvm: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- kvm: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- kvm: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- kvm: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- kvm: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- kvm/arm64: rework guest entry logic (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: Fix NFSv4's PUTPUBFH operation (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: Mark filecache 'down' if init fails (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nfsv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- nfsv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- pci: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- pci: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rdma/bnxt_re: Add a check for memory allocation (git-fixes)
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- rdma/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- rdma/bnxt_re: Fix the GID table length (git-fixes)
- rdma/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- rdma/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- rdma/bnxt_re: Return more meaningful error (git-fixes)
- rdma/bnxt_re: synchronize the qp-handle table array (git-fixes)
- rdma/cxgb4: Dump vendor specific QP details (git-fixes)
- rdma/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/irdma: Fix misspelling of 'accept*' (git-fixes)
- rdma/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- rdma/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- rdma/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rdma/srpt: Make slab cache names unique (git-fixes)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (stable-fixes).
- Revert PM changes that caused a regression on S4 resume (bsc#1231578).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- sunrpc: clnt.c: Remove misleading comment (git-fixes).
- sunrpc: Fix integer overflow in decode_rc_list() (git-fixes).
- sunrpc: Fixup gss_status tracepoint error output (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: appledisplay: close race between probe and completion handler (stable-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- usb: misc: yurex: fix race between read and write (stable-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- usb: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- usb: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
ImportantSUSE bug 1054914SUSE bug 1065729SUSE bug 1082555SUSE bug 1194869SUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216813SUSE bug 1218562SUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1221333SUSE bug 1222364SUSE bug 1222590SUSE bug 1223202SUSE bug 1223384SUSE bug 1223524SUSE bug 1223656SUSE bug 1223824SUSE bug 1223848SUSE bug 1223919SUSE bug 1223942SUSE bug 1224518SUSE bug 1224526SUSE bug 1224574SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1225725SUSE bug 1225730SUSE bug 1225742SUSE bug 1225762SUSE bug 1225764SUSE bug 1225812SUSE bug 1226498SUSE bug 1226560SUSE bug 1226592SUSE bug 1226631SUSE bug 1226748SUSE bug 1226797SUSE bug 1226872SUSE bug 1227437SUSE bug 1227853SUSE bug 1227885SUSE bug 1228119SUSE bug 1228269SUSE bug 1228410SUSE bug 1228430SUSE bug 1228486SUSE bug 1228650SUSE bug 1228709SUSE bug 1228743SUSE bug 1228747SUSE bug 1228857SUSE bug 1229005SUSE bug 1229019SUSE bug 1229312SUSE bug 1229429SUSE bug 1229450SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1229585SUSE bug 1229752SUSE bug 1229769SUSE bug 1229808SUSE bug 1229837SUSE bug 1229891SUSE bug 1230055SUSE bug 1230179SUSE bug 1230220SUSE bug 1230231SUSE bug 1230270SUSE bug 1230289SUSE bug 1230405SUSE bug 1230414SUSE bug 1230429SUSE bug 1230456SUSE bug 1230550SUSE bug 1230558SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230722SUSE bug 1230763SUSE bug 1230773SUSE bug 1230774SUSE bug 1230801SUSE bug 1230827SUSE bug 1230903SUSE bug 1230918SUSE bug 1231016SUSE bug 1231072SUSE bug 1231073SUSE bug 1231083SUSE bug 1231084SUSE bug 1231085SUSE bug 1231087SUSE bug 1231089SUSE bug 1231094SUSE bug 1231096SUSE bug 1231098SUSE bug 1231101SUSE bug 1231105SUSE bug 1231108SUSE bug 1231111SUSE bug 1231114SUSE bug 1231115SUSE bug 1231132SUSE bug 1231135SUSE bug 1231138SUSE bug 1231148SUSE bug 1231169SUSE bug 1231178SUSE bug 1231179SUSE bug 1231180SUSE bug 1231181SUSE bug 1231187SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231202SUSE bug 1231203SUSE bug 1231277SUSE bug 1231293SUSE bug 1231327SUSE bug 1231344SUSE bug 1231375SUSE bug 1231383SUSE bug 1231434SUSE bug 1231439SUSE bug 1231441SUSE bug 1231442SUSE bug 1231452SUSE bug 1231465SUSE bug 1231474SUSE bug 1231481SUSE bug 1231496SUSE bug 1231502SUSE bug 1231537SUSE bug 1231539SUSE bug 1231540SUSE bug 1231541SUSE bug 1231578SUSE bug 1231646SUSE bug 1231673SUSE bug 1231849SUSE bug 1231856SUSE bug 1231857SUSE bug 1231858SUSE bug 1231859SUSE bug 1231861SUSE bug 1231864SUSE bug 1231872SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231889SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231902SUSE bug 1231903SUSE bug 1231904SUSE bug 1231907SUSE bug 1231914SUSE bug 1231916SUSE bug 1231920SUSE bug 1231923SUSE bug 1231929SUSE bug 1231930SUSE bug 1231931SUSE bug 1231935SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231944SUSE bug 1231947SUSE bug 1231950SUSE bug 1231952SUSE bug 1231953SUSE bug 1231954SUSE bug 1231958SUSE bug 1231959SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231965SUSE bug 1231967SUSE bug 1231968SUSE bug 1231972SUSE bug 1231973SUSE bug 1231976SUSE bug 1231978SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231990SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1231998SUSE bug 1232001SUSE bug 1232004SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232013SUSE bug 1232015SUSE bug 1232016SUSE bug 1232017SUSE bug 1232025SUSE bug 1232026SUSE bug 1232027SUSE bug 1232028SUSE bug 1232033SUSE bug 1232034SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232043SUSE bug 1232047SUSE bug 1232048SUSE bug 1232049SUSE bug 1232050SUSE bug 1232056SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232075SUSE bug 1232076SUSE bug 1232080SUSE bug 1232083SUSE bug 1232084SUSE bug 1232085SUSE bug 1232089SUSE bug 1232094SUSE bug 1232096SUSE bug 1232097SUSE bug 1232098SUSE bug 1232104SUSE bug 1232105SUSE bug 1232108SUSE bug 1232111SUSE bug 1232114SUSE bug 1232116SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232124SUSE bug 1232126SUSE bug 1232133SUSE bug 1232134SUSE bug 1232135SUSE bug 1232136SUSE bug 1232140SUSE bug 1232141SUSE bug 1232142SUSE bug 1232145SUSE bug 1232147SUSE bug 1232149SUSE bug 1232150SUSE bug 1232151SUSE bug 1232152SUSE bug 1232154SUSE bug 1232155SUSE bug 1232159SUSE bug 1232160SUSE bug 1232162SUSE bug 1232163SUSE bug 1232164SUSE bug 1232165SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232175SUSE bug 1232180SUSE bug 1232185SUSE bug 1232187SUSE bug 1232189SUSE bug 1232191SUSE bug 1232195SUSE bug 1232196SUSE bug 1232198SUSE bug 1232199SUSE bug 1232200SUSE bug 1232201SUSE bug 1232217SUSE bug 1232218SUSE bug 1232220SUSE bug 1232221SUSE bug 1232224SUSE bug 1232229SUSE bug 1232232SUSE bug 1232233SUSE bug 1232237SUSE bug 1232251SUSE bug 1232253SUSE bug 1232254SUSE bug 1232255SUSE bug 1232259SUSE bug 1232260SUSE bug 1232262SUSE bug 1232263SUSE bug 1232264SUSE bug 1232272SUSE bug 1232279SUSE bug 1232282SUSE bug 1232285SUSE bug 1232286SUSE bug 1232287SUSE bug 1232293SUSE bug 1232304SUSE bug 1232305SUSE bug 1232307SUSE bug 1232309SUSE bug 1232310SUSE bug 1232312SUSE bug 1232313SUSE bug 1232314SUSE bug 1232316SUSE bug 1232317SUSE bug 1232318SUSE bug 1232329SUSE bug 1232332SUSE bug 1232333SUSE bug 1232334SUSE bug 1232335SUSE bug 1232337SUSE bug 1232339SUSE bug 1232342SUSE bug 1232345SUSE bug 1232349SUSE bug 1232352SUSE bug 1232354SUSE bug 1232355SUSE bug 1232357SUSE bug 1232358SUSE bug 1232359SUSE bug 1232361SUSE bug 1232362SUSE bug 1232364SUSE bug 1232366SUSE bug 1232367SUSE bug 1232368SUSE bug 1232369SUSE bug 1232370SUSE bug 1232371SUSE bug 1232374SUSE bug 1232378SUSE bug 1232381SUSE bug 1232383SUSE bug 1232385SUSE bug 1232387SUSE bug 1232392SUSE bug 1232394SUSE bug 1232395SUSE bug 1232413SUSE bug 1232416SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232435SUSE bug 1232436SUSE bug 1232442SUSE bug 1232446SUSE bug 1232483SUSE bug 1232500SUSE bug 1232501SUSE bug 1232503SUSE bug 1232504SUSE bug 1232507SUSE bug 1232519SUSE bug 1232520SUSE bug 1232552SUSE bug 1232630SUSE bug 1232631SUSE bug 1232632SUSE bug 1232757SUSE bug 1232819SUSE bug 1232860SUSE bug 1232870SUSE bug 1232873SUSE bug 1232877SUSE bug 1232878SUSE bug 1232881SUSE bug 1232884SUSE bug 1232885SUSE bug 1232887SUSE bug 1232888SUSE bug 1232890SUSE bug 1232892SUSE bug 1232896SUSE bug 1232897SUSE bug 1232905SUSE bug 1232907SUSE bug 1232919SUSE bug 1232926SUSE bug 1232928SUSE bug 1232935SUSE bug 1233035SUSE bug 1233049SUSE bug 1233051SUSE bug 1233056SUSE bug 1233057SUSE bug 1233061SUSE bug 1233063SUSE bug 1233065SUSE bug 1233067SUSE bug 1233070SUSE bug 1233073SUSE bug 1233074SUSE bug 1233100SUSE bug 1233103SUSE bug 1233104SUSE bug 1233105SUSE bug 1233106SUSE bug 1233107SUSE bug 1233108SUSE bug 1233110SUSE bug 1233111SUSE bug 1233113SUSE bug 1233114SUSE bug 1233117SUSE bug 1233123SUSE bug 1233125SUSE bug 1233129SUSE bug 1233130SUSE bug 1233134SUSE bug 1233135SUSE bug 1233150SUSE bug 1233189SUSE bug 1233191SUSE bug 1233197SUSE bug 1233205SUSE bug 1233206SUSE bug 1233209SUSE bug 1233210SUSE bug 1233211SUSE bug 1233212SUSE bug 1233214SUSE bug 1233216SUSE bug 1233238SUSE bug 1233241SUSE bug 1233253SUSE bug 1233255SUSE bug 1233293SUSE bug 1233350SUSE bug 1233452SUSE bug 1233453SUSE bug 1233454SUSE bug 1233456SUSE bug 1233457SUSE bug 1233458SUSE bug 1233460SUSE bug 1233462SUSE bug 1233463SUSE bug 1233468SUSE bug 1233471SUSE bug 1233476SUSE bug 1233478SUSE bug 1233479SUSE bug 1233481SUSE bug 1233484SUSE bug 1233487SUSE bug 1233490SUSE bug 1233491SUSE bug 1233528SUSE bug 1233548SUSE bug 1233552SUSE bug 1233553SUSE bug 1233554SUSE bug 1233555SUSE bug 1233557SUSE bug 1233560SUSE bug 1233561SUSE bug 1233570SUSE bug 1233577SUSE bug 1233580SUSE bug 1233977SUSE bug 1234012SUSE bug 1234025SUSE bug 1234085SUSE bug 1234093SUSE bug 1234098SUSE bug 1234108CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47594 at SUSECVE-2021-47594 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48674 at SUSECVE-2022-48674 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48957 at SUSECVE-2022-48957 at NVDCVE-2022-48958 at SUSECVE-2022-48958 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48966 at SUSECVE-2022-48966 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48979 at SUSECVE-2022-48979 at NVDCVE-2022-48980 at SUSECVE-2022-48980 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48982 at SUSECVE-2022-48982 at NVDCVE-2022-48983 at SUSECVE-2022-48983 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48989 at SUSECVE-2022-48989 at NVDCVE-2022-48990 at SUSECVE-2022-48990 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49017 at SUSECVE-2022-49017 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49020 at SUSECVE-2022-49020 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52915 at SUSECVE-2023-52915 at NVDCVE-2023-52917 at SUSECVE-2023-52917 at NVDCVE-2023-52918 at SUSECVE-2023-52918 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-52921 at SUSECVE-2023-52921 at NVDCVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-26953 at SUSECVE-2024-26953 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-35888 at SUSECVE-2024-35888 at NVDCVE-2024-35937 at SUSECVE-2024-35937 at NVDCVE-2024-35980 at SUSECVE-2024-35980 at NVDCVE-2024-36244 at SUSECVE-2024-36244 at NVDCVE-2024-36484 at SUSECVE-2024-36484 at NVDCVE-2024-36883 at SUSECVE-2024-36883 at NVDCVE-2024-36886 at SUSECVE-2024-36886 at NVDCVE-2024-36905 at SUSECVE-2024-36905 at NVDCVE-2024-36953 at SUSECVE-2024-36953 at NVDCVE-2024-36954 at SUSECVE-2024-36954 at NVDCVE-2024-36957 at SUSECVE-2024-36957 at NVDCVE-2024-38577 at SUSECVE-2024-38577 at NVDCVE-2024-38589 at SUSECVE-2024-38589 at NVDCVE-2024-38615 at SUSECVE-2024-38615 at NVDCVE-2024-39476 at SUSECVE-2024-39476 at NVDCVE-2024-40965 at SUSECVE-2024-40965 at NVDCVE-2024-40997 at SUSECVE-2024-40997 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41023 at SUSECVE-2024-41023 at NVDCVE-2024-41049 at SUSECVE-2024-41049 at NVDCVE-2024-42131 at SUSECVE-2024-42131 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42226 at SUSECVE-2024-42226 at NVDCVE-2024-42253 at SUSECVE-2024-42253 at NVDCVE-2024-43817 at SUSECVE-2024-43817 at NVDCVE-2024-43897 at SUSECVE-2024-43897 at NVDCVE-2024-44931 at SUSECVE-2024-44931 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-44958 at SUSECVE-2024-44958 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-44995 at SUSECVE-2024-44995 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45025 at SUSECVE-2024-45025 at NVDCVE-2024-46678 at SUSECVE-2024-46678 at NVDCVE-2024-46681 at SUSECVE-2024-46681 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46719 at SUSECVE-2024-46719 at NVDCVE-2024-46754 at SUSECVE-2024-46754 at NVDCVE-2024-46770 at SUSECVE-2024-46770 at NVDCVE-2024-46775 at SUSECVE-2024-46775 at NVDCVE-2024-46777 at SUSECVE-2024-46777 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-46802 at SUSECVE-2024-46802 at NVDCVE-2024-46804 at SUSECVE-2024-46804 at NVDCVE-2024-46805 at SUSECVE-2024-46805 at NVDCVE-2024-46807 at SUSECVE-2024-46807 at NVDCVE-2024-46809 at SUSECVE-2024-46809 at NVDCVE-2024-46810 at SUSECVE-2024-46810 at NVDCVE-2024-46811 at SUSECVE-2024-46811 at NVDCVE-2024-46812 at SUSECVE-2024-46812 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46819 at SUSECVE-2024-46819 at NVDCVE-2024-46821 at SUSECVE-2024-46821 at NVDCVE-2024-46826 at SUSECVE-2024-46826 at NVDCVE-2024-46828 at SUSECVE-2024-46828 at NVDCVE-2024-46834 at SUSECVE-2024-46834 at NVDCVE-2024-46835 at SUSECVE-2024-46835 at NVDCVE-2024-46840 at SUSECVE-2024-46840 at NVDCVE-2024-46841 at SUSECVE-2024-46841 at NVDCVE-2024-46842 at SUSECVE-2024-46842 at NVDCVE-2024-46848 at SUSECVE-2024-46848 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-46853 at SUSECVE-2024-46853 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-46855 at SUSECVE-2024-46855 at NVDCVE-2024-46857 at SUSECVE-2024-46857 at NVDCVE-2024-46859 at SUSECVE-2024-46859 at NVDCVE-2024-46864 at SUSECVE-2024-46864 at NVDCVE-2024-46871 at SUSECVE-2024-46871 at NVDCVE-2024-47660 at SUSECVE-2024-47660 at NVDCVE-2024-47661 at SUSECVE-2024-47661 at NVDCVE-2024-47663 at SUSECVE-2024-47663 at NVDCVE-2024-47664 at SUSECVE-2024-47664 at NVDCVE-2024-47665 at SUSECVE-2024-47665 at NVDCVE-2024-47667 at SUSECVE-2024-47667 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47669 at SUSECVE-2024-47669 at NVDCVE-2024-47670 at SUSECVE-2024-47670 at NVDCVE-2024-47671 at SUSECVE-2024-47671 at NVDCVE-2024-47672 at SUSECVE-2024-47672 at NVDCVE-2024-47673 at SUSECVE-2024-47673 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47679 at SUSECVE-2024-47679 at NVDCVE-2024-47682 at SUSECVE-2024-47682 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47685 at SUSECVE-2024-47685 at NVDCVE-2024-47692 at SUSECVE-2024-47692 at NVDCVE-2024-47693 at SUSECVE-2024-47693 at NVDCVE-2024-47695 at SUSECVE-2024-47695 at NVDCVE-2024-47696 at SUSECVE-2024-47696 at NVDCVE-2024-47697 at SUSECVE-2024-47697 at NVDCVE-2024-47698 at SUSECVE-2024-47698 at NVDCVE-2024-47699 at SUSECVE-2024-47699 at NVDCVE-2024-47701 at SUSECVE-2024-47701 at NVDCVE-2024-47704 at SUSECVE-2024-47704 at NVDCVE-2024-47705 at SUSECVE-2024-47705 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47707 at SUSECVE-2024-47707 at NVDCVE-2024-47709 at SUSECVE-2024-47709 at NVDCVE-2024-47710 at SUSECVE-2024-47710 at NVDCVE-2024-47712 at SUSECVE-2024-47712 at NVDCVE-2024-47713 at SUSECVE-2024-47713 at NVDCVE-2024-47718 at SUSECVE-2024-47718 at NVDCVE-2024-47720 at SUSECVE-2024-47720 at NVDCVE-2024-47723 at SUSECVE-2024-47723 at NVDCVE-2024-47727 at SUSECVE-2024-47727 at NVDCVE-2024-47728 at SUSECVE-2024-47728 at NVDCVE-2024-47730 at SUSECVE-2024-47730 at NVDCVE-2024-47735 at SUSECVE-2024-47735 at NVDCVE-2024-47737 at SUSECVE-2024-47737 at NVDCVE-2024-47738 at SUSECVE-2024-47738 at NVDCVE-2024-47739 at SUSECVE-2024-47739 at NVDCVE-2024-47742 at SUSECVE-2024-47742 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-47749 at SUSECVE-2024-47749 at NVDCVE-2024-47756 at SUSECVE-2024-47756 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49850 at SUSECVE-2024-49850 at NVDCVE-2024-49851 at SUSECVE-2024-49851 at NVDCVE-2024-49852 at SUSECVE-2024-49852 at NVDCVE-2024-49855 at SUSECVE-2024-49855 at NVDCVE-2024-49858 at SUSECVE-2024-49858 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49861 at SUSECVE-2024-49861 at NVDCVE-2024-49863 at SUSECVE-2024-49863 at NVDCVE-2024-49866 at SUSECVE-2024-49866 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49868 at SUSECVE-2024-49868 at NVDCVE-2024-49870 at SUSECVE-2024-49870 at NVDCVE-2024-49871 at SUSECVE-2024-49871 at NVDCVE-2024-49875 at SUSECVE-2024-49875 at NVDCVE-2024-49877 at SUSECVE-2024-49877 at NVDCVE-2024-49879 at SUSECVE-2024-49879 at NVDCVE-2024-49881 at SUSECVE-2024-49881 at NVDCVE-2024-49882 at SUSECVE-2024-49882 at NVDCVE-2024-49883 at SUSECVE-2024-49883 at NVDCVE-2024-49884 at SUSECVE-2024-49884 at NVDCVE-2024-49886 at SUSECVE-2024-49886 at NVDCVE-2024-49890 at SUSECVE-2024-49890 at NVDCVE-2024-49891 at SUSECVE-2024-49891 at NVDCVE-2024-49892 at SUSECVE-2024-49892 at NVDCVE-2024-49894 at SUSECVE-2024-49894 at NVDCVE-2024-49895 at SUSECVE-2024-49895 at NVDCVE-2024-49896 at SUSECVE-2024-49896 at NVDCVE-2024-49897 at SUSECVE-2024-49897 at NVDCVE-2024-49899 at SUSECVE-2024-49899 at NVDCVE-2024-49900 at SUSECVE-2024-49900 at NVDCVE-2024-49901 at SUSECVE-2024-49901 at NVDCVE-2024-49902 at SUSECVE-2024-49902 at NVDCVE-2024-49903 at SUSECVE-2024-49903 at NVDCVE-2024-49905 at SUSECVE-2024-49905 at NVDCVE-2024-49906 at SUSECVE-2024-49906 at NVDCVE-2024-49907 at SUSECVE-2024-49907 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49909 at SUSECVE-2024-49909 at NVDCVE-2024-49911 at SUSECVE-2024-49911 at NVDCVE-2024-49912 at SUSECVE-2024-49912 at NVDCVE-2024-49913 at SUSECVE-2024-49913 at NVDCVE-2024-49914 at SUSECVE-2024-49914 at NVDCVE-2024-49917 at SUSECVE-2024-49917 at NVDCVE-2024-49918 at SUSECVE-2024-49918 at NVDCVE-2024-49919 at SUSECVE-2024-49919 at NVDCVE-2024-49920 at SUSECVE-2024-49920 at NVDCVE-2024-49921 at SUSECVE-2024-49921 at NVDCVE-2024-49922 at SUSECVE-2024-49922 at NVDCVE-2024-49923 at SUSECVE-2024-49923 at NVDCVE-2024-49924 at SUSECVE-2024-49924 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49929 at SUSECVE-2024-49929 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49933 at SUSECVE-2024-49933 at NVDCVE-2024-49934 at SUSECVE-2024-49934 at NVDCVE-2024-49935 at SUSECVE-2024-49935 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49938 at SUSECVE-2024-49938 at NVDCVE-2024-49939 at SUSECVE-2024-49939 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49946 at SUSECVE-2024-49946 at NVDCVE-2024-49947 at SUSECVE-2024-49947 at NVDCVE-2024-49949 at SUSECVE-2024-49949 at NVDCVE-2024-49950 at SUSECVE-2024-49950 at NVDCVE-2024-49954 at SUSECVE-2024-49954 at NVDCVE-2024-49955 at SUSECVE-2024-49955 at NVDCVE-2024-49957 at SUSECVE-2024-49957 at NVDCVE-2024-49958 at SUSECVE-2024-49958 at NVDCVE-2024-49959 at SUSECVE-2024-49959 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49962 at SUSECVE-2024-49962 at NVDCVE-2024-49963 at SUSECVE-2024-49963 at NVDCVE-2024-49965 at SUSECVE-2024-49965 at NVDCVE-2024-49966 at SUSECVE-2024-49966 at NVDCVE-2024-49967 at SUSECVE-2024-49967 at NVDCVE-2024-49968 at SUSECVE-2024-49968 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49973 at SUSECVE-2024-49973 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49975 at SUSECVE-2024-49975 at NVDCVE-2024-49981 at SUSECVE-2024-49981 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49983 at SUSECVE-2024-49983 at NVDCVE-2024-49985 at SUSECVE-2024-49985 at NVDCVE-2024-49989 at SUSECVE-2024-49989 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49993 at SUSECVE-2024-49993 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-49996 at SUSECVE-2024-49996 at NVDCVE-2024-50000 at SUSECVE-2024-50000 at NVDCVE-2024-50001 at SUSECVE-2024-50001 at NVDCVE-2024-50002 at SUSECVE-2024-50002 at NVDCVE-2024-50003 at SUSECVE-2024-50003 at NVDCVE-2024-50006 at SUSECVE-2024-50006 at NVDCVE-2024-50007 at SUSECVE-2024-50007 at NVDCVE-2024-50008 at SUSECVE-2024-50008 at NVDCVE-2024-50009 at SUSECVE-2024-50009 at NVDCVE-2024-50013 at SUSECVE-2024-50013 at NVDCVE-2024-50014 at SUSECVE-2024-50014 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50019 at SUSECVE-2024-50019 at NVDCVE-2024-50024 at SUSECVE-2024-50024 at NVDCVE-2024-50025 at SUSECVE-2024-50025 at NVDCVE-2024-50026 at SUSECVE-2024-50026 at NVDCVE-2024-50028 at SUSECVE-2024-50028 at NVDCVE-2024-50031 at SUSECVE-2024-50031 at NVDCVE-2024-50033 at SUSECVE-2024-50033 at NVDCVE-2024-50035 at SUSECVE-2024-50035 at NVDCVE-2024-50041 at SUSECVE-2024-50041 at NVDCVE-2024-50044 at SUSECVE-2024-50044 at NVDCVE-2024-50045 at SUSECVE-2024-50045 at NVDCVE-2024-50046 at SUSECVE-2024-50046 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50048 at SUSECVE-2024-50048 at NVDCVE-2024-50049 at SUSECVE-2024-50049 at NVDCVE-2024-50055 at SUSECVE-2024-50055 at NVDCVE-2024-50058 at SUSECVE-2024-50058 at NVDCVE-2024-50059 at SUSECVE-2024-50059 at NVDCVE-2024-50061 at SUSECVE-2024-50061 at NVDCVE-2024-50062 at SUSECVE-2024-50062 at NVDCVE-2024-50063 at SUSECVE-2024-50063 at NVDCVE-2024-50067 at SUSECVE-2024-50067 at NVDCVE-2024-50073 at SUSECVE-2024-50073 at NVDCVE-2024-50074 at SUSECVE-2024-50074 at NVDCVE-2024-50077 at SUSECVE-2024-50077 at NVDCVE-2024-50078 at SUSECVE-2024-50078 at NVDCVE-2024-50081 at SUSECVE-2024-50081 at NVDCVE-2024-50082 at SUSECVE-2024-50082 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50093 at SUSECVE-2024-50093 at NVDCVE-2024-50095 at SUSECVE-2024-50095 at NVDCVE-2024-50096 at SUSECVE-2024-50096 at NVDCVE-2024-50098 at SUSECVE-2024-50098 at NVDCVE-2024-50099 at SUSECVE-2024-50099 at NVDCVE-2024-50103 at SUSECVE-2024-50103 at NVDCVE-2024-50108 at SUSECVE-2024-50108 at NVDCVE-2024-50110 at SUSECVE-2024-50110 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50116 at SUSECVE-2024-50116 at NVDCVE-2024-50117 at SUSECVE-2024-50117 at NVDCVE-2024-50124 at SUSECVE-2024-50124 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-50131 at SUSECVE-2024-50131 at NVDCVE-2024-50134 at SUSECVE-2024-50134 at NVDCVE-2024-50135 at SUSECVE-2024-50135 at NVDCVE-2024-50138 at SUSECVE-2024-50138 at NVDCVE-2024-50141 at SUSECVE-2024-50141 at NVDCVE-2024-50146 at SUSECVE-2024-50146 at NVDCVE-2024-50147 at SUSECVE-2024-50147 at NVDCVE-2024-50148 at SUSECVE-2024-50148 at NVDCVE-2024-50150 at SUSECVE-2024-50150 at NVDCVE-2024-50153 at SUSECVE-2024-50153 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50155 at SUSECVE-2024-50155 at NVDCVE-2024-50156 at SUSECVE-2024-50156 at NVDCVE-2024-50160 at SUSECVE-2024-50160 at NVDCVE-2024-50167 at SUSECVE-2024-50167 at NVDCVE-2024-50171 at SUSECVE-2024-50171 at NVDCVE-2024-50179 at SUSECVE-2024-50179 at NVDCVE-2024-50180 at SUSECVE-2024-50180 at NVDCVE-2024-50182 at SUSECVE-2024-50182 at NVDCVE-2024-50183 at SUSECVE-2024-50183 at NVDCVE-2024-50184 at SUSECVE-2024-50184 at NVDCVE-2024-50186 at SUSECVE-2024-50186 at NVDCVE-2024-50187 at SUSECVE-2024-50187 at NVDCVE-2024-50188 at SUSECVE-2024-50188 at NVDCVE-2024-50189 at SUSECVE-2024-50189 at NVDCVE-2024-50192 at SUSECVE-2024-50192 at NVDCVE-2024-50194 at SUSECVE-2024-50194 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50196 at SUSECVE-2024-50196 at NVDCVE-2024-50198 at SUSECVE-2024-50198 at NVDCVE-2024-50201 at SUSECVE-2024-50201 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50209 at SUSECVE-2024-50209 at NVDCVE-2024-50215 at SUSECVE-2024-50215 at NVDCVE-2024-50218 at SUSECVE-2024-50218 at NVDCVE-2024-50229 at SUSECVE-2024-50229 at NVDCVE-2024-50230 at SUSECVE-2024-50230 at NVDCVE-2024-50232 at SUSECVE-2024-50232 at NVDCVE-2024-50233 at SUSECVE-2024-50233 at NVDCVE-2024-50234 at SUSECVE-2024-50234 at NVDCVE-2024-50236 at SUSECVE-2024-50236 at NVDCVE-2024-50237 at SUSECVE-2024-50237 at NVDCVE-2024-50249 at SUSECVE-2024-50249 at NVDCVE-2024-50255 at SUSECVE-2024-50255 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50261 at SUSECVE-2024-50261 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50265 at SUSECVE-2024-50265 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50268 at SUSECVE-2024-50268 at NVDCVE-2024-50269 at SUSECVE-2024-50269 at NVDCVE-2024-50271 at SUSECVE-2024-50271 at NVDCVE-2024-50273 at SUSECVE-2024-50273 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50282 at SUSECVE-2024-50282 at NVDCVE-2024-50287 at SUSECVE-2024-50287 at NVDCVE-2024-50289 at SUSECVE-2024-50289 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50292 at SUSECVE-2024-50292 at NVDCVE-2024-50295 at SUSECVE-2024-50295 at NVDCVE-2024-50298 at SUSECVE-2024-50298 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53052 at SUSECVE-2024-53052 at NVDCVE-2024-53058 at SUSECVE-2024-53058 at NVDCVE-2024-53059 at SUSECVE-2024-53059 at NVDCVE-2024-53060 at SUSECVE-2024-53060 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53066 at SUSECVE-2024-53066 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDCVE-2024-53079 at SUSECVE-2024-53079 at NVDCVE-2024-53085 at SUSECVE-2024-53085 at NVDCVE-2024-53088 at SUSECVE-2024-53088 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53110 at SUSECVE-2024-53110 at NVDcpe:/o:suse:sle-micro:5.5Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.5
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
ModerateSUSE bug 1226586SUSE bug 1233420CVE-2024-52616 at SUSECVE-2024-52616 at NVDcpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
Update to version 1.1.1:
Release notes are on https://github.com/kubevirt/kubevirt/releases/tag/v1.1.1
- Fix seccomp profile for post-copy migration
- Fix firmware path for aarch64 (/usr/share/AAVMF)
- Fix test with initially invalid DataVolume (bsc#1218174)
The containers were also rebuilt against updated go version.
ModerateSUSE bug 1218174cpe:/o:suse:sle-micro:5.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)SUSE Linux Enterprise Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- Set ExclusiveArch conditionally depending on the distro
- rebuild with current go release.
Importantcpe:/o:suse:sle-micro:5.5Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.5
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:suse:sle-micro:5.5Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.5
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Important)SUSE Linux Enterprise Micro 5.5
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- Update patch reference for ax88179 fix (bsc#1218948)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441.
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an internal function that shouldn't have been exported
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernel-source: Fix description typo
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases.
- mkspec: Use variant in constraints template Constraints are not applied consistently with kernel package variants. Add variant to the constraints template as appropriate, and expand it in mkspec.
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- s390: vfio-ap: tighten the NIB validity check (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the 'max_mapping_size' method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of 'its' (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1108281SUSE bug 1141539SUSE bug 1174649SUSE bug 1181674SUSE bug 1193285SUSE bug 1194869SUSE bug 1209834SUSE bug 1210443SUSE bug 1211515SUSE bug 1212091SUSE bug 1214377SUSE bug 1215275SUSE bug 1215885SUSE bug 1216441SUSE bug 1216559SUSE bug 1216702SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218005SUSE bug 1218447SUSE bug 1218527SUSE bug 1218659SUSE bug 1218713SUSE bug 1218723SUSE bug 1218730SUSE bug 1218738SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218778SUSE bug 1218779SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218948SUSE bug 1218958SUSE bug 1218968SUSE bug 1218997SUSE bug 1219006SUSE bug 1219012SUSE bug 1219013SUSE bug 1219014SUSE bug 1219053SUSE bug 1219067SUSE bug 1219120SUSE bug 1219128SUSE bug 1219136SUSE bug 1219285SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219512SUSE bug 1219568SUSE bug 1219582CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDcpe:/o:suse:sle-micro:5.5Security update for salt (Important)SUSE Linux Enterprise Micro 5.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- Update patch reference for ax88179 fix (bsc#1218948)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441.
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- pci: Drop PCI vmd patches that caused a regression (bsc#1218005)
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scripts/kernel-doc: restore warning for Excess struct/union (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- series.conf: the patch is not in git and breaks series_insert.py
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the 'max_mapping_size' method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (bsc#1219490).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of 'its' (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1108281SUSE bug 1141539SUSE bug 1174649SUSE bug 1181674SUSE bug 1193285SUSE bug 1194869SUSE bug 1209834SUSE bug 1210443SUSE bug 1211515SUSE bug 1212091SUSE bug 1214377SUSE bug 1215275SUSE bug 1215885SUSE bug 1216441SUSE bug 1216559SUSE bug 1216702SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218005SUSE bug 1218447SUSE bug 1218527SUSE bug 1218659SUSE bug 1218689SUSE bug 1218713SUSE bug 1218723SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218778SUSE bug 1218779SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218948SUSE bug 1218958SUSE bug 1218968SUSE bug 1218997SUSE bug 1219006SUSE bug 1219012SUSE bug 1219013SUSE bug 1219014SUSE bug 1219053SUSE bug 1219067SUSE bug 1219120SUSE bug 1219128SUSE bug 1219136SUSE bug 1219285SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219512SUSE bug 1219568SUSE bug 1219582SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ModerateSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:suse:sle-micro:5.5Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.5
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.5Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:
* Add StdcppWaiter to the end of the list of waiter implementations
Update to 20230802.0
What's New:
* Added the nullability library for designating the expected
nullability of pointers. Currently these serve as annotations
only, but it is expected that compilers will one day be able
to use these annotations for diagnostic purposes.
* Added the prefetch library as a portable layer for moving data
into caches before it is read.
* Abseil's hash tables now detect many more programming errors
in debug and sanitizer builds.
* Abseil's synchronization objects now differentiate absolute
waits (when passed an absl::Time) from relative waits (when
passed an absl::Duration) when the underlying platform supports
differentiating these cases. This only makes a difference when
system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that
make it easier to use when another library also expects to be
able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may
use this library without depending on the much larger
@com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional<T>.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository.
See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
Update to release 1.59.2
* Fixes for CVE-2023-44487
Update to version 1.59.1:
* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).
Update to version 1.59.0:
* xds ssa: Remove environment variable protection for stateful
affinity (gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket
that still has data left in its read buffer
(gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion
timeline (gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to
fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
- replace strdup with gpr_strdup (gh#grpc/grpc#34177).
- drop ruby 2.6 support (gh#grpc/grpc#34198).
Update to release 1.58.1
* Reintroduced c-ares 1.14 or later support
Update to release 1.58
* ruby extension: remove unnecessary background thread startup
wait logic that interferes with forking
Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.
Update to release 1.56.2
* Improve server handling of file descriptor exhaustion
Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
* C++/Authz: support customizable audit functionality for
authorization policy.
Update to release 1.54.1
* Bring declarations and definitions to be in sync
Update to release 1.54 (CVE-2023-32732, bsc#1212182)
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
Update to release 1.51.1
* Only a macOS/aarch64-related change
Update to release 1.51
* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS
Update to release 1.50.0
* Core
- Derive EventEngine from std::enable_shared_from_this. (#31060)
- Revert 'Revert '[chttp2] fix stream leak with queued flow control
update and absence of writes (#30907)' (#30991)'. (#30992)
- [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907)
- Remove gpr_codegen. (#30899)
- client_channel: allow LB policy to communicate update errors to resolver. (#30809)
- FaultInjection: Fix random number generation. (#30623)
* C++
- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)
* C#
- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)
- Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411)
- Grpc.Tools document AdditionalImportDirs. (#30405)
- Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1
* All
- Update protobuf to v21.6 on 1.49.x. (#31028)
* Ruby
- Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053)
Update to release 1.49.0
* Core
- Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654)
- Bump core version. (#30588)
- Update OpenCensus to HEAD. (#30567)
- Update protobuf submodule to 3.21.5. (#30548)
- Update third_party/protobuf to 3.21.4. (#30377)
- [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
- HTTP2: Fix keepalive time throttling. (#30164)
- Use AnyInvocable in EventEngine APIs. (#30220)
* Python
- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1
* Backport EventEngine Forkables
Update to release 1.48.0
* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio
Update to release 1.46.3
* backport: xds: use federation env var to guard new-style
resource name parsing (#29725) #29727
Update to release 1.46
* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway
Update to release 1.45.2
* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when
receiving GOAWAY
Update to release 1.45.1
* Switched to epoll1 as a default polling engine for Linux
Update to version 1.45.0:
* Core:
- Backport 'Include ADS stream error in XDS error updates
(#29014)' to 1.45.x [gh#grpc/grpc#29121].
- Bump core version to 23.0.0 for upcoming release
[gh#grpc/grpc#29026].
- Fix memory leak in HTTP request security handshake
cancellation [gh#grpc/grpc#28971].
- CompositeChannelCredentials: Comparator implementation
[gh#grpc/grpc#28902].
- Delete custom iomgr [gh#grpc/grpc#28816].
- Implement transparent retries [gh#grpc/grpc#28548].
- Uniquify channel args keys [gh#grpc/grpc#28799].
- Set trailing_metadata_available for recv_initial_metadata
ops when generating a fake status [gh#grpc/grpc#28827].
- Eliminate gRPC insecure build [gh#grpc/grpc#25586].
- Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
- InsecureCredentials: singleton object [gh#grpc/grpc#28777].
- Add http cancel api [gh#grpc/grpc#28354].
- Memory leak fix on windows in grpc_tcp_create()
[gh#grpc/grpc#27457].
- xDS: Rbac filter updates [gh#grpc/grpc#28568].
* C++
- Bump the minimum gcc to 5 [gh#grpc/grpc#28786].
- Add experimental API for CRL checking support to gRPC C++
TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0
* Add a trace to list which filters are contained in a
channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.
Update to version 1.43.2:
* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).
Changes from version 1.43.0:
* Core:
- Remove redundant work serializer usage in c-ares windows
code (gh#grpc/grpc#28016).
- Support RDS updates on the server (gh#grpc/grpc#27851).
- Use WorkSerializer in XdsClient to propagate updates in a
synchronized manner (gh#grpc/grpc#27975).
- Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
- Reintroduce the EventEngine default factory
(gh#grpc/grpc#27920).
- Assert Android API >= v21 (gh#grpc/grpc#27943).
- Add support for abstract unix domain sockets
(gh#grpc/grpc#27906).
* C++:
- OpenCensus: Move metadata storage to arena
(gh#grpc/grpc#27948).
* [C#] Add nullable type attributes to Grpc.Core.Api
(gh#grpc/grpc#27887).
- Update package name libgrpc++1 to libgrpc++1_43 in keeping with
updated so number.
Update to release 1.41.0
* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider
plugin instance config.
* xDS server serving status: Use a struct to allow more fields
to be added in the future.
Update to release 1.39.1
* Fix C# protoc plugin argument parsing on 1.39.x
Update to version 1.39.0:
* Core
- Initialize tcp_posix for CFStream when needed
(gh#grpc/grpc#26530).
- Update boringssl submodule (gh#grpc/grpc#26520).
- Fix backup poller races (gh#grpc/grpc#26446).
- Use default port 443 in HTTP CONNECT request
(gh#grpc/grpc#26331).
* C++
- New iomgr implementation backed by the EventEngine API
(gh#grpc/grpc#26026).
- async_unary_call: add a Destroy method, called by
std::default_delete (gh#grpc/grpc#26389).
- De-experimentalize C++ callback API (gh#grpc/grpc#25728).
* PHP: stop reading composer.json file just to read the version
string (gh#grpc/grpc#26156).
* Ruby: Set XDS user agent in ruby via macros
(gh#grpc/grpc#26268).
Update to release 1.38.0
* Invalidate ExecCtx now before computing timeouts in all
repeating timer events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/
Update to release 1.37.1
* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify
subchannel refcounting
Update to release 1.36.4
* A fix for DNS SRV lookups on Windows
Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds
Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
* Backport 'do not use <PublicSign>true</PublicSign> on
non-windows' to 1.34.x (gh#grpc/grpc#24995).
Update to version 1.34.0:
* Core:
- Protect xds security code with the environment variable
'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT'
(gh#grpc/grpc#24782).
- Add support for 'unix-abstract:' URIs to support abstract
unix domain sockets (gh#grpc/grpc#24500).
- Increment Index when parsing not plumbed SAN fields
(gh#grpc/grpc#24601).
- Revert 'Revert 'Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS''
(gh#grpc/grpc#24518).
- xds: Set status code to INVALID_ARGUMENT when NACKing
(gh#grpc/grpc#24516).
- Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
- xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
- Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
- Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd
(gh#grpc/grpc#24362).
Update to release 1.33.2
* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.
Update to version 1.33.1
* Core
- Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).
- Expose Cronet error message to the application layer
(gh#grpc/grpc#24083).
- Remove grpc_channel_ping from surface API
(gh#grpc/grpc#23894).
- Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).
* C++
- Makefile: only support building deps from submodule
(gh#grpc/grpc#23957).
- Add new subpackages - libupb and upb-devel. Currently, grpc
sources include also upb sources. Before this change, libupb and
upb-devel used to be included in a separate package - upb.
Update to version 1.32.0:
* Core
- Remove stream from stalled lists on remove_stream
(gh#grpc/grpc#23984).
- Do not cancel RPC if send metadata size if larger than
peer's limit (gh#grpc/grpc#23806).
- Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
- Keepalive throttling (gh#grpc/grpc#23313).
- Include the target_uri in 'target uri is not valid' error
messages (gh#grpc/grpc#23782).
- Fix 'cannot send compressed message large than 1024B' in
cronet_transport (gh#grpc/grpc#23219).
- Receive SETTINGS frame on clients before declaring
subchannel READY (gh#grpc/grpc#23636).
- Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
- Experimental xDS v3 support (gh#grpc/grpc#23281).
* C++
- Upgrade bazel used for all tests to 2.2.0
(gh#grpc/grpc#23902).
- Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
- Fix repeated builds broken by re2's cmake
(gh#grpc/grpc#23587).
- Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:
- Update to version 0.3.0+git.20200721:
* Bump version to 0.3.0
* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)
- Update to version 0.2.1+git.20190826:
* Remove grpc_java dependency and java_proto rules. (#214)
* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)
- Update to version 0.2.1:
* Add grpc-gateway for metrics service. (#205)
* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert 'Start 0.3.0 development cycle (#167)' (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality. (#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should. (#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven. (#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)
- Initial version 20180523
protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
C++:
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split('/')
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
UPB (Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C:
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler:
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java:
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp:
* [C#] Replace regex that validates descriptor names
update to 22.5:
C++:
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++:
* Fix libprotoc: export useful symbols from .so
Python:
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other:
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension):
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
update to 22.2:
Java:
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip 'src' from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:
* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
update to 21.11:
* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
update to 21.10::
* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
update to 21.9:
* Ruby:
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other:
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++:
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java:
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private 'parsing
constructor' to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP:
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++:
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:
- C++:
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java:
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python:
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP:
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby:
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other:
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Update to 3.20.1:
- PHP:
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby:
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other:
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby:
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java:
- Revert 'Standardize on Array copyOf' (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin:
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python:
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
--pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add 'ensure_ascii' parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler:
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas:
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++:
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP:
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#:
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C:
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)
Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++:
* Remove the ::pb namespace (alias) (#8423)
Ruby:
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby:
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP:
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++:
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python:
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP:
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby:
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java:
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#:
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
Update to v3.14.0
Protocol Compiler:
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++:
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python:
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP:
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
Update to version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler:
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C:
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++:
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby:
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java:
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka 'cpp api v2') that
replaces the old ('cpp api v1') one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
- Release notes for 0.15.0
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
- Release notes for 0.14.1
* Top-level LICENSE file is now exported in bazel.
- Release notes for 0.14.0
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert 'Fix prefork handler register's default behavior'
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package 'xds_protos'
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
ModerateSUSE bug 1133277SUSE bug 1182659SUSE bug 1203378SUSE bug 1208794SUSE bug 1212180SUSE bug 1212182SUSE bug 1214148SUSE bug 1215334CVE-2023-32731 at SUSECVE-2023-32731 at NVDCVE-2023-32732 at SUSECVE-2023-32732 at NVDCVE-2023-33953 at SUSECVE-2023-33953 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-4785 at SUSECVE-2023-4785 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker (Important)SUSE Linux Enterprise Micro 5.5
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
ModerateSUSE bug 1219213CVE-2023-52356 at SUSECVE-2023-52356 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssh (Important)SUSE Linux Enterprise Micro 5.5
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:suse:sle-micro:5.5Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.5
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:sle-micro:5.5Security update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).
ModerateSUSE bug 1218862SUSE bug 1218865CVE-2024-0553 at SUSECVE-2024-0553 at NVDCVE-2024-0567 at SUSECVE-2024-0567 at NVDcpe:/o:suse:sle-micro:5.5Security update for tar (Low)SUSE Linux Enterprise Micro 5.5
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:suse:sle-micro:5.5Security update for openvswitch3 (Important)SUSE Linux Enterprise Micro 5.5
This update for openvswitch3 fixes the following issues:
- CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc#1219465).
ImportantSUSE bug 1219465CVE-2023-3966 at SUSECVE-2023-3966 at NVDcpe:/o:suse:sle-micro:5.5Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.5
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:suse:sle-micro:5.5Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14:
* Added vGPU Host and vGPU Guest support. For vGPU Host, please
refer to the README.vgpu packaged in the vGPU Host Package for
more details.
Security issues fixed:
* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
- create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks
also during modprobing the nvidia module; this changes the issue
of not having access to /dev/nvidia${devid}, when gfxcard has
been replaced by a different gfx card after installing the driver
- provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
This makes it easy to replace the package from nVidia's
CUDA repository with this presigned package
ImportantSUSE bug 1220552CVE-2022-42265 at SUSECVE-2022-42265 at NVDCVE-2024-0074 at SUSECVE-2024-0074 at NVDCVE-2024-0075 at SUSECVE-2024-0075 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed memory access through PCI device with phantom functions (XSA-449) (bsc#1218851).
- CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080).
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1027519SUSE bug 1218851SUSE bug 1219080SUSE bug 1219885CVE-2023-46839 at SUSECVE-2023-46839 at NVDCVE-2023-46840 at SUSECVE-2023-46840 at NVDCVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
- acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
- acpi: extlog: fix null pointer dereference check (git-fixes).
- acpi: resource: add asus model s5402za to quirks (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
- acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
- acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
- acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
- add reference to recently released cve
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: hide silly-rename files from userspace (git-fixes).
- afs: increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
- alsa: firewire-lib: fix to check cycle continuity (git-fixes).
- alsa: hda/conexant: add quirk for sws js201d (git-fixes).
- alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
- alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
- alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
- alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
- alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
- alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
- alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
- alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
- alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
- alsa: usb-audio: check presence of valid altsetting control (git-fixes).
- alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
- alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
- alsa: usb-audio: sort quirk table entries (git-fixes).
- arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
- arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
- arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
- arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
- arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for vmap stack (git-fixes)
- arm64: rename arm64_workaround_2966298 (bsc#1219443)
- arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
- asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
- asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
- asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
- asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
- bluetooth: enforce validation on max value of connection interval (git-fixes).
- bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
- bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
- bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
- bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
- bluetooth: l2cap: fix possible multiple reject send (git-fixes).
- bluetooth: qca: fix wrong event type for patch config command (git-fixes).
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- bpf: minor logging improvement (bsc#1220257).
- bus: moxtet: add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
- crypto: api - disallow identical driver names (git-fixes).
- crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
- dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent dma masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
- driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
- drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
- drm/prime: support page array >= 4gb (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
- drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
- drop bcm5974 input patch causing a regression (bsc#1220030)
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- efi: do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: error out if pixclock equals zero (git-fixes).
- fbdev: sis: error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with config_ipv6 disabled (git-fixes).
- fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
- gpio: 74x164: enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
- gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
- hid: apple: add support for the 2021 magic keyboard (git-fixes).
- hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
- hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
- i2c: i801: fix block process call transactions (git-fixes).
- i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
- ib/hfi1: fix a memleak in init_credit_return (git-fixes)
- ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: fix a compilation problem (git-fixes).
- iio: adc: ad7091r: set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
- input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
- input: xpad - add lenovo legion go controllers (git-fixes).
- irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
- jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
- jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
- kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
- kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
- leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
- lib/stackdepot: add refcount for records (jsc-ped#7423).
- lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
- lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
- libsubcmd: fix memory leak in uniq() (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
- media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: display all stacks and their count (jsc-ped#7423).
- mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
- mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
- mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
- mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
- mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
- mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
- mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- ntfs: check overflow when iterating attr_records (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix i/o connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- pci/aer: decode requester id when no error info found (git-fixes).
- pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
- pci: add pci_header_type_mfd definition (bsc#1220021).
- pci: fix 64gt/s effective data rate calculation (git-fixes).
- pci: only override amd usb controller if required (git-fixes).
- pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
- platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
- pm: core: remove unnecessary (void *) conversions (git-fixes).
- pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- pnp: acpi: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
- powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
- powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
- powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: do not include lppaca.h in paca.h (bsc#1194869).
- pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
- ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
- ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- ras: introduce a fru memory poison manager (jsc#ped-7618).
- rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
- rdma/bnxt_re: return error for srq resize (git-fixes)
- rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- rdma/core: get ib width and speed from netdev (bsc#1219934).
- rdma/irdma: add ae for too many rnrs (git-fixes)
- rdma/irdma: fix kasan issue with tasklet (git-fixes)
- rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
- rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
- rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
- rdma/srpt: fix function pointer cast warnings (git-fixes)
- rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
- refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277)
- regulator: core: only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
- revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes).
- revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes).
- revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes).
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
- scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
- scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
- scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
- scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
- scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
- scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
- scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
- scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141).
- serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
- spi: ppc4xx: drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
- topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618).
- topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
- tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
- ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
- usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
- usb: cdns: readd old api (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
- usb: dwc3: gadget: do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
- usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix null pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
- usb: serial: option: add fibocom fm101-gl variant (git-fixes).
- usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
- watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
- wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
- wifi: iwlwifi: fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh id change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
- x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: add verw just before userspace transition (git-fixes).
- x86/mm: fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1206453SUSE bug 1209412SUSE bug 1213456SUSE bug 1216776SUSE bug 1217927SUSE bug 1218195SUSE bug 1218216SUSE bug 1218450SUSE bug 1218527SUSE bug 1218663SUSE bug 1218915SUSE bug 1219126SUSE bug 1219127SUSE bug 1219141SUSE bug 1219146SUSE bug 1219295SUSE bug 1219443SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219839SUSE bug 1219840SUSE bug 1219934SUSE bug 1220003SUSE bug 1220009SUSE bug 1220021SUSE bug 1220030SUSE bug 1220106SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220267SUSE bug 1220277SUSE bug 1220317SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220348SUSE bug 1220350SUSE bug 1220364SUSE bug 1220392SUSE bug 1220393SUSE bug 1220398SUSE bug 1220409SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220649SUSE bug 1220796SUSE bug 1220825CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-25744 at SUSECVE-2024-25744 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:suse:sle-micro:5.5Security update for sudo (Important)SUSE Linux Enterprise Micro 5.5
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
ImportantSUSE bug 1221134SUSE bug 1221151CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
ImportantSUSE bug 1214691SUSE bug 1219666CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
- acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
- acpi: extlog: fix null pointer dereference check (git-fixes).
- acpi: resource: add asus model s5402za to quirks (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
- acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
- acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
- acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
- add reference to recently released cve
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: hide silly-rename files from userspace (git-fixes).
- afs: increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
- alsa: firewire-lib: fix to check cycle continuity (git-fixes).
- alsa: hda/conexant: add quirk for sws js201d (git-fixes).
- alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
- alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
- alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
- alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
- alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
- alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
- alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
- alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
- alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
- alsa: usb-audio: check presence of valid altsetting control (git-fixes).
- alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
- alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
- alsa: usb-audio: sort quirk table entries (git-fixes).
- arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
- arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
- arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
- arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
- arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for vmap stack (git-fixes)
- arm64: rename arm64_workaround_2966298 (bsc#1219443)
- arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
- asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
- asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
- asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
- asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
- bluetooth: enforce validation on max value of connection interval (git-fixes).
- bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
- bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
- bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
- bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
- bluetooth: l2cap: fix possible multiple reject send (git-fixes).
- bluetooth: qca: fix wrong event type for patch config command (git-fixes).
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- bpf: minor logging improvement (bsc#1220257).
- bus: moxtet: add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
- crypto: api - disallow identical driver names (git-fixes).
- crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
- dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent dma masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
- driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
- drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
- drm/prime: support page array >= 4gb (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
- drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
- drop bcm5974 input patch causing a regression (bsc#1220030)
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- efi: do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: error out if pixclock equals zero (git-fixes).
- fbdev: sis: error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with config_ipv6 disabled (git-fixes).
- fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
- gpio: 74x164: enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
- gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
- hid: apple: add support for the 2021 magic keyboard (git-fixes).
- hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
- hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
- i2c: i801: fix block process call transactions (git-fixes).
- i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
- ib/hfi1: fix a memleak in init_credit_return (git-fixes)
- ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: fix a compilation problem (git-fixes).
- iio: adc: ad7091r: set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
- input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
- input: xpad - add lenovo legion go controllers (git-fixes).
- irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
- jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
- jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
- kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
- kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
- leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
- lib/stackdepot: add refcount for records (jsc-ped#7423).
- lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
- lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
- libsubcmd: fix memory leak in uniq() (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
- media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: display all stacks and their count (jsc-ped#7423).
- mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
- mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
- mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
- mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
- mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
- mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
- mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- ntfs: check overflow when iterating attr_records (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix i/o connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- pci/aer: decode requester id when no error info found (git-fixes).
- pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
- pci: add pci_header_type_mfd definition (bsc#1220021).
- pci: fix 64gt/s effective data rate calculation (git-fixes).
- pci: only override amd usb controller if required (git-fixes).
- pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
- platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
- pm: core: remove unnecessary (void *) conversions (git-fixes).
- pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- pnp: acpi: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
- powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
- powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
- powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: do not include lppaca.h in paca.h (bsc#1194869).
- pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
- ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
- ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- ras: introduce a fru memory poison manager (jsc#ped-7618).
- rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
- rdma/bnxt_re: return error for srq resize (git-fixes)
- rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- rdma/core: get ib width and speed from netdev (bsc#1219934).
- rdma/irdma: add ae for too many rnrs (git-fixes)
- rdma/irdma: fix kasan issue with tasklet (git-fixes)
- rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
- rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
- rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
- rdma/srpt: fix function pointer cast warnings (git-fixes)
- rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
- refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#1216776, bsc#1220277)
- regulator: core: only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
- revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes).
- revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes).
- revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes).
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
- scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
- scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
- scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
- scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
- scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
- scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
- scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
- scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141).
- serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
- spi: ppc4xx: drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
- topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618).
- topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
- tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
- ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
- usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
- usb: cdns: readd old api (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
- usb: dwc3: gadget: do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
- usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix null pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
- usb: serial: option: add fibocom fm101-gl variant (git-fixes).
- usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
- watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
- wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
- wifi: iwlwifi: fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh id change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
- x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: add verw just before userspace transition (git-fixes).
- x86/mm: fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1206453SUSE bug 1209412SUSE bug 1213456SUSE bug 1216776SUSE bug 1217927SUSE bug 1218195SUSE bug 1218216SUSE bug 1218450SUSE bug 1218527SUSE bug 1218663SUSE bug 1218915SUSE bug 1219126SUSE bug 1219127SUSE bug 1219141SUSE bug 1219146SUSE bug 1219295SUSE bug 1219443SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219839SUSE bug 1219840SUSE bug 1219934SUSE bug 1220003SUSE bug 1220009SUSE bug 1220021SUSE bug 1220030SUSE bug 1220106SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220267SUSE bug 1220277SUSE bug 1220317SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220348SUSE bug 1220350SUSE bug 1220364SUSE bug 1220392SUSE bug 1220393SUSE bug 1220398SUSE bug 1220409SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220649SUSE bug 1220796SUSE bug 1220825CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-25744 at SUSECVE-2024-25744 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
ModerateSUSE bug 1213590SUSE bug 1214686SUSE bug 1214687SUSE bug 1221187CVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-40745 at SUSECVE-2023-40745 at NVDCVE-2023-41175 at SUSECVE-2023-41175 at NVDcpe:/o:suse:sle-micro:5.5Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.5
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).
ImportantSUSE bug 1220770SUSE bug 1220771SUSE bug 1220772CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDCVE-2024-26462 at SUSECVE-2024-26462 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
ModerateSUSE bug 1238879CVE-2025-27516 at SUSECVE-2025-27516 at NVDcpe:/o:suse:sle-micro:5.5Security update for google-guest-agent (Important)SUSE Linux Enterprise Micro 5.5
This update for google-guest-agent fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197)
ImportantSUSE bug 1239197CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sle-micro:5.5Security update for google-osconfig-agent (Important)SUSE Linux Enterprise Micro 5.5
This update for google-osconfig-agent fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Fixed unexpected memory consumption during token parsing (bsc#1239197)
ImportantSUSE bug 1239197CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Moderate)SUSE Linux Enterprise Micro 5.5
This update for helm fixes the following issues:
- CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238688).
Other fixes:
- Updated to version 3.17.2
- Updated to 0.37.0 for x/net
ModerateSUSE bug 1238688CVE-2025-22870 at SUSECVE-2025-22870 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
ImportantSUSE bug 1239330CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.5Security update for skopeo (Moderate)SUSE Linux Enterprise Micro 5.5
This update for skopeo fixes the following issues:
- CVE-2025-22870: Fixed proxy bypass using IPv6 zone IDs (bsc#1238685).
ModerateSUSE bug 1238685CVE-2025-22870 at SUSECVE-2025-22870 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Low)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
LowSUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker, docker-stable (Important)SUSE Linux Enterprise Micro 5.5
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
ImportantSUSE bug 1237367SUSE bug 1239185SUSE bug 1239322CVE-2024-23650 at SUSECVE-2024-23650 at NVDCVE-2024-29018 at SUSECVE-2024-29018 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDcpe:/o:suse:sle-micro:5.5Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.5
This update for apparmor fixes the following issues:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
ModerateSUSE bug 1234452cpe:/o:suse:sle-micro:5.5Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.5
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
ImportantSUSE bug 1238591SUSE bug 1239625SUSE bug 1239637CVE-2023-40403 at SUSECVE-2023-40403 at NVDCVE-2024-55549 at SUSECVE-2024-55549 at NVDCVE-2025-24855 at SUSECVE-2025-24855 at NVDcpe:/o:suse:sle-micro:5.5Security update for google-guest-agent (Important)SUSE Linux Enterprise Micro 5.5
This update for google-guest-agent fixes the following issues:
- CVE-2024-45337: golang.org/x/crypto/ssh: Fixed misuse of ServerConfig.PublicKeyCallback leading to authorization bypass (bsc#1234563).
Other fixes:
- Updated to version 20250327.01 (bsc#1239763, bsc#1239866)
* Remove error messages from gce_workload_cert_refresh and
metadata script runner (#527)
- from version 20250327.00
* Update guest-logging-go dependency (#526)
* Add 'created-by' metadata, and pass it as option to logging library (#508)
* Revert 'oslogin: Correctly handle newlines at the end of
modified files (#520)' (#523)
* Re-enable disabled services if the core plugin was enabled (#522)
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert 'Revert bundling new binaries in the package (#509)' (#511)
- from version 20250326.00
* Re-enable disabled services if the core plugin was enabled (#521)
- from version 20250324.00
* Enable guest services on package upgrade (#519)
* oslogin: Correctly handle newlines at the end of modified files (#520)
* Fix core plugin path (#518)
* Fix package build issues (#517)
* Fix dependencies ran go mod tidy -v (#515)
* Fix debian build path (#514)
* Bundle compat metadata script runner binary in package (#513)
* Bump golang.org/x/net from 0.27.0 to 0.36.0 (#512)
* Update startup/shutdown services to launch compat manager (#503)
* Bundle new gce metadata script runner binary in agent package (#502)
* Revert 'Revert bundling new binaries in the package (#509)' (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250317.00
* Revert 'Revert bundling new binaries in the package (#509)' (#511)
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250312.00
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Update crypto library to fix CVE-2024-45337 (#499)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250305.00
* Revert bundling new binaries in the package (#509)
* Fix typo in windows build script (#501)
* Include core plugin binary for all packages (#500)
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250304.01
* Fix typo in windows build script (#501)
- from version 20250214.01
* Include core plugin binary for all packages (#500)
- from version 20250214.00
* Update crypto library to fix CVE-2024-45337 (#499)
- from version 20250212.00
* Start packaging compat manager (#498)
* Start bundling ggactl_plugin_cleanup binary in all agent packages (#492)
- from version 20250211.00
* scripts: introduce a wrapper to locally build deb package (#490)
* Introduce compat-manager systemd unit (#497)
- from version 20250207.00
* vlan: toggle vlan configuration in debian packaging (#495)
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
* Include interfaces in lists even if it has an invalid MAC. (#489)
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- from version 20250204.02
* force concourse to move version forward.
- from version 20250204.01
* vlan: toggle vlan configuration in debian packaging (#495)
- from version 20250204.00
* vlan: move config out of unstable section (#494)
* Add clarification to comments regarding invalid NICs and the
`invalid` tag. (#493)
- from version 20250203.01
* Include interfaces in lists even if it has an invalid MAC. (#489)
- from version 20250203.00
* Fix windows package build failures (#491)
* vlan: don't index based on the vlan ID (#486)
* Revert PR #482 (#488)
* Remove Amy and Zach from OWNERS (#487)
* Skip interfaces in interfaceNames() instead of erroring if there is an (#482)
* Fix Debian packaging if guest agent manager is not checked out (#485)
- from version 20250122.00
* networkd(vlan): remove the interface in addition to config (#468)
* Implement support for vlan dynamic removal, update dhclient to
remove only if configured (#465)
* Update logging library (#479)
* Remove Pat from owners file. (#478)
ImportantSUSE bug 1234563SUSE bug 1239763SUSE bug 1239866CVE-2024-45337 at SUSECVE-2024-45337 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- Revert 'gfs2: Fix inode height consistency check (git-fixes).
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- cifs: Add a laundromat thread for cached directories (git-fixes).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Support holes in device list reply msg (bsc#1240133).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes).
- smb3: do not start laundromat thread when dir leases disabled (git-fixes).
- smb3: retrying on failed server close (git-fixes).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes).
- smb: client: do not start laundromat thread on nohandlecache (git-fixes).
- smb: client: make laundromat a delayed worker (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197227SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1205205SUSE bug 1205701SUSE bug 1206048SUSE bug 1206049SUSE bug 1206451SUSE bug 1207034SUSE bug 1207186SUSE bug 1207361SUSE bug 1207593SUSE bug 1207640SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1209980SUSE bug 1210050SUSE bug 1210647SUSE bug 1211263SUSE bug 1213167SUSE bug 1218450SUSE bug 1221651SUSE bug 1225428SUSE bug 1225742SUSE bug 1229312SUSE bug 1231375SUSE bug 1231432SUSE bug 1231854SUSE bug 1232299SUSE bug 1232743SUSE bug 1233479SUSE bug 1233557SUSE bug 1233749SUSE bug 1234074SUSE bug 1234894SUSE bug 1234895SUSE bug 1234896SUSE bug 1235528SUSE bug 1235599SUSE bug 1235870SUSE bug 1237029SUSE bug 1237521SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237730SUSE bug 1237733SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237744SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237749SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237790SUSE bug 1237792SUSE bug 1237794SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237799SUSE bug 1237807SUSE bug 1237808SUSE bug 1237809SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237816SUSE bug 1237817SUSE bug 1237818SUSE bug 1237820SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237918SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237927SUSE bug 1237928SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237939SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237962SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237972SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237980SUSE bug 1237982SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237992SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238004SUSE bug 1238005SUSE bug 1238006SUSE bug 1238007SUSE bug 1238009SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238025SUSE bug 1238030SUSE bug 1238032SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238048SUSE bug 1238069SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238083SUSE bug 1238084SUSE bug 1238085SUSE bug 1238086SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238107SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238114SUSE bug 1238115SUSE bug 1238116SUSE bug 1238118SUSE bug 1238120SUSE bug 1238122SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238128SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238153SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238160SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238178SUSE bug 1238179SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238187SUSE bug 1238221SUSE bug 1238222SUSE bug 1238226SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238233SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238240SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238252SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238261SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238285SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238291SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238300SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238329SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238335SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238341SUSE bug 1238343SUSE bug 1238344SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238378SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238385SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238398SUSE bug 1238400SUSE bug 1238401SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238422SUSE bug 1238423SUSE bug 1238424SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238446SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238542SUSE bug 1238543SUSE bug 1238545SUSE bug 1238546SUSE bug 1238551SUSE bug 1238552SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238613SUSE bug 1238615SUSE bug 1238616SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238648SUSE bug 1238649SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238658SUSE bug 1238661SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238803SUSE bug 1238804SUSE bug 1238805SUSE bug 1238806SUSE bug 1238808SUSE bug 1238809SUSE bug 1238810SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238820SUSE bug 1238821SUSE bug 1238822SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238843SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238911SUSE bug 1238916SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238941SUSE bug 1238942SUSE bug 1238943SUSE bug 1238944SUSE bug 1238945SUSE bug 1238946SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238953SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239016SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239095SUSE bug 1239109SUSE bug 1239115SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49056 at SUSECVE-2022-49056 at NVDCVE-2022-49057 at SUSECVE-2022-49057 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49062 at SUSECVE-2022-49062 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49064 at SUSECVE-2022-49064 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49070 at SUSECVE-2022-49070 at NVDCVE-2022-49071 at SUSECVE-2022-49071 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49075 at SUSECVE-2022-49075 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49123 at SUSECVE-2022-49123 at NVDCVE-2022-49125 at SUSECVE-2022-49125 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49133 at SUSECVE-2022-49133 at NVDCVE-2022-49134 at SUSECVE-2022-49134 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49136 at SUSECVE-2022-49136 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49144 at SUSECVE-2022-49144 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49178 at SUSECVE-2022-49178 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49183 at SUSECVE-2022-49183 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49192 at SUSECVE-2022-49192 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49202 at SUSECVE-2022-49202 at NVDCVE-2022-49203 at SUSECVE-2022-49203 at NVDCVE-2022-49204 at SUSECVE-2022-49204 at NVDCVE-2022-49205 at SUSECVE-2022-49205 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49207 at SUSECVE-2022-49207 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49209 at SUSECVE-2022-49209 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49215 at SUSECVE-2022-49215 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49219 at SUSECVE-2022-49219 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49225 at SUSECVE-2022-49225 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49228 at SUSECVE-2022-49228 at NVDCVE-2022-49230 at SUSECVE-2022-49230 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49233 at SUSECVE-2022-49233 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49237 at SUSECVE-2022-49237 at NVDCVE-2022-49238 at SUSECVE-2022-49238 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49296 at SUSECVE-2022-49296 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49306 at SUSECVE-2022-49306 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49325 at SUSECVE-2022-49325 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49329 at SUSECVE-2022-49329 at NVDCVE-2022-49330 at SUSECVE-2022-49330 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49333 at SUSECVE-2022-49333 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49338 at SUSECVE-2022-49338 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49353 at SUSECVE-2022-49353 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49359 at SUSECVE-2022-49359 at NVDCVE-2022-49362 at SUSECVE-2022-49362 at NVDCVE-2022-49365 at SUSECVE-2022-49365 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49390 at SUSECVE-2022-49390 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49406 at SUSECVE-2022-49406 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49419 at SUSECVE-2022-49419 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49436 at SUSECVE-2022-49436 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49446 at SUSECVE-2022-49446 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49458 at SUSECVE-2022-49458 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49470 at SUSECVE-2022-49470 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49476 at SUSECVE-2022-49476 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49479 at SUSECVE-2022-49479 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49483 at SUSECVE-2022-49483 at NVDCVE-2022-49484 at SUSECVE-2022-49484 at NVDCVE-2022-49485 at SUSECVE-2022-49485 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49497 at SUSECVE-2022-49497 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49499 at SUSECVE-2022-49499 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49510 at SUSECVE-2022-49510 at NVDCVE-2022-49511 at SUSECVE-2022-49511 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49516 at SUSECVE-2022-49516 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49518 at SUSECVE-2022-49518 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49529 at SUSECVE-2022-49529 at NVDCVE-2022-49530 at SUSECVE-2022-49530 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49533 at SUSECVE-2022-49533 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49538 at SUSECVE-2022-49538 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49543 at SUSECVE-2022-49543 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49548 at SUSECVE-2022-49548 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49552 at SUSECVE-2022-49552 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49560 at SUSECVE-2022-49560 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49565 at SUSECVE-2022-49565 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49624 at SUSECVE-2022-49624 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49635 at SUSECVE-2022-49635 at NVDCVE-2022-49638 at SUSECVE-2022-49638 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49655 at SUSECVE-2022-49655 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49658 at SUSECVE-2022-49658 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49686 at SUSECVE-2022-49686 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49694 at SUSECVE-2022-49694 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49697 at SUSECVE-2022-49697 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49732 at SUSECVE-2022-49732 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-26634 at SUSECVE-2024-26634 at NVDCVE-2024-47678 at SUSECVE-2024-47678 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53124 at SUSECVE-2024-53124 at NVDCVE-2024-53176 at SUSECVE-2024-53176 at NVDCVE-2024-53178 at SUSECVE-2024-53178 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58013 at SUSECVE-2024-58013 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Important)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
ImportantSUSE bug 1239618CVE-2024-8176 at SUSECVE-2024-8176 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-53124: net: fix data-races around sk->sk_forward_alloc (bsc#1234074).
- CVE-2024-53176: smb: During unmount, ensure all cached dir instances drop their dentry (bsc#1234894).
- CVE-2024-53178: smb: Do not leak cfid when reconnect races with open_cached_dir (bsc#1234895).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58013: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (bsc#1239095).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21693: mm: zswap: properly synchronize freeing resources during CPU hotunplug (bsc#1237029).
- CVE-2025-21718: net: rose: fix timer races against user threads (bsc#1239073).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- btrfs: defrag: do not use merged extent map for their generation check (bsc#1239968).
- btrfs: fix defrag not merging contiguous extents due to merged extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents (bsc#1239968).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- cifs: Add a laundromat thread for cached directories (git-fixes).
- cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- mm: zswap: move allocations during CPU init outside the lock (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2 (bsc#1239016).
- net: mana: Allow variable size indirection table (bsc#1239016).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- net: mana: Support holes in device list reply msg (bsc#1240133).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX coalescing (bsc#1239016).
- sched/membarrier: Fix redundant load of membarrier_state (bsc#1232743).
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- smb: client: disable directory caching when dir_cache_timeout is zero (git-fixes).
- smb: client: do not start laundromat thread on nohandlecache (git-fixes).
- smb: client: make laundromat a delayed worker (git-fixes).
- smb: client: properly close cfids on umount (bsc#1231432, bsc#1232299, bsc#1235599, bsc#1234896).
- smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes).
- smb3: do not start laundromat thread when dir leases disabled (git-fixes).
- smb3: retrying on failed server close (git-fixes).
- tpm: send_data: Wait longer for the TPM to become ready (bsc#1235870).
ImportantSUSE bug 1065729SUSE bug 1180814SUSE bug 1183682SUSE bug 1190336SUSE bug 1190768SUSE bug 1190786SUSE bug 1193629SUSE bug 1194869SUSE bug 1194904SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197174SUSE bug 1197227SUSE bug 1197246SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198019SUSE bug 1198021SUSE bug 1198240SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200824SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201218SUSE bug 1201323SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1202712SUSE bug 1202771SUSE bug 1202774SUSE bug 1202778SUSE bug 1202781SUSE bug 1203699SUSE bug 1203769SUSE bug 1204171SUSE bug 1205205SUSE bug 1205701SUSE bug 1206048SUSE bug 1206049SUSE bug 1206451SUSE bug 1207034SUSE bug 1207186SUSE bug 1207361SUSE bug 1207593SUSE bug 1207640SUSE bug 1207878SUSE bug 1209262SUSE bug 1209547SUSE bug 1209788SUSE bug 1209980SUSE bug 1210050SUSE bug 1210647SUSE bug 1211263SUSE bug 1213167SUSE bug 1218450SUSE bug 1221651SUSE bug 1225428SUSE bug 1225742SUSE bug 1229312SUSE bug 1231375SUSE bug 1231432SUSE bug 1231854SUSE bug 1232299SUSE bug 1232743SUSE bug 1233479SUSE bug 1233557SUSE bug 1233749SUSE bug 1234074SUSE bug 1234894SUSE bug 1234895SUSE bug 1234896SUSE bug 1235528SUSE bug 1235599SUSE bug 1235870SUSE bug 1237029SUSE bug 1237521SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237722SUSE bug 1237723SUSE bug 1237724SUSE bug 1237725SUSE bug 1237726SUSE bug 1237727SUSE bug 1237728SUSE bug 1237729SUSE bug 1237730SUSE bug 1237733SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237737SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237743SUSE bug 1237744SUSE bug 1237745SUSE bug 1237746SUSE bug 1237748SUSE bug 1237749SUSE bug 1237751SUSE bug 1237752SUSE bug 1237753SUSE bug 1237755SUSE bug 1237759SUSE bug 1237761SUSE bug 1237763SUSE bug 1237766SUSE bug 1237767SUSE bug 1237768SUSE bug 1237774SUSE bug 1237775SUSE bug 1237778SUSE bug 1237779SUSE bug 1237780SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237785SUSE bug 1237786SUSE bug 1237787SUSE bug 1237788SUSE bug 1237789SUSE bug 1237790SUSE bug 1237792SUSE bug 1237794SUSE bug 1237795SUSE bug 1237797SUSE bug 1237798SUSE bug 1237799SUSE bug 1237807SUSE bug 1237808SUSE bug 1237809SUSE bug 1237810SUSE bug 1237812SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237816SUSE bug 1237817SUSE bug 1237818SUSE bug 1237820SUSE bug 1237821SUSE bug 1237823SUSE bug 1237824SUSE bug 1237826SUSE bug 1237827SUSE bug 1237829SUSE bug 1237831SUSE bug 1237835SUSE bug 1237836SUSE bug 1237837SUSE bug 1237839SUSE bug 1237840SUSE bug 1237845SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237892SUSE bug 1237903SUSE bug 1237904SUSE bug 1237916SUSE bug 1237918SUSE bug 1237922SUSE bug 1237925SUSE bug 1237926SUSE bug 1237927SUSE bug 1237928SUSE bug 1237929SUSE bug 1237931SUSE bug 1237932SUSE bug 1237933SUSE bug 1237937SUSE bug 1237940SUSE bug 1237941SUSE bug 1237942SUSE bug 1237946SUSE bug 1237951SUSE bug 1237952SUSE bug 1237954SUSE bug 1237955SUSE bug 1237957SUSE bug 1237958SUSE bug 1237959SUSE bug 1237960SUSE bug 1237961SUSE bug 1237962SUSE bug 1237963SUSE bug 1237965SUSE bug 1237966SUSE bug 1237967SUSE bug 1237968SUSE bug 1237969SUSE bug 1237970SUSE bug 1237971SUSE bug 1237972SUSE bug 1237973SUSE bug 1237975SUSE bug 1237976SUSE bug 1237978SUSE bug 1237979SUSE bug 1237980SUSE bug 1237982SUSE bug 1237983SUSE bug 1237984SUSE bug 1237986SUSE bug 1237987SUSE bug 1237990SUSE bug 1237992SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1237999SUSE bug 1238000SUSE bug 1238003SUSE bug 1238004SUSE bug 1238005SUSE bug 1238006SUSE bug 1238007SUSE bug 1238009SUSE bug 1238010SUSE bug 1238011SUSE bug 1238012SUSE bug 1238013SUSE bug 1238014SUSE bug 1238016SUSE bug 1238017SUSE bug 1238018SUSE bug 1238019SUSE bug 1238021SUSE bug 1238022SUSE bug 1238024SUSE bug 1238025SUSE bug 1238030SUSE bug 1238032SUSE bug 1238036SUSE bug 1238037SUSE bug 1238041SUSE bug 1238046SUSE bug 1238047SUSE bug 1238048SUSE bug 1238069SUSE bug 1238071SUSE bug 1238077SUSE bug 1238079SUSE bug 1238080SUSE bug 1238083SUSE bug 1238084SUSE bug 1238085SUSE bug 1238086SUSE bug 1238089SUSE bug 1238090SUSE bug 1238091SUSE bug 1238092SUSE bug 1238096SUSE bug 1238097SUSE bug 1238099SUSE bug 1238103SUSE bug 1238105SUSE bug 1238106SUSE bug 1238107SUSE bug 1238108SUSE bug 1238110SUSE bug 1238111SUSE bug 1238112SUSE bug 1238113SUSE bug 1238114SUSE bug 1238115SUSE bug 1238116SUSE bug 1238118SUSE bug 1238120SUSE bug 1238122SUSE bug 1238123SUSE bug 1238125SUSE bug 1238126SUSE bug 1238127SUSE bug 1238128SUSE bug 1238131SUSE bug 1238134SUSE bug 1238135SUSE bug 1238138SUSE bug 1238139SUSE bug 1238140SUSE bug 1238142SUSE bug 1238144SUSE bug 1238146SUSE bug 1238147SUSE bug 1238149SUSE bug 1238150SUSE bug 1238153SUSE bug 1238155SUSE bug 1238156SUSE bug 1238157SUSE bug 1238158SUSE bug 1238160SUSE bug 1238162SUSE bug 1238166SUSE bug 1238167SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238176SUSE bug 1238177SUSE bug 1238178SUSE bug 1238179SUSE bug 1238180SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238187SUSE bug 1238221SUSE bug 1238222SUSE bug 1238226SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238233SUSE bug 1238234SUSE bug 1238235SUSE bug 1238236SUSE bug 1238238SUSE bug 1238239SUSE bug 1238240SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238246SUSE bug 1238247SUSE bug 1238248SUSE bug 1238249SUSE bug 1238252SUSE bug 1238253SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238260SUSE bug 1238261SUSE bug 1238262SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238268SUSE bug 1238269SUSE bug 1238270SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238277SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238282SUSE bug 1238283SUSE bug 1238284SUSE bug 1238285SUSE bug 1238286SUSE bug 1238287SUSE bug 1238288SUSE bug 1238289SUSE bug 1238291SUSE bug 1238292SUSE bug 1238293SUSE bug 1238295SUSE bug 1238298SUSE bug 1238300SUSE bug 1238301SUSE bug 1238302SUSE bug 1238306SUSE bug 1238307SUSE bug 1238308SUSE bug 1238309SUSE bug 1238311SUSE bug 1238313SUSE bug 1238326SUSE bug 1238327SUSE bug 1238328SUSE bug 1238329SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238335SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238339SUSE bug 1238341SUSE bug 1238343SUSE bug 1238344SUSE bug 1238345SUSE bug 1238372SUSE bug 1238373SUSE bug 1238374SUSE bug 1238376SUSE bug 1238377SUSE bug 1238378SUSE bug 1238381SUSE bug 1238382SUSE bug 1238383SUSE bug 1238385SUSE bug 1238386SUSE bug 1238387SUSE bug 1238388SUSE bug 1238389SUSE bug 1238390SUSE bug 1238391SUSE bug 1238392SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238396SUSE bug 1238397SUSE bug 1238398SUSE bug 1238400SUSE bug 1238401SUSE bug 1238410SUSE bug 1238411SUSE bug 1238413SUSE bug 1238415SUSE bug 1238416SUSE bug 1238417SUSE bug 1238418SUSE bug 1238419SUSE bug 1238420SUSE bug 1238422SUSE bug 1238423SUSE bug 1238424SUSE bug 1238428SUSE bug 1238429SUSE bug 1238430SUSE bug 1238431SUSE bug 1238432SUSE bug 1238433SUSE bug 1238434SUSE bug 1238435SUSE bug 1238436SUSE bug 1238437SUSE bug 1238440SUSE bug 1238441SUSE bug 1238442SUSE bug 1238443SUSE bug 1238444SUSE bug 1238445SUSE bug 1238447SUSE bug 1238453SUSE bug 1238454SUSE bug 1238458SUSE bug 1238459SUSE bug 1238462SUSE bug 1238463SUSE bug 1238465SUSE bug 1238467SUSE bug 1238469SUSE bug 1238533SUSE bug 1238536SUSE bug 1238538SUSE bug 1238539SUSE bug 1238540SUSE bug 1238542SUSE bug 1238543SUSE bug 1238546SUSE bug 1238551SUSE bug 1238552SUSE bug 1238556SUSE bug 1238557SUSE bug 1238599SUSE bug 1238600SUSE bug 1238601SUSE bug 1238602SUSE bug 1238605SUSE bug 1238612SUSE bug 1238613SUSE bug 1238615SUSE bug 1238616SUSE bug 1238617SUSE bug 1238618SUSE bug 1238619SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238632SUSE bug 1238633SUSE bug 1238635SUSE bug 1238636SUSE bug 1238638SUSE bug 1238639SUSE bug 1238640SUSE bug 1238641SUSE bug 1238642SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238647SUSE bug 1238648SUSE bug 1238649SUSE bug 1238650SUSE bug 1238653SUSE bug 1238654SUSE bug 1238655SUSE bug 1238658SUSE bug 1238661SUSE bug 1238662SUSE bug 1238663SUSE bug 1238664SUSE bug 1238666SUSE bug 1238668SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238792SUSE bug 1238799SUSE bug 1238803SUSE bug 1238804SUSE bug 1238805SUSE bug 1238806SUSE bug 1238808SUSE bug 1238809SUSE bug 1238810SUSE bug 1238811SUSE bug 1238814SUSE bug 1238815SUSE bug 1238816SUSE bug 1238817SUSE bug 1238818SUSE bug 1238819SUSE bug 1238820SUSE bug 1238821SUSE bug 1238822SUSE bug 1238823SUSE bug 1238825SUSE bug 1238830SUSE bug 1238834SUSE bug 1238835SUSE bug 1238836SUSE bug 1238838SUSE bug 1238843SUSE bug 1238867SUSE bug 1238868SUSE bug 1238869SUSE bug 1238870SUSE bug 1238871SUSE bug 1238878SUSE bug 1238889SUSE bug 1238892SUSE bug 1238893SUSE bug 1238897SUSE bug 1238898SUSE bug 1238899SUSE bug 1238902SUSE bug 1238911SUSE bug 1238916SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238936SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238941SUSE bug 1238942SUSE bug 1238943SUSE bug 1238944SUSE bug 1238945SUSE bug 1238946SUSE bug 1238948SUSE bug 1238949SUSE bug 1238950SUSE bug 1238951SUSE bug 1238952SUSE bug 1238953SUSE bug 1238954SUSE bug 1238956SUSE bug 1238957SUSE bug 1239001SUSE bug 1239004SUSE bug 1239016SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239051SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239073SUSE bug 1239076SUSE bug 1239095SUSE bug 1239109SUSE bug 1239115SUSE bug 1239126SUSE bug 1239452SUSE bug 1239454SUSE bug 1239968SUSE bug 1239969SUSE bug 1240133SUSE bug 1240205SUSE bug 1240207SUSE bug 1240208SUSE bug 1240210SUSE bug 1240212SUSE bug 1240213SUSE bug 1240218SUSE bug 1240220SUSE bug 1240227SUSE bug 1240229SUSE bug 1240231SUSE bug 1240242SUSE bug 1240245SUSE bug 1240247SUSE bug 1240250SUSE bug 1240254SUSE bug 1240256SUSE bug 1240264SUSE bug 1240266SUSE bug 1240272SUSE bug 1240275SUSE bug 1240276SUSE bug 1240278SUSE bug 1240279SUSE bug 1240280SUSE bug 1240281SUSE bug 1240282SUSE bug 1240283SUSE bug 1240284SUSE bug 1240286SUSE bug 1240288SUSE bug 1240290SUSE bug 1240292SUSE bug 1240293SUSE bug 1240297SUSE bug 1240304SUSE bug 1240308SUSE bug 1240309SUSE bug 1240317SUSE bug 1240318SUSE bug 1240322CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-4453 at SUSECVE-2021-4453 at NVDCVE-2021-4454 at SUSECVE-2021-4454 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47632 at SUSECVE-2021-47632 at NVDCVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2021-47635 at SUSECVE-2021-47635 at NVDCVE-2021-47636 at SUSECVE-2021-47636 at NVDCVE-2021-47637 at SUSECVE-2021-47637 at NVDCVE-2021-47638 at SUSECVE-2021-47638 at NVDCVE-2021-47639 at SUSECVE-2021-47639 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47643 at SUSECVE-2021-47643 at NVDCVE-2021-47644 at SUSECVE-2021-47644 at NVDCVE-2021-47645 at SUSECVE-2021-47645 at NVDCVE-2021-47646 at SUSECVE-2021-47646 at NVDCVE-2021-47647 at SUSECVE-2021-47647 at NVDCVE-2021-47648 at SUSECVE-2021-47648 at NVDCVE-2021-47649 at SUSECVE-2021-47649 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47654 at SUSECVE-2021-47654 at NVDCVE-2021-47656 at SUSECVE-2021-47656 at NVDCVE-2021-47657 at SUSECVE-2021-47657 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-0995 at SUSECVE-2022-0995 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49050 at SUSECVE-2022-49050 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49054 at SUSECVE-2022-49054 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49056 at SUSECVE-2022-49056 at NVDCVE-2022-49057 at SUSECVE-2022-49057 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49060 at SUSECVE-2022-49060 at NVDCVE-2022-49061 at SUSECVE-2022-49061 at NVDCVE-2022-49062 at SUSECVE-2022-49062 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49064 at SUSECVE-2022-49064 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49066 at SUSECVE-2022-49066 at NVDCVE-2022-49070 at SUSECVE-2022-49070 at NVDCVE-2022-49071 at SUSECVE-2022-49071 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49074 at SUSECVE-2022-49074 at NVDCVE-2022-49075 at SUSECVE-2022-49075 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49084 at SUSECVE-2022-49084 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49086 at SUSECVE-2022-49086 at NVDCVE-2022-49088 at SUSECVE-2022-49088 at NVDCVE-2022-49089 at SUSECVE-2022-49089 at NVDCVE-2022-49090 at SUSECVE-2022-49090 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49092 at SUSECVE-2022-49092 at NVDCVE-2022-49093 at SUSECVE-2022-49093 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49096 at SUSECVE-2022-49096 at NVDCVE-2022-49097 at SUSECVE-2022-49097 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49099 at SUSECVE-2022-49099 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49102 at SUSECVE-2022-49102 at NVDCVE-2022-49103 at SUSECVE-2022-49103 at NVDCVE-2022-49104 at SUSECVE-2022-49104 at NVDCVE-2022-49105 at SUSECVE-2022-49105 at NVDCVE-2022-49106 at SUSECVE-2022-49106 at NVDCVE-2022-49107 at SUSECVE-2022-49107 at NVDCVE-2022-49109 at SUSECVE-2022-49109 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49112 at SUSECVE-2022-49112 at NVDCVE-2022-49113 at SUSECVE-2022-49113 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49115 at SUSECVE-2022-49115 at NVDCVE-2022-49116 at SUSECVE-2022-49116 at NVDCVE-2022-49118 at SUSECVE-2022-49118 at NVDCVE-2022-49119 at SUSECVE-2022-49119 at NVDCVE-2022-49120 at SUSECVE-2022-49120 at NVDCVE-2022-49121 at SUSECVE-2022-49121 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49123 at SUSECVE-2022-49123 at NVDCVE-2022-49125 at SUSECVE-2022-49125 at NVDCVE-2022-49126 at SUSECVE-2022-49126 at NVDCVE-2022-49128 at SUSECVE-2022-49128 at NVDCVE-2022-49129 at SUSECVE-2022-49129 at NVDCVE-2022-49130 at SUSECVE-2022-49130 at NVDCVE-2022-49131 at SUSECVE-2022-49131 at NVDCVE-2022-49132 at SUSECVE-2022-49132 at NVDCVE-2022-49133 at SUSECVE-2022-49133 at NVDCVE-2022-49134 at SUSECVE-2022-49134 at NVDCVE-2022-49135 at SUSECVE-2022-49135 at NVDCVE-2022-49136 at SUSECVE-2022-49136 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49144 at SUSECVE-2022-49144 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49147 at SUSECVE-2022-49147 at NVDCVE-2022-49148 at SUSECVE-2022-49148 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49154 at SUSECVE-2022-49154 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49163 at SUSECVE-2022-49163 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49165 at SUSECVE-2022-49165 at NVDCVE-2022-49174 at SUSECVE-2022-49174 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49176 at SUSECVE-2022-49176 at NVDCVE-2022-49177 at SUSECVE-2022-49177 at NVDCVE-2022-49178 at SUSECVE-2022-49178 at NVDCVE-2022-49179 at SUSECVE-2022-49179 at NVDCVE-2022-49180 at SUSECVE-2022-49180 at NVDCVE-2022-49182 at SUSECVE-2022-49182 at NVDCVE-2022-49183 at SUSECVE-2022-49183 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49187 at SUSECVE-2022-49187 at NVDCVE-2022-49188 at SUSECVE-2022-49188 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49192 at SUSECVE-2022-49192 at NVDCVE-2022-49193 at SUSECVE-2022-49193 at NVDCVE-2022-49194 at SUSECVE-2022-49194 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49199 at SUSECVE-2022-49199 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49202 at SUSECVE-2022-49202 at NVDCVE-2022-49203 at SUSECVE-2022-49203 at NVDCVE-2022-49204 at SUSECVE-2022-49204 at NVDCVE-2022-49205 at SUSECVE-2022-49205 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49207 at SUSECVE-2022-49207 at NVDCVE-2022-49208 at SUSECVE-2022-49208 at NVDCVE-2022-49209 at SUSECVE-2022-49209 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49214 at SUSECVE-2022-49214 at NVDCVE-2022-49215 at SUSECVE-2022-49215 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49218 at SUSECVE-2022-49218 at NVDCVE-2022-49219 at SUSECVE-2022-49219 at NVDCVE-2022-49221 at SUSECVE-2022-49221 at NVDCVE-2022-49222 at SUSECVE-2022-49222 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49225 at SUSECVE-2022-49225 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49227 at SUSECVE-2022-49227 at NVDCVE-2022-49228 at SUSECVE-2022-49228 at NVDCVE-2022-49230 at SUSECVE-2022-49230 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49233 at SUSECVE-2022-49233 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49236 at SUSECVE-2022-49236 at NVDCVE-2022-49237 at SUSECVE-2022-49237 at NVDCVE-2022-49238 at SUSECVE-2022-49238 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49241 at SUSECVE-2022-49241 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49244 at SUSECVE-2022-49244 at NVDCVE-2022-49246 at SUSECVE-2022-49246 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49249 at SUSECVE-2022-49249 at NVDCVE-2022-49250 at SUSECVE-2022-49250 at NVDCVE-2022-49251 at SUSECVE-2022-49251 at NVDCVE-2022-49252 at SUSECVE-2022-49252 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49254 at SUSECVE-2022-49254 at NVDCVE-2022-49256 at SUSECVE-2022-49256 at NVDCVE-2022-49257 at SUSECVE-2022-49257 at NVDCVE-2022-49258 at SUSECVE-2022-49258 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49260 at SUSECVE-2022-49260 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49262 at SUSECVE-2022-49262 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49265 at SUSECVE-2022-49265 at NVDCVE-2022-49266 at SUSECVE-2022-49266 at NVDCVE-2022-49268 at SUSECVE-2022-49268 at NVDCVE-2022-49269 at SUSECVE-2022-49269 at NVDCVE-2022-49270 at SUSECVE-2022-49270 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49273 at SUSECVE-2022-49273 at NVDCVE-2022-49274 at SUSECVE-2022-49274 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49276 at SUSECVE-2022-49276 at NVDCVE-2022-49277 at SUSECVE-2022-49277 at NVDCVE-2022-49278 at SUSECVE-2022-49278 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49283 at SUSECVE-2022-49283 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49286 at SUSECVE-2022-49286 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49294 at SUSECVE-2022-49294 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49296 at SUSECVE-2022-49296 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49306 at SUSECVE-2022-49306 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49308 at SUSECVE-2022-49308 at NVDCVE-2022-49309 at SUSECVE-2022-49309 at NVDCVE-2022-49310 at SUSECVE-2022-49310 at NVDCVE-2022-49311 at SUSECVE-2022-49311 at NVDCVE-2022-49312 at SUSECVE-2022-49312 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49319 at SUSECVE-2022-49319 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49322 at SUSECVE-2022-49322 at NVDCVE-2022-49323 at SUSECVE-2022-49323 at NVDCVE-2022-49325 at SUSECVE-2022-49325 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49328 at SUSECVE-2022-49328 at NVDCVE-2022-49329 at SUSECVE-2022-49329 at NVDCVE-2022-49330 at SUSECVE-2022-49330 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49333 at SUSECVE-2022-49333 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49336 at SUSECVE-2022-49336 at NVDCVE-2022-49337 at SUSECVE-2022-49337 at NVDCVE-2022-49338 at SUSECVE-2022-49338 at NVDCVE-2022-49339 at SUSECVE-2022-49339 at NVDCVE-2022-49341 at SUSECVE-2022-49341 at NVDCVE-2022-49342 at SUSECVE-2022-49342 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49345 at SUSECVE-2022-49345 at NVDCVE-2022-49346 at SUSECVE-2022-49346 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49348 at SUSECVE-2022-49348 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49350 at SUSECVE-2022-49350 at NVDCVE-2022-49351 at SUSECVE-2022-49351 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49353 at SUSECVE-2022-49353 at NVDCVE-2022-49354 at SUSECVE-2022-49354 at NVDCVE-2022-49356 at SUSECVE-2022-49356 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49359 at SUSECVE-2022-49359 at NVDCVE-2022-49362 at SUSECVE-2022-49362 at NVDCVE-2022-49365 at SUSECVE-2022-49365 at NVDCVE-2022-49367 at SUSECVE-2022-49367 at NVDCVE-2022-49368 at SUSECVE-2022-49368 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49377 at SUSECVE-2022-49377 at NVDCVE-2022-49378 at SUSECVE-2022-49378 at NVDCVE-2022-49379 at SUSECVE-2022-49379 at NVDCVE-2022-49381 at SUSECVE-2022-49381 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49384 at SUSECVE-2022-49384 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49386 at SUSECVE-2022-49386 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49390 at SUSECVE-2022-49390 at NVDCVE-2022-49392 at SUSECVE-2022-49392 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49400 at SUSECVE-2022-49400 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49406 at SUSECVE-2022-49406 at NVDCVE-2022-49407 at SUSECVE-2022-49407 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49412 at SUSECVE-2022-49412 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49418 at SUSECVE-2022-49418 at NVDCVE-2022-49419 at SUSECVE-2022-49419 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49424 at SUSECVE-2022-49424 at NVDCVE-2022-49426 at SUSECVE-2022-49426 at NVDCVE-2022-49427 at SUSECVE-2022-49427 at NVDCVE-2022-49429 at SUSECVE-2022-49429 at NVDCVE-2022-49430 at SUSECVE-2022-49430 at NVDCVE-2022-49431 at SUSECVE-2022-49431 at NVDCVE-2022-49432 at SUSECVE-2022-49432 at NVDCVE-2022-49433 at SUSECVE-2022-49433 at NVDCVE-2022-49434 at SUSECVE-2022-49434 at NVDCVE-2022-49435 at SUSECVE-2022-49435 at NVDCVE-2022-49436 at SUSECVE-2022-49436 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49440 at SUSECVE-2022-49440 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49443 at SUSECVE-2022-49443 at NVDCVE-2022-49444 at SUSECVE-2022-49444 at NVDCVE-2022-49445 at SUSECVE-2022-49445 at NVDCVE-2022-49446 at SUSECVE-2022-49446 at NVDCVE-2022-49447 at SUSECVE-2022-49447 at NVDCVE-2022-49448 at SUSECVE-2022-49448 at NVDCVE-2022-49449 at SUSECVE-2022-49449 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49453 at SUSECVE-2022-49453 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49458 at SUSECVE-2022-49458 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49463 at SUSECVE-2022-49463 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49466 at SUSECVE-2022-49466 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49468 at SUSECVE-2022-49468 at NVDCVE-2022-49470 at SUSECVE-2022-49470 at NVDCVE-2022-49472 at SUSECVE-2022-49472 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49476 at SUSECVE-2022-49476 at NVDCVE-2022-49477 at SUSECVE-2022-49477 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49479 at SUSECVE-2022-49479 at NVDCVE-2022-49480 at SUSECVE-2022-49480 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49483 at SUSECVE-2022-49483 at NVDCVE-2022-49484 at SUSECVE-2022-49484 at NVDCVE-2022-49485 at SUSECVE-2022-49485 at NVDCVE-2022-49486 at SUSECVE-2022-49486 at NVDCVE-2022-49487 at SUSECVE-2022-49487 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49494 at SUSECVE-2022-49494 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49497 at SUSECVE-2022-49497 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49499 at SUSECVE-2022-49499 at NVDCVE-2022-49501 at SUSECVE-2022-49501 at NVDCVE-2022-49502 at SUSECVE-2022-49502 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49506 at SUSECVE-2022-49506 at NVDCVE-2022-49507 at SUSECVE-2022-49507 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49509 at SUSECVE-2022-49509 at NVDCVE-2022-49510 at SUSECVE-2022-49510 at NVDCVE-2022-49511 at SUSECVE-2022-49511 at NVDCVE-2022-49512 at SUSECVE-2022-49512 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49515 at SUSECVE-2022-49515 at NVDCVE-2022-49516 at SUSECVE-2022-49516 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49518 at SUSECVE-2022-49518 at NVDCVE-2022-49519 at SUSECVE-2022-49519 at NVDCVE-2022-49520 at SUSECVE-2022-49520 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49523 at SUSECVE-2022-49523 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49529 at SUSECVE-2022-49529 at NVDCVE-2022-49530 at SUSECVE-2022-49530 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49533 at SUSECVE-2022-49533 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49538 at SUSECVE-2022-49538 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49543 at SUSECVE-2022-49543 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49548 at SUSECVE-2022-49548 at NVDCVE-2022-49549 at SUSECVE-2022-49549 at NVDCVE-2022-49551 at SUSECVE-2022-49551 at NVDCVE-2022-49552 at SUSECVE-2022-49552 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49556 at SUSECVE-2022-49556 at NVDCVE-2022-49559 at SUSECVE-2022-49559 at NVDCVE-2022-49560 at SUSECVE-2022-49560 at NVDCVE-2022-49562 at SUSECVE-2022-49562 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49565 at SUSECVE-2022-49565 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49568 at SUSECVE-2022-49568 at NVDCVE-2022-49569 at SUSECVE-2022-49569 at NVDCVE-2022-49570 at SUSECVE-2022-49570 at NVDCVE-2022-49579 at SUSECVE-2022-49579 at NVDCVE-2022-49581 at SUSECVE-2022-49581 at NVDCVE-2022-49583 at SUSECVE-2022-49583 at NVDCVE-2022-49584 at SUSECVE-2022-49584 at NVDCVE-2022-49591 at SUSECVE-2022-49591 at NVDCVE-2022-49592 at SUSECVE-2022-49592 at NVDCVE-2022-49603 at SUSECVE-2022-49603 at NVDCVE-2022-49605 at SUSECVE-2022-49605 at NVDCVE-2022-49606 at SUSECVE-2022-49606 at NVDCVE-2022-49607 at SUSECVE-2022-49607 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49613 at SUSECVE-2022-49613 at NVDCVE-2022-49615 at SUSECVE-2022-49615 at NVDCVE-2022-49616 at SUSECVE-2022-49616 at NVDCVE-2022-49617 at SUSECVE-2022-49617 at NVDCVE-2022-49618 at SUSECVE-2022-49618 at NVDCVE-2022-49621 at SUSECVE-2022-49621 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49624 at SUSECVE-2022-49624 at NVDCVE-2022-49625 at SUSECVE-2022-49625 at NVDCVE-2022-49626 at SUSECVE-2022-49626 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49628 at SUSECVE-2022-49628 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49634 at SUSECVE-2022-49634 at NVDCVE-2022-49635 at SUSECVE-2022-49635 at NVDCVE-2022-49638 at SUSECVE-2022-49638 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49642 at SUSECVE-2022-49642 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49650 at SUSECVE-2022-49650 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49653 at SUSECVE-2022-49653 at NVDCVE-2022-49655 at SUSECVE-2022-49655 at NVDCVE-2022-49656 at SUSECVE-2022-49656 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49658 at SUSECVE-2022-49658 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49663 at SUSECVE-2022-49663 at NVDCVE-2022-49665 at SUSECVE-2022-49665 at NVDCVE-2022-49667 at SUSECVE-2022-49667 at NVDCVE-2022-49668 at SUSECVE-2022-49668 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49672 at SUSECVE-2022-49672 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49675 at SUSECVE-2022-49675 at NVDCVE-2022-49676 at SUSECVE-2022-49676 at NVDCVE-2022-49677 at SUSECVE-2022-49677 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49679 at SUSECVE-2022-49679 at NVDCVE-2022-49680 at SUSECVE-2022-49680 at NVDCVE-2022-49683 at SUSECVE-2022-49683 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49686 at SUSECVE-2022-49686 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49688 at SUSECVE-2022-49688 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49694 at SUSECVE-2022-49694 at NVDCVE-2022-49695 at SUSECVE-2022-49695 at NVDCVE-2022-49697 at SUSECVE-2022-49697 at NVDCVE-2022-49699 at SUSECVE-2022-49699 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49704 at SUSECVE-2022-49704 at NVDCVE-2022-49705 at SUSECVE-2022-49705 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49714 at SUSECVE-2022-49714 at NVDCVE-2022-49715 at SUSECVE-2022-49715 at NVDCVE-2022-49716 at SUSECVE-2022-49716 at NVDCVE-2022-49719 at SUSECVE-2022-49719 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49721 at SUSECVE-2022-49721 at NVDCVE-2022-49722 at SUSECVE-2022-49722 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49725 at SUSECVE-2022-49725 at NVDCVE-2022-49726 at SUSECVE-2022-49726 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49732 at SUSECVE-2022-49732 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2022-49746 at SUSECVE-2022-49746 at NVDCVE-2022-49748 at SUSECVE-2022-49748 at NVDCVE-2022-49751 at SUSECVE-2022-49751 at NVDCVE-2022-49753 at SUSECVE-2022-49753 at NVDCVE-2022-49755 at SUSECVE-2022-49755 at NVDCVE-2022-49759 at SUSECVE-2022-49759 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52930 at SUSECVE-2023-52930 at NVDCVE-2023-52933 at SUSECVE-2023-52933 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52939 at SUSECVE-2023-52939 at NVDCVE-2023-52941 at SUSECVE-2023-52941 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-52975 at SUSECVE-2023-52975 at NVDCVE-2023-52976 at SUSECVE-2023-52976 at NVDCVE-2023-52979 at SUSECVE-2023-52979 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-52984 at SUSECVE-2023-52984 at NVDCVE-2023-52988 at SUSECVE-2023-52988 at NVDCVE-2023-52989 at SUSECVE-2023-52989 at NVDCVE-2023-52992 at SUSECVE-2023-52992 at NVDCVE-2023-52993 at SUSECVE-2023-52993 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53005 at SUSECVE-2023-53005 at NVDCVE-2023-53006 at SUSECVE-2023-53006 at NVDCVE-2023-53007 at SUSECVE-2023-53007 at NVDCVE-2023-53008 at SUSECVE-2023-53008 at NVDCVE-2023-53010 at SUSECVE-2023-53010 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53016 at SUSECVE-2023-53016 at NVDCVE-2023-53019 at SUSECVE-2023-53019 at NVDCVE-2023-53023 at SUSECVE-2023-53023 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2023-53025 at SUSECVE-2023-53025 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53028 at SUSECVE-2023-53028 at NVDCVE-2023-53029 at SUSECVE-2023-53029 at NVDCVE-2023-53030 at SUSECVE-2023-53030 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-26634 at SUSECVE-2024-26634 at NVDCVE-2024-47678 at SUSECVE-2024-47678 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53124 at SUSECVE-2024-53124 at NVDCVE-2024-53176 at SUSECVE-2024-53176 at NVDCVE-2024-53178 at SUSECVE-2024-53178 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58013 at SUSECVE-2024-58013 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21693 at SUSECVE-2025-21693 at NVDCVE-2025-21718 at SUSECVE-2025-21718 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.5
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
ModerateSUSE bug 1232234CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.5Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.5
This update for haproxy fixes the following issues:
- CVE-2025-32464: Fixed heap-based buffer overflow in sample_conv_regsub. (bsc#1240971)
ModerateSUSE bug 1240971CVE-2025-32464 at SUSECVE-2025-32464 at NVDcpe:/o:suse:sle-micro:5.5Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.5
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
ModerateSUSE bug 1239749CVE-2024-40635 at SUSECVE-2024-40635 at NVDcpe:/o:suse:sle-micro:5.5Security update for cifs-utils (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cifs-utils fixes the following issues:
- CVE-2025-2312: Fixed cifs.upcall making an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
ModerateSUSE bug 1239680CVE-2025-2312 at SUSECVE-2025-2312 at NVDcpe:/o:suse:sle-micro:5.5Security update for augeas (Low)SUSE Linux Enterprise Micro 5.5
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
LowSUSE bug 1239909CVE-2025-2588 at SUSECVE-2025-2588 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
ModerateSUSE bug 1241453SUSE bug 1241551CVE-2025-32414 at SUSECVE-2025-32414 at NVDCVE-2025-32415 at SUSECVE-2025-32415 at NVDcpe:/o:suse:sle-micro:5.5Security update for git (Important)SUSE Linux Enterprise Micro 5.5
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
ImportantSUSE bug 1235600SUSE bug 1235601CVE-2024-50349 at SUSECVE-2024-50349 at NVDCVE-2024-52006 at SUSECVE-2024-52006 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
ModerateSUSE bug 1241020SUSE bug 1241078SUSE bug 1241189CVE-2025-29087 at SUSECVE-2025-29087 at NVDCVE-2025-29088 at SUSECVE-2025-29088 at NVDCVE-2025-3277 at SUSECVE-2025-3277 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing conten (bsc#1240750)
- CVE-2025-32050: Fixed integer overflow in append_param_quoted (bsc#1240752)
- CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
- CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
- CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
- CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164)
- CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
- CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688)
ImportantSUSE bug 1240750SUSE bug 1240752SUSE bug 1240756SUSE bug 1240757SUSE bug 1241164SUSE bug 1241222SUSE bug 1241686SUSE bug 1241688CVE-2025-2784 at SUSECVE-2025-2784 at NVDCVE-2025-32050 at SUSECVE-2025-32050 at NVDCVE-2025-32052 at SUSECVE-2025-32052 at NVDCVE-2025-32053 at SUSECVE-2025-32053 at NVDCVE-2025-32907 at SUSECVE-2025-32907 at NVDCVE-2025-32914 at SUSECVE-2025-32914 at NVDCVE-2025-46420 at SUSECVE-2025-46420 at NVDCVE-2025-46421 at SUSECVE-2025-46421 at NVDcpe:/o:suse:sle-micro:5.5Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.5
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
ModerateSUSE bug 1241678CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
ModerateSUSE bug 1228634SUSE bug 1232533SUSE bug 1241012SUSE bug 1241045CVE-2025-32728 at SUSECVE-2025-32728 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Moderate)SUSE Linux Enterprise Micro 5.5
This update for helm fixes the following issues:
help was updated to version 3.17.3:
Helm v3.17.3 is a security (patch) release. Users are strongly
recommended to update to this release.
* Changelog
- Unarchiving fix e4da497 (Matt Farina)
Moderatecpe:/o:suse:sle-micro:5.5Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
ModerateSUSE bug 1240897CVE-2025-3360 at SUSECVE-2025-3360 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621).
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
- CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910).
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).
The following non-security bugs were fixed:
- cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777).
- cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
- cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777).
- cpufreq: Support per-policy performance boost (bsc#1236777).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1054914SUSE bug 1206843SUSE bug 1210409SUSE bug 1225903SUSE bug 1229361SUSE bug 1229621SUSE bug 1230764SUSE bug 1231103SUSE bug 1231910SUSE bug 1236777SUSE bug 1237981SUSE bug 1238032SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239061SUSE bug 1239684SUSE bug 1239968SUSE bug 1240209SUSE bug 1240211SUSE bug 1240214SUSE bug 1240228SUSE bug 1240230SUSE bug 1240246SUSE bug 1240248SUSE bug 1240269SUSE bug 1240271SUSE bug 1240274SUSE bug 1240285SUSE bug 1240295SUSE bug 1240306SUSE bug 1240314SUSE bug 1240315SUSE bug 1240321SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541SUSE bug 1241625SUSE bug 1241648SUSE bug 1242284SUSE bug 1242493SUSE bug 1242778CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-48933 at SUSECVE-2022-48933 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2022-49745 at SUSECVE-2022-49745 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2023-52928 at SUSECVE-2023-52928 at NVDCVE-2023-52931 at SUSECVE-2023-52931 at NVDCVE-2023-52936 at SUSECVE-2023-52936 at NVDCVE-2023-52937 at SUSECVE-2023-52937 at NVDCVE-2023-52938 at SUSECVE-2023-52938 at NVDCVE-2023-52981 at SUSECVE-2023-52981 at NVDCVE-2023-52982 at SUSECVE-2023-52982 at NVDCVE-2023-52986 at SUSECVE-2023-52986 at NVDCVE-2023-52994 at SUSECVE-2023-52994 at NVDCVE-2023-53001 at SUSECVE-2023-53001 at NVDCVE-2023-53002 at SUSECVE-2023-53002 at NVDCVE-2023-53009 at SUSECVE-2023-53009 at NVDCVE-2023-53014 at SUSECVE-2023-53014 at NVDCVE-2023-53018 at SUSECVE-2023-53018 at NVDCVE-2023-53031 at SUSECVE-2023-53031 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2024-42307 at SUSECVE-2024-42307 at NVDCVE-2024-46763 at SUSECVE-2024-46763 at NVDCVE-2024-46865 at SUSECVE-2024-46865 at NVDCVE-2024-50038 at SUSECVE-2024-50038 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDCVE-2025-2312 at SUSECVE-2025-2312 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-39735 at SUSECVE-2025-39735 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48933: netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1229621).
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2024-46763: fou: Fix null-ptr-deref in GRO (bsc#1230764).
- CVE-2024-50038: netfilter: xtables: avoid NFPROTO_UNSPEC where needed (bsc#1231910).
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21839: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
- CVE-2025-22097: drm/vkms: Fix use after free and double free on init error (bsc#1241541).
- CVE-2025-2312: CIFS: New mount option for cifs.upcall namespace resolution (bsc#1239684).
- CVE-2025-23138: watch_queue: fix pipe accounting mismatch (bsc#1241648).
- CVE-2025-39735: jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625).
The following non-security bugs were fixed:
- cpufreq: ACPI: Mark boost policy as enabled when setting boost (bsc#1236777).
- cpufreq: Allow drivers to advertise boost enabled (bsc#1236777).
- cpufreq: Fix per-policy boost behavior on SoCs using cpufreq_boost_set_sw() (bsc#1236777).
- cpufreq: Support per-policy performance boost (bsc#1236777).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1054914SUSE bug 1206843SUSE bug 1210409SUSE bug 1225903SUSE bug 1229361SUSE bug 1229621SUSE bug 1230764SUSE bug 1231103SUSE bug 1231910SUSE bug 1236777SUSE bug 1237981SUSE bug 1238032SUSE bug 1238471SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1239061SUSE bug 1239684SUSE bug 1239968SUSE bug 1240209SUSE bug 1240211SUSE bug 1240214SUSE bug 1240228SUSE bug 1240230SUSE bug 1240246SUSE bug 1240248SUSE bug 1240269SUSE bug 1240271SUSE bug 1240274SUSE bug 1240285SUSE bug 1240295SUSE bug 1240306SUSE bug 1240314SUSE bug 1240315SUSE bug 1240321SUSE bug 1240747SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241421SUSE bug 1241433SUSE bug 1241541SUSE bug 1241625SUSE bug 1241648SUSE bug 1242284SUSE bug 1242493SUSE bug 1242778CVE-2021-47671 at SUSECVE-2021-47671 at NVDCVE-2022-48933 at SUSECVE-2022-48933 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49741 at SUSECVE-2022-49741 at NVDCVE-2022-49745 at SUSECVE-2022-49745 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2023-52928 at SUSECVE-2023-52928 at NVDCVE-2023-52931 at SUSECVE-2023-52931 at NVDCVE-2023-52936 at SUSECVE-2023-52936 at NVDCVE-2023-52937 at SUSECVE-2023-52937 at NVDCVE-2023-52938 at SUSECVE-2023-52938 at NVDCVE-2023-52981 at SUSECVE-2023-52981 at NVDCVE-2023-52982 at SUSECVE-2023-52982 at NVDCVE-2023-52986 at SUSECVE-2023-52986 at NVDCVE-2023-52994 at SUSECVE-2023-52994 at NVDCVE-2023-53001 at SUSECVE-2023-53001 at NVDCVE-2023-53002 at SUSECVE-2023-53002 at NVDCVE-2023-53009 at SUSECVE-2023-53009 at NVDCVE-2023-53014 at SUSECVE-2023-53014 at NVDCVE-2023-53018 at SUSECVE-2023-53018 at NVDCVE-2023-53031 at SUSECVE-2023-53031 at NVDCVE-2023-53051 at SUSECVE-2023-53051 at NVDCVE-2024-42307 at SUSECVE-2024-42307 at NVDCVE-2024-46763 at SUSECVE-2024-46763 at NVDCVE-2024-46865 at SUSECVE-2024-46865 at NVDCVE-2024-50038 at SUSECVE-2024-50038 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21839 at SUSECVE-2025-21839 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDCVE-2025-22097 at SUSECVE-2025-22097 at NVDCVE-2025-2312 at SUSECVE-2025-2312 at NVDCVE-2025-23138 at SUSECVE-2025-23138 at NVDCVE-2025-39735 at SUSECVE-2025-39735 at NVDcpe:/o:suse:sle-micro:5.5Security update for rsync (Important)SUSE Linux Enterprise Micro 5.5
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
ImportantSUSE bug 1234101SUSE bug 1234102SUSE bug 1234103SUSE bug 1234104SUSE bug 1235475SUSE bug 1235895CVE-2024-12085 at SUSECVE-2024-12085 at NVDCVE-2024-12086 at SUSECVE-2024-12086 at NVDCVE-2024-12087 at SUSECVE-2024-12087 at NVDCVE-2024-12088 at SUSECVE-2024-12088 at NVDCVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)
- CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
- Updates for functional issues.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2)
| ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2)
| GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6
| LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3
| EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5
| GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3
| MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores
| TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile
| TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile
ModerateSUSE bug 1243123CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-43420 at SUSECVE-2024-43420 at NVDCVE-2024-45332 at SUSECVE-2024-45332 at NVDCVE-2025-20012 at SUSECVE-2025-20012 at NVDCVE-2025-20054 at SUSECVE-2025-20054 at NVDCVE-2025-20103 at SUSECVE-2025-20103 at NVDCVE-2025-20623 at SUSECVE-2025-20623 at NVDCVE-2025-24495 at SUSECVE-2025-24495 at NVDcpe:/o:suse:sle-micro:5.5Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.5
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
- Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
ModerateSUSE bug 1237147SUSE bug 1237180SUSE bug 1241938SUSE bug 1243106CVE-2025-22247 at SUSECVE-2025-22247 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.5
This update for python-tornado fixes the following issues:
- CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service
(bsc#1243268).
ImportantSUSE bug 1243268CVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.5Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.5
This update for iputils fixes the following issues:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300)
ModerateSUSE bug 1242300CVE-2025-47268 at SUSECVE-2025-47268 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Important)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
ImportantSUSE bug 1234128SUSE bug 1243317CVE-2025-4802 at SUSECVE-2025-4802 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3-setuptools (Important)SUSE Linux Enterprise Micro 5.5
This update for python3-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
ImportantSUSE bug 1243313CVE-2025-47273 at SUSECVE-2025-47273 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
ModerateSUSE bug 1234282SUSE bug 1238043SUSE bug 1243117CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2025-1713 at SUSECVE-2025-1713 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332)
- CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423)
- CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263)
- CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226)
- CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252)
- CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238)
- CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214)
- CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162)
ImportantSUSE bug 1241162SUSE bug 1241214SUSE bug 1241226SUSE bug 1241238SUSE bug 1241252SUSE bug 1241263SUSE bug 1243332SUSE bug 1243423CVE-2025-32906 at SUSECVE-2025-32906 at NVDCVE-2025-32909 at SUSECVE-2025-32909 at NVDCVE-2025-32910 at SUSECVE-2025-32910 at NVDCVE-2025-32911 at SUSECVE-2025-32911 at NVDCVE-2025-32912 at SUSECVE-2025-32912 at NVDCVE-2025-32913 at SUSECVE-2025-32913 at NVDCVE-2025-4948 at SUSECVE-2025-4948 at NVDCVE-2025-4969 at SUSECVE-2025-4969 at NVDcpe:/o:suse:sle-micro:5.5Security update for sysstat (Moderate)SUSE Linux Enterprise Micro 5.5
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
ModerateSUSE bug 1202473SUSE bug 1205224SUSE bug 1211507CVE-2022-39377 at SUSECVE-2022-39377 at NVDCVE-2023-33204 at SUSECVE-2023-33204 at NVDcpe:/o:suse:sle-micro:5.5Security update for dhcp (Moderate)SUSE Linux Enterprise Micro 5.5
This update for dhcp fixes the following issues:
- Fixed dhcp not starting in case group nogroup is missing (bsc#1192020)
ModerateSUSE bug 1192020cpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- Remove debug flavor (bsc#1243919).
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395).
- net: mana: Add gdma stats to ethtool output for mana (bsc#1234395).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- tcp: Dump bound-only sockets in inet_diag (bsc#1204562).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204562SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206843SUSE bug 1206886SUSE bug 1206887SUSE bug 1207361SUSE bug 1208105SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1209780SUSE bug 1209980SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213233SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1222629SUSE bug 1223096SUSE bug 1225903SUSE bug 1232649SUSE bug 1234395SUSE bug 1234887SUSE bug 1235100SUSE bug 1235870SUSE bug 1240802SUSE bug 1241525SUSE bug 1242146SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242160SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242217SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242224SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242240SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242249SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242278SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242285SUSE bug 1242286SUSE bug 1242289SUSE bug 1242294SUSE bug 1242295SUSE bug 1242298SUSE bug 1242302SUSE bug 1242305SUSE bug 1242311SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242349SUSE bug 1242351SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242359SUSE bug 1242360SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242381SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242393SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242400SUSE bug 1242402SUSE bug 1242403SUSE bug 1242405SUSE bug 1242406SUSE bug 1242409SUSE bug 1242410SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242425SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242448SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242465SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242474SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242740SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242748SUSE bug 1242749SUSE bug 1242751SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49762 at SUSECVE-2022-49762 at NVDCVE-2022-49763 at SUSECVE-2022-49763 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49773 at SUSECVE-2022-49773 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49781 at SUSECVE-2022-49781 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49784 at SUSECVE-2022-49784 at NVDCVE-2022-49786 at SUSECVE-2022-49786 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49795 at SUSECVE-2022-49795 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49837 at SUSECVE-2022-49837 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49886 at SUSECVE-2022-49886 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49901 at SUSECVE-2022-49901 at NVDCVE-2022-49902 at SUSECVE-2022-49902 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49917 at SUSECVE-2022-49917 at NVDCVE-2022-49918 at SUSECVE-2022-49918 at NVDCVE-2022-49921 at SUSECVE-2022-49921 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49929 at SUSECVE-2022-49929 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53036 at SUSECVE-2023-53036 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53042 at SUSECVE-2023-53042 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53057 at SUSECVE-2023-53057 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53070 at SUSECVE-2023-53070 at NVDCVE-2023-53071 at SUSECVE-2023-53071 at NVDCVE-2023-53073 at SUSECVE-2023-53073 at NVDCVE-2023-53074 at SUSECVE-2023-53074 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53082 at SUSECVE-2023-53082 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53095 at SUSECVE-2023-53095 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53102 at SUSECVE-2023-53102 at NVDCVE-2023-53105 at SUSECVE-2023-53105 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53109 at SUSECVE-2023-53109 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53112 at SUSECVE-2023-53112 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53128 at SUSECVE-2023-53128 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
ModerateSUSE bug 1244039CVE-2024-47081 at SUSECVE-2024-47081 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam_u2f (Important)SUSE Linux Enterprise Micro 5.5
This update for pam_u2f fixes the following issues:
- CVE-2025-23013: Fixed problematic PAM_IGNORE return values in `pam_sm_authenticate()` (bsc#1233517)
ImportantSUSE bug 1233517SUSE bug 1235961CVE-2025-23013 at SUSECVE-2025-23013 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
ImportantSUSE bug 1170891SUSE bug 1173139SUSE bug 1185010SUSE bug 1190358SUSE bug 1190428SUSE bug 1203332SUSE bug 1205521SUSE bug 1209288SUSE bug 1209798SUSE bug 1211593SUSE bug 1211595SUSE bug 1214635SUSE bug 1215304SUSE bug 1215523SUSE bug 1216813SUSE bug 1216909SUSE bug 1219608SUSE bug 1222878SUSE bug 1223044SUSE bug 1225758SUSE bug 1225820SUSE bug 1226694SUSE bug 1228190SUSE bug 1229809SUSE bug 1230422SUSE bug 1230697SUSE bug 1231388SUSE bug 1231453SUSE bug 1231854SUSE bug 1232045SUSE bug 1232157SUSE bug 1232166SUSE bug 1232419SUSE bug 1232436SUSE bug 1232472SUSE bug 1232823SUSE bug 1233038SUSE bug 1233050SUSE bug 1233070SUSE bug 1233096SUSE bug 1233127SUSE bug 1233200SUSE bug 1233239SUSE bug 1233324SUSE bug 1233467SUSE bug 1233468SUSE bug 1233469SUSE bug 1233485SUSE bug 1233547SUSE bug 1233550SUSE bug 1233558SUSE bug 1233564SUSE bug 1233568SUSE bug 1233637SUSE bug 1233642SUSE bug 1233701SUSE bug 1233769SUSE bug 1233837SUSE bug 1234072SUSE bug 1234073SUSE bug 1234075SUSE bug 1234076SUSE bug 1234077SUSE bug 1234087SUSE bug 1234120SUSE bug 1234156SUSE bug 1234219SUSE bug 1234220SUSE bug 1234240SUSE bug 1234241SUSE bug 1234281SUSE bug 1234282SUSE bug 1234294SUSE bug 1234338SUSE bug 1234357SUSE bug 1234437SUSE bug 1234464SUSE bug 1234605SUSE bug 1234639SUSE bug 1234650SUSE bug 1234727SUSE bug 1234811SUSE bug 1234827SUSE bug 1234834SUSE bug 1234843SUSE bug 1234846SUSE bug 1234853SUSE bug 1234856SUSE bug 1234891SUSE bug 1234912SUSE bug 1234920SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1234971SUSE bug 1234973SUSE bug 1235004SUSE bug 1235035SUSE bug 1235037SUSE bug 1235039SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-48742 at SUSECVE-2022-48742 at NVDCVE-2022-49033 at SUSECVE-2022-49033 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDCVE-2023-52920 at SUSECVE-2023-52920 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDCVE-2024-26886 at SUSECVE-2024-26886 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-44934 at SUSECVE-2024-44934 at NVDCVE-2024-47666 at SUSECVE-2024-47666 at NVDCVE-2024-47678 at SUSECVE-2024-47678 at NVDCVE-2024-49944 at SUSECVE-2024-49944 at NVDCVE-2024-49952 at SUSECVE-2024-49952 at NVDCVE-2024-50018 at SUSECVE-2024-50018 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50166 at SUSECVE-2024-50166 at NVDCVE-2024-50181 at SUSECVE-2024-50181 at NVDCVE-2024-50202 at SUSECVE-2024-50202 at NVDCVE-2024-50211 at SUSECVE-2024-50211 at NVDCVE-2024-50256 at SUSECVE-2024-50256 at NVDCVE-2024-50262 at SUSECVE-2024-50262 at NVDCVE-2024-50278 at SUSECVE-2024-50278 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50280 at SUSECVE-2024-50280 at NVDCVE-2024-50296 at SUSECVE-2024-50296 at NVDCVE-2024-53051 at SUSECVE-2024-53051 at NVDCVE-2024-53055 at SUSECVE-2024-53055 at NVDCVE-2024-53056 at SUSECVE-2024-53056 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-53072 at SUSECVE-2024-53072 at NVDCVE-2024-53090 at SUSECVE-2024-53090 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53101 at SUSECVE-2024-53101 at NVDCVE-2024-53113 at SUSECVE-2024-53113 at NVDCVE-2024-53114 at SUSECVE-2024-53114 at NVDCVE-2024-53119 at SUSECVE-2024-53119 at NVDCVE-2024-53120 at SUSECVE-2024-53120 at NVDCVE-2024-53122 at SUSECVE-2024-53122 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53130 at SUSECVE-2024-53130 at NVDCVE-2024-53131 at SUSECVE-2024-53131 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53150 at SUSECVE-2024-53150 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53157 at SUSECVE-2024-53157 at NVDCVE-2024-53158 at SUSECVE-2024-53158 at NVDCVE-2024-53161 at SUSECVE-2024-53161 at NVDCVE-2024-53162 at SUSECVE-2024-53162 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53210 at SUSECVE-2024-53210 at NVDCVE-2024-53213 at SUSECVE-2024-53213 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56549 at SUSECVE-2024-56549 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56571 at SUSECVE-2024-56571 at NVDCVE-2024-56575 at SUSECVE-2024-56575 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-56755 at SUSECVE-2024-56755 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam (Important)SUSE Linux Enterprise Micro 5.5
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
ImportantSUSE bug 1243226SUSE bug 1244509CVE-2025-6018 at SUSECVE-2025-6018 at NVDCVE-2025-6020 at SUSECVE-2025-6020 at NVDcpe:/o:suse:sle-micro:5.5Security update for screen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for screen fixes the following issues:
Security issues fixed:
- CVE-2025-46802: temporary `chmod` of a user's TTY to mode 0666 when attempting to attach to a multi-user session
allows for TTY hijacking (bsc#1242269).
Other issues fixed:
- Use TTY file descriptor passing after a suspend (`MSG_CONT`).
- Fix resume after suspend in multi-user mode.
ModerateSUSE bug 1242269CVE-2025-46802 at SUSECVE-2025-46802 at NVDcpe:/o:suse:sle-micro:5.5Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
ModerateSUSE bug 1244079CVE-2025-40909 at SUSECVE-2025-40909 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam_pkcs11 (Important)SUSE Linux Enterprise Micro 5.5
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.5Security update for libblockdev (Important)SUSE Linux Enterprise Micro 5.5
This update for libblockdev fixes the following issues:
- CVE-2025-6019: Suppress privilege escalation during xfs fs resize (bsc#1243285).
ImportantSUSE bug 1243285CVE-2025-6019 at SUSECVE-2025-6019 at NVDcpe:/o:suse:sle-micro:5.5Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.5
This update for nvidia-open-driver-G06-signed fixes the following issues:
- Update to 550.144.03 (bsc#1235461, bsc#1235871)
* fixes CVE-2024-0131, CVE-2024-0147, CVE-2024-0149,
CVE-2024-0150, CVE-2024-53869
ImportantSUSE bug 1235461SUSE bug 1235871CVE-2024-0131 at SUSECVE-2024-0131 at NVDCVE-2024-0147 at SUSECVE-2024-0147 at NVDCVE-2024-0149 at SUSECVE-2024-0149 at NVDCVE-2024-0150 at SUSECVE-2024-0150 at NVDCVE-2024-53869 at SUSECVE-2024-53869 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam-config (Important)SUSE Linux Enterprise Micro 5.5
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:sle-micro:5.5Recommended update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- Added patch to remove using rw as a default mount option (bsc#1239776)
ModerateSUSE bug 1239776CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.5Security update for ignition (Important)SUSE Linux Enterprise Micro 5.5
This update for ignition fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192).
ImportantSUSE bug 1239192CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:sle-micro:5.5Security update for clamav (Important)SUSE Linux Enterprise Micro 5.5
This update for clamav fixes the following issues:
ClamAV version 1.4.3:
- CVE-2025-20260: PDF Scanning Buffer Overflow Vulnerability (bsc#1245054).
- CVE-2025-20234: Vulnerability in Universal Disk Format (UDF) processing (bsc#1245055).
Other bugfixes:
- Fix a race condition between the mockup servers started by different test cases in freshclam_test.py (bsc#1243565)
ImportantSUSE bug 1243565SUSE bug 1245054SUSE bug 1245055CVE-2025-20234 at SUSECVE-2025-20234 at NVDCVE-2025-20260 at SUSECVE-2025-20260 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm fixes the following issues:
Update to version 3.18.3:
* build(deps): bump golang.org/x/crypto from 0.38.0 to 0.39.0
6838ebc (dependabot[bot])
* fix: user username password for login 5b9e2f6 (Terry Howe)
* Update pkg/registry/transport.go 2782412 (Terry Howe)
* Update pkg/registry/transport.go e66cf6a (Terry Howe)
* fix: add debug logging to oci transport 191f05c (Terry Howe)
Update to version 3.18.2:
* fix: legacy docker support broken for login 04cad46 (Terry
Howe)
* Handle an empty registry config file. bc9f8a2 (Matt Farina)
Update to version 3.18.1:
* Notes:
- This release fixes regressions around template generation and
OCI registry interaction in 3.18.0
- There are at least 2 known regressions unaddressed in this
release. They are being worked on.
- Empty registry configuration files. When the file exists
but it is empty.
- Login to Docker Hub on some domains fails.
* Changelog
- fix(client): skipnode utilization for PreCopy
- fix(client): layers now returns manifest - remove duplicate
from descriptors
- fix(client): return nil on non-allowed media types
- Prevent fetching newReference again as we have in calling
method
- Prevent failure when resolving version tags in oras memory
store
- Update pkg/plugin/plugin.go
- Update pkg/plugin/plugin.go
- Wait for Helm v4 before raising when platformCommand and
Command are set
- Fix 3.18.0 regression: registry login with scheme
- Revert 'fix (helm) : toToml` renders int as float [ backport
to v3 ]'
Update to version 3.18.0 (bsc#1241802, CVE-2025-22872):
* Notable Changes
- Add support for JSON Schema 2020
- Enabled cpu and memory profiling
- Add hook annotation to output hook logs to client on error
* Changelog
- build(deps): bump the k8s-io group with 7 updates
- fix: govulncheck workflow
- bump version to v3.18.0
- fix:add proxy support when mTLS configured
- docs: Note about http fallback for OCI registries
- Bump net package to avoid CVE on dev-v3
- Bump toml
- backport #30677to dev3
- build(deps): bump github.com/rubenv/sql-migrate from 1.7.2 to
1.8.0
- Add install test for TakeOwnership flag
- Fix --take-ownership
- build(deps): bump github.com/rubenv/sql-migrate from 1.7.1 to
1.7.2
- build(deps): bump golang.org/x/crypto from 0.36.0 to 0.37.0
- build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0
- Testing text bump
- Permit more Go version and not only 1.23.8
- Bumps github.com/distribution/distribution/v3 from 3.0.0-rc.3
to 3.0.0
- Unarchiving fix
- Fix typo
- Report as debug log, the time spent waiting for resources
- build(deps): bump github.com/containerd/containerd from
1.7.26 to 1.7.27
- Update pkg/registry/fallback.go
- automatic fallback to http
- chore(oci): upgrade to ORAS v2
- Updating to 0.37.0 for x/net
- build(deps): bump the k8s-io group with 7 updates
- build(deps): bump golang.org/x/crypto from 0.35.0 to 0.36.0
- build(deps): bump github.com/opencontainers/image-spec
- build(deps): bump github.com/containerd/containerd from
1.7.25 to 1.7.26
- build(deps): bump golang.org/x/crypto from 0.33.0 to 0.35.0
- Fix cherry-pick helm.sh/helm/v4 -> helm.sh/helm/v3
- Add HookOutputFunc and generic yaml unmarshaller
- clarify fix error message
- fix err check
- add short circuit return
- Add hook annotations to output pod logs to client on success
and fail
- chore: use []error instead of []string
- Update cmd/helm/profiling.go
- chore: update profiling doc in CONTRIBUTING.md
- Update CONTRIBUTING guide
- Prefer environment variables to CLI flags
- Move pprof paths to HELM_PPROF env variable
- feat: Add flags to enable CPU and memory profiling
- build(deps): bump github.com/distribution/distribution/v3
- build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1
- Moving to SetOut and SetErr for Cobra
- build(deps): bump the k8s-io group with 7 updates
- build(deps): bump golang.org/x/crypto from 0.32.0 to 0.33.0
- build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0
- build(deps): bump golang.org/x/text from 0.21.0 to 0.22.0
- build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
- build(deps): bump github.com/cyphar/filepath-securejoin
- build(deps): bump github.com/evanphx/json-patch
- build(deps): bump the k8s-io group with 7 updates
- fix: check group for resource info match
- Bump github.com/cyphar/filepath-securejoin from 0.3.6 to
0.4.0
- add test for nullifying nested global value
- Ensuring the file paths are clean prior to passing to
securejoin
- Bump github.com/containerd/containerd from 1.7.24 to 1.7.25
- Bump golang.org/x/crypto from 0.31.0 to 0.32.0
- Bump golang.org/x/term from 0.27.0 to 0.28.0
- bump version to v3.17.0
- Bump github.com/moby/term from 0.5.0 to 0.5.2
- Add test case for removing an entire object
- Tests for bugfix: Override subcharts with null values #12879
- feat: Added multi-platform plugin hook support to v3
- This commit fixes the issue where the yaml.Unmarshaller
converts all int values into float64, this passes in option
to decoder, which enables conversion of int into .
- merge null child chart objects
ImportantSUSE bug 1241802CVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:sle-micro:5.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate)SUSE Linux Enterprise Micro 5.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Drop packages: iptables, lsscsi and socat
- rebuild against current GO
Moderatecpe:/o:suse:sle-micro:5.5Security update for google-osconfig-agent (Important)SUSE Linux Enterprise Micro 5.5
This update for google-osconfig-agent fixes the following issues:
- Update to version 20250416.02 (bsc#1244304, bsc#1244503)
* defaultSleeper: tolerate 10% difference to reduce test flakiness
* Add output of some packagemanagers to the testdata
- from version 20250416.01
* Refactor OS Info package
- from version 20250416.00
* Report RPM inventory as YUM instead of empty SoftwarePackage
when neither Zypper nor YUM are installed.
- from version 20250414.00
* Update hash computation algorithm
- Update to version 20250320.00
* Bump github.com/envoyproxy/protoc-gen-validate from 1.1.0 to 1.2.1
- from version 20250318.00
* Bump go.opentelemetry.io/otel/sdk/metric from 1.32.0 to 1.35.0
- from version 20250317.02
* Bump cel.dev/expr from 0.18.0 to 0.22.0
* Bump github.com/golang/glog from 1.2.3 to 1.2.4 in the go_modules group
- from version 20250317.01
* Bump cloud.google.com/go/logging from 1.12.0 to 1.13.0
- from version 20250317.00
* Add tests for retryutil package.
- from version 20250306.00
* Update OWNERS
- from version 20250206.01
* Use separate counters for pre- and post-patch reboots.
- from version 20250206.00
* Update owners
- from version 20250203.00
* Fix the vet errors for contants in logging
- from version 20250122.00
* change available package check
- from version 20250121.00
* Fix Inventory reporting e2e tests.
- from version 20250120.00
* fix e2e tests
- Add -buildmode=pie to go build command line (bsc#1239948)
- merged upstream
- Renumber patches
ImportantSUSE bug 1239948SUSE bug 1244304SUSE bug 1244503CVE-2024-45339 at SUSECVE-2024-45339 at NVDcpe:/o:suse:sle-micro:5.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- Install nbdkit-server to avoid pulling unneeded dependencies
- rebuild against current GO
Moderatecpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22056: netfilter: nft_tunnel: fix geneve_opt type confusion addition (bsc#1241525).
- CVE-2025-23145: mptcp: fix NULL pointer in can_accept_new_subflow (bsc#1242596).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
The following non-security bugs were fixed:
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- Move upstreamed sched/membarrier patch into sorted section
- Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.4 anymore.
- Remove debug flavor (bsc#1243919). This is only released in Leap, and we do not have Leap 15.5 anymore.
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value (bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated by firmware (bsc#1242778).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- net :mana :Add remaining GDMA stats for MANA to ethtool (bsc#1234395).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (bsc#1234395).
- net: mana: Add gdma stats to ethtool output for mana (bsc#1234395).
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable (bsc#1223096).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW (bsc#1218470 ltc#204531).
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- tcp: Dump bound-only sockets in inet_diag (bsc#1204562).
- tpm, tpm_tis: Workaround failed command reception on Infineon devices (bsc#1235870).
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit (bsc#1242778).
ImportantSUSE bug 1184350SUSE bug 1193629SUSE bug 1204562SUSE bug 1204569SUSE bug 1204619SUSE bug 1204705SUSE bug 1205282SUSE bug 1206051SUSE bug 1206073SUSE bug 1206649SUSE bug 1206843SUSE bug 1206886SUSE bug 1206887SUSE bug 1207361SUSE bug 1208105SUSE bug 1208542SUSE bug 1209292SUSE bug 1209556SUSE bug 1209684SUSE bug 1209780SUSE bug 1209980SUSE bug 1210337SUSE bug 1210763SUSE bug 1210767SUSE bug 1211465SUSE bug 1213012SUSE bug 1213013SUSE bug 1213094SUSE bug 1213096SUSE bug 1213233SUSE bug 1213946SUSE bug 1214991SUSE bug 1218470SUSE bug 1222629SUSE bug 1223096SUSE bug 1225903SUSE bug 1228659SUSE bug 1231293SUSE bug 1232649SUSE bug 1234395SUSE bug 1234454SUSE bug 1234887SUSE bug 1235100SUSE bug 1235870SUSE bug 1238303SUSE bug 1238570SUSE bug 1239986SUSE bug 1240785SUSE bug 1240802SUSE bug 1241038SUSE bug 1241525SUSE bug 1241640SUSE bug 1242006SUSE bug 1242146SUSE bug 1242147SUSE bug 1242150SUSE bug 1242151SUSE bug 1242154SUSE bug 1242157SUSE bug 1242158SUSE bug 1242160SUSE bug 1242164SUSE bug 1242165SUSE bug 1242169SUSE bug 1242215SUSE bug 1242217SUSE bug 1242218SUSE bug 1242219SUSE bug 1242222SUSE bug 1242224SUSE bug 1242226SUSE bug 1242227SUSE bug 1242228SUSE bug 1242229SUSE bug 1242230SUSE bug 1242231SUSE bug 1242232SUSE bug 1242237SUSE bug 1242239SUSE bug 1242240SUSE bug 1242241SUSE bug 1242244SUSE bug 1242245SUSE bug 1242248SUSE bug 1242249SUSE bug 1242261SUSE bug 1242264SUSE bug 1242265SUSE bug 1242270SUSE bug 1242276SUSE bug 1242278SUSE bug 1242279SUSE bug 1242280SUSE bug 1242281SUSE bug 1242282SUSE bug 1242285SUSE bug 1242286SUSE bug 1242289SUSE bug 1242294SUSE bug 1242295SUSE bug 1242298SUSE bug 1242302SUSE bug 1242305SUSE bug 1242311SUSE bug 1242312SUSE bug 1242320SUSE bug 1242338SUSE bug 1242349SUSE bug 1242351SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242357SUSE bug 1242358SUSE bug 1242359SUSE bug 1242360SUSE bug 1242361SUSE bug 1242365SUSE bug 1242366SUSE bug 1242369SUSE bug 1242370SUSE bug 1242371SUSE bug 1242372SUSE bug 1242377SUSE bug 1242378SUSE bug 1242380SUSE bug 1242381SUSE bug 1242382SUSE bug 1242385SUSE bug 1242387SUSE bug 1242389SUSE bug 1242391SUSE bug 1242392SUSE bug 1242393SUSE bug 1242394SUSE bug 1242398SUSE bug 1242399SUSE bug 1242400SUSE bug 1242402SUSE bug 1242403SUSE bug 1242405SUSE bug 1242406SUSE bug 1242409SUSE bug 1242410SUSE bug 1242411SUSE bug 1242415SUSE bug 1242416SUSE bug 1242421SUSE bug 1242422SUSE bug 1242425SUSE bug 1242426SUSE bug 1242428SUSE bug 1242440SUSE bug 1242443SUSE bug 1242448SUSE bug 1242449SUSE bug 1242452SUSE bug 1242453SUSE bug 1242454SUSE bug 1242455SUSE bug 1242456SUSE bug 1242458SUSE bug 1242464SUSE bug 1242465SUSE bug 1242467SUSE bug 1242469SUSE bug 1242473SUSE bug 1242474SUSE bug 1242478SUSE bug 1242481SUSE bug 1242484SUSE bug 1242489SUSE bug 1242497SUSE bug 1242527SUSE bug 1242542SUSE bug 1242544SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242550SUSE bug 1242551SUSE bug 1242558SUSE bug 1242570SUSE bug 1242580SUSE bug 1242586SUSE bug 1242589SUSE bug 1242596SUSE bug 1242597SUSE bug 1242685SUSE bug 1242686SUSE bug 1242688SUSE bug 1242689SUSE bug 1242695SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242735SUSE bug 1242736SUSE bug 1242739SUSE bug 1242740SUSE bug 1242743SUSE bug 1242744SUSE bug 1242745SUSE bug 1242746SUSE bug 1242747SUSE bug 1242748SUSE bug 1242749SUSE bug 1242751SUSE bug 1242752SUSE bug 1242753SUSE bug 1242756SUSE bug 1242759SUSE bug 1242762SUSE bug 1242765SUSE bug 1242767SUSE bug 1242778SUSE bug 1242779SUSE bug 1242790SUSE bug 1242791SUSE bug 1243047SUSE bug 1243133SUSE bug 1243737SUSE bug 1243919CVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3619 at SUSECVE-2022-3619 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-49762 at SUSECVE-2022-49762 at NVDCVE-2022-49763 at SUSECVE-2022-49763 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49773 at SUSECVE-2022-49773 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49776 at SUSECVE-2022-49776 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49779 at SUSECVE-2022-49779 at NVDCVE-2022-49781 at SUSECVE-2022-49781 at NVDCVE-2022-49783 at SUSECVE-2022-49783 at NVDCVE-2022-49784 at SUSECVE-2022-49784 at NVDCVE-2022-49786 at SUSECVE-2022-49786 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49792 at SUSECVE-2022-49792 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49795 at SUSECVE-2022-49795 at NVDCVE-2022-49796 at SUSECVE-2022-49796 at NVDCVE-2022-49797 at SUSECVE-2022-49797 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49800 at SUSECVE-2022-49800 at NVDCVE-2022-49801 at SUSECVE-2022-49801 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49807 at SUSECVE-2022-49807 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49810 at SUSECVE-2022-49810 at NVDCVE-2022-49812 at SUSECVE-2022-49812 at NVDCVE-2022-49813 at SUSECVE-2022-49813 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49822 at SUSECVE-2022-49822 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49834 at SUSECVE-2022-49834 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49837 at SUSECVE-2022-49837 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49845 at SUSECVE-2022-49845 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49850 at SUSECVE-2022-49850 at NVDCVE-2022-49853 at SUSECVE-2022-49853 at NVDCVE-2022-49858 at SUSECVE-2022-49858 at NVDCVE-2022-49860 at SUSECVE-2022-49860 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49863 at SUSECVE-2022-49863 at NVDCVE-2022-49864 at SUSECVE-2022-49864 at NVDCVE-2022-49865 at SUSECVE-2022-49865 at NVDCVE-2022-49868 at SUSECVE-2022-49868 at NVDCVE-2022-49869 at SUSECVE-2022-49869 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49871 at SUSECVE-2022-49871 at NVDCVE-2022-49874 at SUSECVE-2022-49874 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49885 at SUSECVE-2022-49885 at NVDCVE-2022-49886 at SUSECVE-2022-49886 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49888 at SUSECVE-2022-49888 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49890 at SUSECVE-2022-49890 at NVDCVE-2022-49891 at SUSECVE-2022-49891 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49900 at SUSECVE-2022-49900 at NVDCVE-2022-49901 at SUSECVE-2022-49901 at NVDCVE-2022-49902 at SUSECVE-2022-49902 at NVDCVE-2022-49905 at SUSECVE-2022-49905 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49908 at SUSECVE-2022-49908 at NVDCVE-2022-49909 at SUSECVE-2022-49909 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49916 at SUSECVE-2022-49916 at NVDCVE-2022-49917 at SUSECVE-2022-49917 at NVDCVE-2022-49918 at SUSECVE-2022-49918 at NVDCVE-2022-49921 at SUSECVE-2022-49921 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49923 at SUSECVE-2022-49923 at NVDCVE-2022-49924 at SUSECVE-2022-49924 at NVDCVE-2022-49925 at SUSECVE-2022-49925 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2022-49928 at SUSECVE-2022-49928 at NVDCVE-2022-49929 at SUSECVE-2022-49929 at NVDCVE-2022-49931 at SUSECVE-2022-49931 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-53035 at SUSECVE-2023-53035 at NVDCVE-2023-53036 at SUSECVE-2023-53036 at NVDCVE-2023-53038 at SUSECVE-2023-53038 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53040 at SUSECVE-2023-53040 at NVDCVE-2023-53041 at SUSECVE-2023-53041 at NVDCVE-2023-53042 at SUSECVE-2023-53042 at NVDCVE-2023-53044 at SUSECVE-2023-53044 at NVDCVE-2023-53045 at SUSECVE-2023-53045 at NVDCVE-2023-53049 at SUSECVE-2023-53049 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53054 at SUSECVE-2023-53054 at NVDCVE-2023-53056 at SUSECVE-2023-53056 at NVDCVE-2023-53057 at SUSECVE-2023-53057 at NVDCVE-2023-53058 at SUSECVE-2023-53058 at NVDCVE-2023-53059 at SUSECVE-2023-53059 at NVDCVE-2023-53060 at SUSECVE-2023-53060 at NVDCVE-2023-53062 at SUSECVE-2023-53062 at NVDCVE-2023-53064 at SUSECVE-2023-53064 at NVDCVE-2023-53065 at SUSECVE-2023-53065 at NVDCVE-2023-53066 at SUSECVE-2023-53066 at NVDCVE-2023-53068 at SUSECVE-2023-53068 at NVDCVE-2023-53070 at SUSECVE-2023-53070 at NVDCVE-2023-53071 at SUSECVE-2023-53071 at NVDCVE-2023-53073 at SUSECVE-2023-53073 at NVDCVE-2023-53074 at SUSECVE-2023-53074 at NVDCVE-2023-53075 at SUSECVE-2023-53075 at NVDCVE-2023-53077 at SUSECVE-2023-53077 at NVDCVE-2023-53078 at SUSECVE-2023-53078 at NVDCVE-2023-53079 at SUSECVE-2023-53079 at NVDCVE-2023-53081 at SUSECVE-2023-53081 at NVDCVE-2023-53082 at SUSECVE-2023-53082 at NVDCVE-2023-53084 at SUSECVE-2023-53084 at NVDCVE-2023-53087 at SUSECVE-2023-53087 at NVDCVE-2023-53089 at SUSECVE-2023-53089 at NVDCVE-2023-53090 at SUSECVE-2023-53090 at NVDCVE-2023-53091 at SUSECVE-2023-53091 at NVDCVE-2023-53092 at SUSECVE-2023-53092 at NVDCVE-2023-53093 at SUSECVE-2023-53093 at NVDCVE-2023-53095 at SUSECVE-2023-53095 at NVDCVE-2023-53096 at SUSECVE-2023-53096 at NVDCVE-2023-53098 at SUSECVE-2023-53098 at NVDCVE-2023-53099 at SUSECVE-2023-53099 at NVDCVE-2023-53100 at SUSECVE-2023-53100 at NVDCVE-2023-53101 at SUSECVE-2023-53101 at NVDCVE-2023-53102 at SUSECVE-2023-53102 at NVDCVE-2023-53105 at SUSECVE-2023-53105 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-53108 at SUSECVE-2023-53108 at NVDCVE-2023-53109 at SUSECVE-2023-53109 at NVDCVE-2023-53111 at SUSECVE-2023-53111 at NVDCVE-2023-53112 at SUSECVE-2023-53112 at NVDCVE-2023-53114 at SUSECVE-2023-53114 at NVDCVE-2023-53116 at SUSECVE-2023-53116 at NVDCVE-2023-53118 at SUSECVE-2023-53118 at NVDCVE-2023-53119 at SUSECVE-2023-53119 at NVDCVE-2023-53123 at SUSECVE-2023-53123 at NVDCVE-2023-53124 at SUSECVE-2023-53124 at NVDCVE-2023-53125 at SUSECVE-2023-53125 at NVDCVE-2023-53128 at SUSECVE-2023-53128 at NVDCVE-2023-53131 at SUSECVE-2023-53131 at NVDCVE-2023-53134 at SUSECVE-2023-53134 at NVDCVE-2023-53137 at SUSECVE-2023-53137 at NVDCVE-2023-53139 at SUSECVE-2023-53139 at NVDCVE-2023-53140 at SUSECVE-2023-53140 at NVDCVE-2023-53142 at SUSECVE-2023-53142 at NVDCVE-2023-53143 at SUSECVE-2023-53143 at NVDCVE-2023-53145 at SUSECVE-2023-53145 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22056 at SUSECVE-2025-22056 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDcpe:/o:suse:sle-micro:5.5Security update for sudo (Important)SUSE Linux Enterprise Micro 5.5
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
ImportantSUSE bug 1245274CVE-2025-32462 at SUSECVE-2025-32462 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Low)SUSE Linux Enterprise Micro 5.5
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:sle-micro:5.5Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
ModerateSUSE bug 1228776SUSE bug 1239602CVE-2024-41965 at SUSECVE-2024-41965 at NVDCVE-2025-29768 at SUSECVE-2025-29768 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- ovl: fix use inode directly in rcu-walk mode (bsc#1241900).
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1205701SUSE bug 1206451SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1230827SUSE bug 1232504SUSE bug 1234156SUSE bug 1234381SUSE bug 1235464SUSE bug 1235637SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238526SUSE bug 1238876SUSE bug 1241900SUSE bug 1242221SUSE bug 1242414SUSE bug 1242504SUSE bug 1242596SUSE bug 1242778SUSE bug 1242782SUSE bug 1242924SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243649SUSE bug 1243660SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244180SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244772SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244791SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244805SUSE bug 1244806SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244826SUSE bug 1244827SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244858SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244888SUSE bug 1244890SUSE bug 1244892SUSE bug 1244893SUSE bug 1244895SUSE bug 1244898SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244904SUSE bug 1244905SUSE bug 1244908SUSE bug 1244911SUSE bug 1244912SUSE bug 1244914SUSE bug 1244915SUSE bug 1244928SUSE bug 1244936SUSE bug 1244940SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244953SUSE bug 1244955SUSE bug 1244956SUSE bug 1244957SUSE bug 1244958SUSE bug 1244959SUSE bug 1244960SUSE bug 1244961SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244973SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244987SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245015SUSE bug 1245018SUSE bug 1245019SUSE bug 1245023SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245040SUSE bug 1245041SUSE bug 1245047SUSE bug 1245048SUSE bug 1245051SUSE bug 1245052SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245063SUSE bug 1245064SUSE bug 1245069SUSE bug 1245070SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245094SUSE bug 1245098SUSE bug 1245103SUSE bug 1245116SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245155SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245340SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49935 at SUSECVE-2022-49935 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49944 at SUSECVE-2022-49944 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49949 at SUSECVE-2022-49949 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49951 at SUSECVE-2022-49951 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49962 at SUSECVE-2022-49962 at NVDCVE-2022-49963 at SUSECVE-2022-49963 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49965 at SUSECVE-2022-49965 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49971 at SUSECVE-2022-49971 at NVDCVE-2022-49972 at SUSECVE-2022-49972 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50002 at SUSECVE-2022-50002 at NVDCVE-2022-50003 at SUSECVE-2022-50003 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50015 at SUSECVE-2022-50015 at NVDCVE-2022-50016 at SUSECVE-2022-50016 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50035 at SUSECVE-2022-50035 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50037 at SUSECVE-2022-50037 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50041 at SUSECVE-2022-50041 at NVDCVE-2022-50044 at SUSECVE-2022-50044 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50049 at SUSECVE-2022-50049 at NVDCVE-2022-50050 at SUSECVE-2022-50050 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50052 at SUSECVE-2022-50052 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50054 at SUSECVE-2022-50054 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50086 at SUSECVE-2022-50086 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50115 at SUSECVE-2022-50115 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50117 at SUSECVE-2022-50117 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50133 at SUSECVE-2022-50133 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50135 at SUSECVE-2022-50135 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50144 at SUSECVE-2022-50144 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50166 at SUSECVE-2022-50166 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50183 at SUSECVE-2022-50183 at NVDCVE-2022-50184 at SUSECVE-2022-50184 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50186 at SUSECVE-2022-50186 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50188 at SUSECVE-2022-50188 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50221 at SUSECVE-2022-50221 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53046 at SUSECVE-2023-53046 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-53197 at SUSECVE-2024-53197 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38060 at SUSECVE-2025-38060 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.5Security update for libssh (Important)SUSE Linux Enterprise Micro 5.5
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
ImportantSUSE bug 1245309SUSE bug 1245310SUSE bug 1245311SUSE bug 1245314CVE-2025-4877 at SUSECVE-2025-4877 at NVDCVE-2025-4878 at SUSECVE-2025-4878 at NVDCVE-2025-5318 at SUSECVE-2025-5318 at NVDCVE-2025-5372 at SUSECVE-2025-5372 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.5
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
ModerateSUSE bug 1239765SUSE bug 1240150SUSE bug 1241830SUSE bug 1242114SUSE bug 1243833SUSE bug 1244035CVE-2025-0495 at SUSECVE-2025-0495 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- KVM: x86: fix sending PV IPI (git-fixes).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) (bsc#1233642).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
ImportantSUSE bug 1135481SUSE bug 1170891SUSE bug 1171420SUSE bug 1173139SUSE bug 1175543SUSE bug 1181006SUSE bug 1185010SUSE bug 1187211SUSE bug 1187619SUSE bug 1188412SUSE bug 1188616SUSE bug 1188700SUSE bug 1188983SUSE bug 1188985SUSE bug 1189760SUSE bug 1189762SUSE bug 1189870SUSE bug 1189872SUSE bug 1190117SUSE bug 1190131SUSE bug 1190181SUSE bug 1190358SUSE bug 1190412SUSE bug 1190428SUSE bug 1203332SUSE bug 1205521SUSE bug 1209288SUSE bug 1209798SUSE bug 1211593SUSE bug 1211595SUSE bug 1215304SUSE bug 1216813SUSE bug 1216909SUSE bug 1219608SUSE bug 1222878SUSE bug 1223044SUSE bug 1225758SUSE bug 1225820SUSE bug 1226694SUSE bug 1228190SUSE bug 1229809SUSE bug 1230422SUSE bug 1230697SUSE bug 1231388SUSE bug 1231453SUSE bug 1231854SUSE bug 1232045SUSE bug 1232157SUSE bug 1232166SUSE bug 1232419SUSE bug 1232436SUSE bug 1232472SUSE bug 1232823SUSE bug 1233038SUSE bug 1233050SUSE bug 1233070SUSE bug 1233096SUSE bug 1233127SUSE bug 1233200SUSE bug 1233239SUSE bug 1233324SUSE bug 1233467SUSE bug 1233468SUSE bug 1233469SUSE bug 1233485SUSE bug 1233547SUSE bug 1233550SUSE bug 1233558SUSE bug 1233564SUSE bug 1233568SUSE bug 1233637SUSE bug 1233701SUSE bug 1233769SUSE bug 1233837SUSE bug 1234072SUSE bug 1234073SUSE bug 1234075SUSE bug 1234076SUSE bug 1234077SUSE bug 1234087SUSE bug 1234120SUSE bug 1234156SUSE bug 1234219SUSE bug 1234220SUSE bug 1234240SUSE bug 1234241SUSE bug 1234281SUSE bug 1234282SUSE bug 1234294SUSE bug 1234338SUSE bug 1234357SUSE bug 1234437SUSE bug 1234464SUSE bug 1234605SUSE bug 1234639SUSE bug 1234650SUSE bug 1234727SUSE bug 1234811SUSE bug 1234827SUSE bug 1234834SUSE bug 1234843SUSE bug 1234846SUSE bug 1234853SUSE bug 1234856SUSE bug 1234891SUSE bug 1234912SUSE bug 1234920SUSE bug 1234921SUSE bug 1234960SUSE bug 1234963SUSE bug 1234971SUSE bug 1234973SUSE bug 1235004SUSE bug 1235035SUSE bug 1235037SUSE bug 1235039SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235220SUSE bug 1235224SUSE bug 1235246SUSE bug 1235507CVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-48742 at SUSECVE-2022-48742 at NVDCVE-2022-49033 at SUSECVE-2022-49033 at NVDCVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDCVE-2023-52920 at SUSECVE-2023-52920 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDCVE-2024-26886 at SUSECVE-2024-26886 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-44934 at SUSECVE-2024-44934 at NVDCVE-2024-47666 at SUSECVE-2024-47666 at NVDCVE-2024-47678 at SUSECVE-2024-47678 at NVDCVE-2024-49944 at SUSECVE-2024-49944 at NVDCVE-2024-49952 at SUSECVE-2024-49952 at NVDCVE-2024-50018 at SUSECVE-2024-50018 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50166 at SUSECVE-2024-50166 at NVDCVE-2024-50181 at SUSECVE-2024-50181 at NVDCVE-2024-50202 at SUSECVE-2024-50202 at NVDCVE-2024-50211 at SUSECVE-2024-50211 at NVDCVE-2024-50256 at SUSECVE-2024-50256 at NVDCVE-2024-50262 at SUSECVE-2024-50262 at NVDCVE-2024-50278 at SUSECVE-2024-50278 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50280 at SUSECVE-2024-50280 at NVDCVE-2024-50296 at SUSECVE-2024-50296 at NVDCVE-2024-53051 at SUSECVE-2024-53051 at NVDCVE-2024-53055 at SUSECVE-2024-53055 at NVDCVE-2024-53056 at SUSECVE-2024-53056 at NVDCVE-2024-53064 at SUSECVE-2024-53064 at NVDCVE-2024-53072 at SUSECVE-2024-53072 at NVDCVE-2024-53090 at SUSECVE-2024-53090 at NVDCVE-2024-53101 at SUSECVE-2024-53101 at NVDCVE-2024-53113 at SUSECVE-2024-53113 at NVDCVE-2024-53114 at SUSECVE-2024-53114 at NVDCVE-2024-53119 at SUSECVE-2024-53119 at NVDCVE-2024-53120 at SUSECVE-2024-53120 at NVDCVE-2024-53122 at SUSECVE-2024-53122 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53130 at SUSECVE-2024-53130 at NVDCVE-2024-53131 at SUSECVE-2024-53131 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53150 at SUSECVE-2024-53150 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53157 at SUSECVE-2024-53157 at NVDCVE-2024-53158 at SUSECVE-2024-53158 at NVDCVE-2024-53161 at SUSECVE-2024-53161 at NVDCVE-2024-53162 at SUSECVE-2024-53162 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53206 at SUSECVE-2024-53206 at NVDCVE-2024-53210 at SUSECVE-2024-53210 at NVDCVE-2024-53213 at SUSECVE-2024-53213 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56549 at SUSECVE-2024-56549 at NVDCVE-2024-56570 at SUSECVE-2024-56570 at NVDCVE-2024-56571 at SUSECVE-2024-56571 at NVDCVE-2024-56575 at SUSECVE-2024-56575 at NVDCVE-2024-56598 at SUSECVE-2024-56598 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56619 at SUSECVE-2024-56619 at NVDCVE-2024-56755 at SUSECVE-2024-56755 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.5Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.5
This update for protobuf fixes the following issues:
- CVE-2025-4565: Fix parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that can lead to crash due to RecursionError (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-49795: Fixed a null pointer dereference which could lead to denial of service. (bsc#1244555)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
ImportantSUSE bug 1244554SUSE bug 1244555SUSE bug 1244557SUSE bug 1244590SUSE bug 1244700CVE-2025-49794 at SUSECVE-2025-49794 at NVDCVE-2025-49795 at SUSECVE-2025-49795 at NVDCVE-2025-49796 at SUSECVE-2025-49796 at NVDCVE-2025-6021 at SUSECVE-2025-6021 at NVDCVE-2025-6170 at SUSECVE-2025-6170 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47557: net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1207361 bsc#1225468).
- CVE-2021-47595: net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1207361 bsc#1226552).
- CVE-2023-52924: netfilter: nf_tables: do not skip expired elements during walk (bsc#1236821).
- CVE-2023-52925: netfilter: nf_tables: do not fail inserts if duplicate has expired (bsc#1236822).
- CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-28956: x86/its: Add support for ITS-safe indirect thunk (bsc#1242006).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53197: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (bsc#1235464).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-21756: vsock: Orphan socket after transport release (bsc#1238876).
- CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37785: ext4: fix OOB read when checking dotdot dir (bsc#1241640).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38060: bpf: abort verification if env->cur_state->loop_entry != NULL (bsc#1245155).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- Fix reference in 'net_sched: sch_sfq: use a temporary work area for validating configuration' (bsc#1242504)
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- doc/README.SUSE: Point to the updated version of LKMPG
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Also update the search to match bin/env Fixes: dc2037cd8f94 ('kernel-source: Also replace bin/env'
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245431).
- mm/hugetlb: unshare page tables during VMA split, not before (bsc#1245431).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- ovl: fix use inode directly in rcu-walk mode (bsc#1241900).
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (bsc#1244309 ltc#213790).
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap() (bsc#1244309 ltc#213790).
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1193629SUSE bug 1194869SUSE bug 1198410SUSE bug 1199356SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202094SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202823SUSE bug 1202860SUSE bug 1203197SUSE bug 1203361SUSE bug 1205220SUSE bug 1205514SUSE bug 1205701SUSE bug 1206451SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1207361SUSE bug 1207638SUSE bug 1211226SUSE bug 1212051SUSE bug 1213090SUSE bug 1218184SUSE bug 1218234SUSE bug 1218470SUSE bug 1222634SUSE bug 1223675SUSE bug 1224095SUSE bug 1224597SUSE bug 1225468SUSE bug 1225820SUSE bug 1226514SUSE bug 1226552SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1234156SUSE bug 1234381SUSE bug 1234454SUSE bug 1235464SUSE bug 1235637SUSE bug 1236821SUSE bug 1236822SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238526SUSE bug 1238570SUSE bug 1238876SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1241640SUSE bug 1241900SUSE bug 1242006SUSE bug 1242221SUSE bug 1242414SUSE bug 1242504SUSE bug 1242596SUSE bug 1242778SUSE bug 1242782SUSE bug 1242924SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243649SUSE bug 1243660SUSE bug 1243832SUSE bug 1244114SUSE bug 1244179SUSE bug 1244180SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244309SUSE bug 1244337SUSE bug 1244732SUSE bug 1244764SUSE bug 1244765SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244772SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244780SUSE bug 1244781SUSE bug 1244782SUSE bug 1244783SUSE bug 1244784SUSE bug 1244786SUSE bug 1244787SUSE bug 1244788SUSE bug 1244790SUSE bug 1244791SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244798SUSE bug 1244800SUSE bug 1244802SUSE bug 1244804SUSE bug 1244805SUSE bug 1244806SUSE bug 1244807SUSE bug 1244808SUSE bug 1244811SUSE bug 1244813SUSE bug 1244814SUSE bug 1244815SUSE bug 1244816SUSE bug 1244819SUSE bug 1244820SUSE bug 1244823SUSE bug 1244824SUSE bug 1244825SUSE bug 1244826SUSE bug 1244827SUSE bug 1244830SUSE bug 1244831SUSE bug 1244832SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244840SUSE bug 1244841SUSE bug 1244842SUSE bug 1244843SUSE bug 1244845SUSE bug 1244846SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244854SUSE bug 1244856SUSE bug 1244858SUSE bug 1244860SUSE bug 1244861SUSE bug 1244866SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244870SUSE bug 1244871SUSE bug 1244872SUSE bug 1244873SUSE bug 1244875SUSE bug 1244876SUSE bug 1244878SUSE bug 1244879SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244886SUSE bug 1244887SUSE bug 1244888SUSE bug 1244890SUSE bug 1244892SUSE bug 1244893SUSE bug 1244895SUSE bug 1244898SUSE bug 1244899SUSE bug 1244900SUSE bug 1244901SUSE bug 1244902SUSE bug 1244903SUSE bug 1244904SUSE bug 1244905SUSE bug 1244908SUSE bug 1244911SUSE bug 1244912SUSE bug 1244914SUSE bug 1244915SUSE bug 1244928SUSE bug 1244936SUSE bug 1244940SUSE bug 1244941SUSE bug 1244942SUSE bug 1244943SUSE bug 1244944SUSE bug 1244945SUSE bug 1244948SUSE bug 1244949SUSE bug 1244950SUSE bug 1244953SUSE bug 1244955SUSE bug 1244956SUSE bug 1244957SUSE bug 1244958SUSE bug 1244959SUSE bug 1244960SUSE bug 1244961SUSE bug 1244965SUSE bug 1244966SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244970SUSE bug 1244973SUSE bug 1244974SUSE bug 1244976SUSE bug 1244977SUSE bug 1244978SUSE bug 1244979SUSE bug 1244983SUSE bug 1244984SUSE bug 1244985SUSE bug 1244986SUSE bug 1244987SUSE bug 1244991SUSE bug 1244992SUSE bug 1244993SUSE bug 1245006SUSE bug 1245007SUSE bug 1245009SUSE bug 1245011SUSE bug 1245012SUSE bug 1245015SUSE bug 1245018SUSE bug 1245019SUSE bug 1245023SUSE bug 1245024SUSE bug 1245028SUSE bug 1245031SUSE bug 1245032SUSE bug 1245033SUSE bug 1245038SUSE bug 1245039SUSE bug 1245040SUSE bug 1245041SUSE bug 1245047SUSE bug 1245048SUSE bug 1245051SUSE bug 1245052SUSE bug 1245057SUSE bug 1245058SUSE bug 1245060SUSE bug 1245062SUSE bug 1245063SUSE bug 1245064SUSE bug 1245069SUSE bug 1245070SUSE bug 1245072SUSE bug 1245073SUSE bug 1245088SUSE bug 1245089SUSE bug 1245092SUSE bug 1245093SUSE bug 1245094SUSE bug 1245098SUSE bug 1245103SUSE bug 1245116SUSE bug 1245117SUSE bug 1245118SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245133SUSE bug 1245134SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245142SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245152SUSE bug 1245154SUSE bug 1245155SUSE bug 1245180SUSE bug 1245183SUSE bug 1245189SUSE bug 1245191SUSE bug 1245195SUSE bug 1245197SUSE bug 1245265SUSE bug 1245340SUSE bug 1245348SUSE bug 1245431SUSE bug 1245455CVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2585 at SUSECVE-2022-2585 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49935 at SUSECVE-2022-49935 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49938 at SUSECVE-2022-49938 at NVDCVE-2022-49940 at SUSECVE-2022-49940 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49944 at SUSECVE-2022-49944 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49946 at SUSECVE-2022-49946 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49949 at SUSECVE-2022-49949 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49951 at SUSECVE-2022-49951 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49957 at SUSECVE-2022-49957 at NVDCVE-2022-49958 at SUSECVE-2022-49958 at NVDCVE-2022-49960 at SUSECVE-2022-49960 at NVDCVE-2022-49962 at SUSECVE-2022-49962 at NVDCVE-2022-49963 at SUSECVE-2022-49963 at NVDCVE-2022-49964 at SUSECVE-2022-49964 at NVDCVE-2022-49965 at SUSECVE-2022-49965 at NVDCVE-2022-49966 at SUSECVE-2022-49966 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49969 at SUSECVE-2022-49969 at NVDCVE-2022-49971 at SUSECVE-2022-49971 at NVDCVE-2022-49972 at SUSECVE-2022-49972 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49982 at SUSECVE-2022-49982 at NVDCVE-2022-49983 at SUSECVE-2022-49983 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-49995 at SUSECVE-2022-49995 at NVDCVE-2022-49999 at SUSECVE-2022-49999 at NVDCVE-2022-50002 at SUSECVE-2022-50002 at NVDCVE-2022-50003 at SUSECVE-2022-50003 at NVDCVE-2022-50005 at SUSECVE-2022-50005 at NVDCVE-2022-50006 at SUSECVE-2022-50006 at NVDCVE-2022-50008 at SUSECVE-2022-50008 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50011 at SUSECVE-2022-50011 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50015 at SUSECVE-2022-50015 at NVDCVE-2022-50016 at SUSECVE-2022-50016 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50021 at SUSECVE-2022-50021 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50023 at SUSECVE-2022-50023 at NVDCVE-2022-50024 at SUSECVE-2022-50024 at NVDCVE-2022-50026 at SUSECVE-2022-50026 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50031 at SUSECVE-2022-50031 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50034 at SUSECVE-2022-50034 at NVDCVE-2022-50035 at SUSECVE-2022-50035 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50037 at SUSECVE-2022-50037 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50039 at SUSECVE-2022-50039 at NVDCVE-2022-50040 at SUSECVE-2022-50040 at NVDCVE-2022-50041 at SUSECVE-2022-50041 at NVDCVE-2022-50044 at SUSECVE-2022-50044 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50046 at SUSECVE-2022-50046 at NVDCVE-2022-50047 at SUSECVE-2022-50047 at NVDCVE-2022-50049 at SUSECVE-2022-50049 at NVDCVE-2022-50050 at SUSECVE-2022-50050 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50052 at SUSECVE-2022-50052 at NVDCVE-2022-50053 at SUSECVE-2022-50053 at NVDCVE-2022-50054 at SUSECVE-2022-50054 at NVDCVE-2022-50055 at SUSECVE-2022-50055 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50060 at SUSECVE-2022-50060 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50062 at SUSECVE-2022-50062 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50066 at SUSECVE-2022-50066 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50068 at SUSECVE-2022-50068 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50073 at SUSECVE-2022-50073 at NVDCVE-2022-50074 at SUSECVE-2022-50074 at NVDCVE-2022-50076 at SUSECVE-2022-50076 at NVDCVE-2022-50077 at SUSECVE-2022-50077 at NVDCVE-2022-50079 at SUSECVE-2022-50079 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50086 at SUSECVE-2022-50086 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50095 at SUSECVE-2022-50095 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50100 at SUSECVE-2022-50100 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50103 at SUSECVE-2022-50103 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50110 at SUSECVE-2022-50110 at NVDCVE-2022-50111 at SUSECVE-2022-50111 at NVDCVE-2022-50112 at SUSECVE-2022-50112 at NVDCVE-2022-50115 at SUSECVE-2022-50115 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2022-50117 at SUSECVE-2022-50117 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50120 at SUSECVE-2022-50120 at NVDCVE-2022-50121 at SUSECVE-2022-50121 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50125 at SUSECVE-2022-50125 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50129 at SUSECVE-2022-50129 at NVDCVE-2022-50131 at SUSECVE-2022-50131 at NVDCVE-2022-50132 at SUSECVE-2022-50132 at NVDCVE-2022-50133 at SUSECVE-2022-50133 at NVDCVE-2022-50134 at SUSECVE-2022-50134 at NVDCVE-2022-50135 at SUSECVE-2022-50135 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50137 at SUSECVE-2022-50137 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50139 at SUSECVE-2022-50139 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50144 at SUSECVE-2022-50144 at NVDCVE-2022-50145 at SUSECVE-2022-50145 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50151 at SUSECVE-2022-50151 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50154 at SUSECVE-2022-50154 at NVDCVE-2022-50155 at SUSECVE-2022-50155 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50157 at SUSECVE-2022-50157 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50166 at SUSECVE-2022-50166 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50171 at SUSECVE-2022-50171 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50175 at SUSECVE-2022-50175 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50178 at SUSECVE-2022-50178 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50183 at SUSECVE-2022-50183 at NVDCVE-2022-50184 at SUSECVE-2022-50184 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50186 at SUSECVE-2022-50186 at NVDCVE-2022-50187 at SUSECVE-2022-50187 at NVDCVE-2022-50188 at SUSECVE-2022-50188 at NVDCVE-2022-50190 at SUSECVE-2022-50190 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50192 at SUSECVE-2022-50192 at NVDCVE-2022-50194 at SUSECVE-2022-50194 at NVDCVE-2022-50196 at SUSECVE-2022-50196 at NVDCVE-2022-50197 at SUSECVE-2022-50197 at NVDCVE-2022-50198 at SUSECVE-2022-50198 at NVDCVE-2022-50199 at SUSECVE-2022-50199 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50201 at SUSECVE-2022-50201 at NVDCVE-2022-50202 at SUSECVE-2022-50202 at NVDCVE-2022-50203 at SUSECVE-2022-50203 at NVDCVE-2022-50204 at SUSECVE-2022-50204 at NVDCVE-2022-50206 at SUSECVE-2022-50206 at NVDCVE-2022-50207 at SUSECVE-2022-50207 at NVDCVE-2022-50208 at SUSECVE-2022-50208 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50221 at SUSECVE-2022-50221 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50226 at SUSECVE-2022-50226 at NVDCVE-2022-50228 at SUSECVE-2022-50228 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2023-52925 at SUSECVE-2023-52925 at NVDCVE-2023-53046 at SUSECVE-2023-53046 at NVDCVE-2023-53048 at SUSECVE-2023-53048 at NVDCVE-2023-53076 at SUSECVE-2023-53076 at NVDCVE-2023-53097 at SUSECVE-2023-53097 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-35840 at SUSECVE-2024-35840 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53125 at SUSECVE-2024-53125 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-53197 at SUSECVE-2024-53197 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2024-57999 at SUSECVE-2024-57999 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-21756 at SUSECVE-2025-21756 at NVDCVE-2025-23141 at SUSECVE-2025-23141 at NVDCVE-2025-23145 at SUSECVE-2025-23145 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37785 at SUSECVE-2025-37785 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37948 at SUSECVE-2025-37948 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37963 at SUSECVE-2025-37963 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38060 at SUSECVE-2025-38060 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
ImportantSUSE bug 1238896SUSE bug 1244644SUSE bug 1246112CVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2025-27465 at SUSECVE-2025-27465 at NVDcpe:/o:suse:sle-micro:5.5Security update for coreutils (Moderate)SUSE Linux Enterprise Micro 5.5
This update for coreutils fixes the following issues:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
ModerateSUSE bug 1243767CVE-2025-5278 at SUSECVE-2025-5278 at NVDcpe:/o:suse:sle-micro:5.5Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
ModerateSUSE bug 1242844CVE-2025-4373 at SUSECVE-2025-4373 at NVDcpe:/o:suse:sle-micro:5.5Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.5
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
ModerateSUSE bug 1243450CVE-2024-23337 at SUSECVE-2024-23337 at NVDcpe:/o:suse:sle-micro:5.5Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.5
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
ModerateSUSE bug 1243772CVE-2025-48964 at SUSECVE-2025-48964 at NVDcpe:/o:suse:sle-micro:5.5Security update for salt (Important)SUSE Linux Enterprise Micro 5.5
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2024-38822: Fixed Minion token validation (bsc#1244561)
- CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)
- CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)
- CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)
- CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)
- CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)
- CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)
- CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)
- CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)
- CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574)
- CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)
- CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)
- Other bugs fixed:
- Added subsystem filter to udev.exportdb (bsc#1236621)
- Fixed Ubuntu 24.04 test failures
- Fixed refresh of osrelease and related grains on Python 3.10+
- Fixed issue requiring proper Python flavor for dependencies
ImportantSUSE bug 1236621SUSE bug 1243268SUSE bug 1244561SUSE bug 1244564SUSE bug 1244565SUSE bug 1244566SUSE bug 1244567SUSE bug 1244568SUSE bug 1244570SUSE bug 1244571SUSE bug 1244572SUSE bug 1244574SUSE bug 1244575CVE-2024-38822 at SUSECVE-2024-38822 at NVDCVE-2024-38823 at SUSECVE-2024-38823 at NVDCVE-2024-38824 at SUSECVE-2024-38824 at NVDCVE-2024-38825 at SUSECVE-2024-38825 at NVDCVE-2025-22236 at SUSECVE-2025-22236 at NVDCVE-2025-22237 at SUSECVE-2025-22237 at NVDCVE-2025-22238 at SUSECVE-2025-22238 at NVDCVE-2025-22239 at SUSECVE-2025-22239 at NVDCVE-2025-22240 at SUSECVE-2025-22240 at NVDCVE-2025-22241 at SUSECVE-2025-22241 at NVDCVE-2025-22242 at SUSECVE-2025-22242 at NVDCVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:sle-micro:5.5Security update for polkit (Important)SUSE Linux Enterprise Micro 5.5
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
ImportantSUSE bug 1246472CVE-2025-7519 at SUSECVE-2025-7519 at NVDcpe:/o:suse:sle-micro:5.5Security update for boost (Important)SUSE Linux Enterprise Micro 5.5
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
ImportantSUSE bug 1245936CVE-2016-9840 at SUSECVE-2016-9840 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2024-57947: netfilter: nf_set_pipapo: fix initial map fill (bsc#1236333).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).'
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555).
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1233551SUSE bug 1234480SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1238160SUSE bug 1239644SUSE bug 1242417SUSE bug 1244523SUSE bug 1245217SUSE bug 1245431SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246287SUSE bug 1246555CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38289 at SUSECVE-2025-38289 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32989: Fix heap buffer overread when handling the CT SCT extension during X.509 certificate parsing (bsc#1246233)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
ImportantSUSE bug 1246232SUSE bug 1246233SUSE bug 1246267SUSE bug 1246299CVE-2025-32988 at SUSECVE-2025-32988 at NVDCVE-2025-32989 at SUSECVE-2025-32989 at NVDCVE-2025-32990 at SUSECVE-2025-32990 at NVDCVE-2025-6395 at SUSECVE-2025-6395 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.5
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
ImportantSUSE bug 1246597CVE-2025-6965 at SUSECVE-2025-6965 at NVDcpe:/o:suse:sle-micro:5.5Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.5
This update for systemd fixes the following issues:
- CVE-2025-4598: Fixed race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
ModerateSUSE bug 1243935CVE-2025-4598 at SUSECVE-2025-4598 at NVDcpe:/o:suse:sle-micro:5.5Security update for cairo (Low)SUSE Linux Enterprise Micro 5.5
This update for cairo fixes the following issues:
- CVE-2019-6461: avoid assert when drawing arcs with NaN angles (bsc#1122338).
LowSUSE bug 1122338CVE-2019-6461 at SUSECVE-2019-6461 at NVDcpe:/o:suse:sle-micro:5.5Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ModerateSUSE bug 1234959CVE-2024-56738 at SUSECVE-2024-56738 at NVDcpe:/o:suse:sle-micro:5.5Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libarchive fixes the following issues:
- CVE-2025-5914: Fixed double free due to an integer overflow in the archive_read_format_rar_seek_data() function (bsc#1244272)
- CVE-2025-5915: Fixed heap buffer over read in copy_from_lzss_window() at archive_read_support_format_rar.c (bsc#1244273)
- CVE-2025-5916: Fixed integer overflow while reading warc files at archive_read_support_format_warc.c (bsc#1244270)
- CVE-2025-5917: Fixed off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c (bsc#1244336)
- CVE-2025-5918: Fixed reading past EOF may be triggered for piped file streams (bsc#1244279)
ModerateSUSE bug 1244270SUSE bug 1244272SUSE bug 1244273SUSE bug 1244279SUSE bug 1244336CVE-2025-5914 at SUSECVE-2025-5914 at NVDCVE-2025-5915 at SUSECVE-2025-5915 at NVDCVE-2025-5916 at SUSECVE-2025-5916 at NVDCVE-2025-5917 at SUSECVE-2025-5917 at NVDCVE-2025-5918 at SUSECVE-2025-5918 at NVDcpe:/o:suse:sle-micro:5.5Security update for dpkg (Moderate)SUSE Linux Enterprise Micro 5.5
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
ModerateSUSE bug 1245573CVE-2025-6297 at SUSECVE-2025-6297 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
ImportantSUSE bug 1246296CVE-2025-7425 at SUSECVE-2025-7425 at NVDcpe:/o:suse:sle-micro:5.5Security update for libgcrypt (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
ModerateSUSE bug 1221107CVE-2024-2236 at SUSECVE-2024-2236 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
ImportantSUSE bug 1233012SUSE bug 1243273SUSE bug 1244032SUSE bug 1244056SUSE bug 1244059SUSE bug 1244060SUSE bug 1244061SUSE bug 1244401SUSE bug 1244705SUSE bug 1247249SUSE bug 831629CVE-2024-12718 at SUSECVE-2024-12718 at NVDCVE-2025-4138 at SUSECVE-2025-4138 at NVDCVE-2025-4330 at SUSECVE-2025-4330 at NVDCVE-2025-4435 at SUSECVE-2025-4435 at NVDCVE-2025-4516 at SUSECVE-2025-4516 at NVDCVE-2025-4517 at SUSECVE-2025-4517 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDCVE-2025-8194 at SUSECVE-2025-8194 at NVDcpe:/o:suse:sle-micro:5.5Security update for gstreamer-plugins-base (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (bsc#1244404).
- CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (bsc#1244403).
- CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser (bsc#1244407).
ModerateSUSE bug 1244403SUSE bug 1244404SUSE bug 1244407CVE-2025-47806 at SUSECVE-2025-47806 at NVDCVE-2025-47807 at SUSECVE-2025-47807 at NVDCVE-2025-47808 at SUSECVE-2025-47808 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
ImportantSUSE bug 1245320CVE-2025-6032 at SUSECVE-2025-6032 at NVDcpe:/o:suse:sle-micro:5.5Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.5
This update for rust-keylime fixes the following issues:
- Update to version 0.2.7+141:
* CVE-2025-58266: shlex: Fixed command injection (bsc#1247193)
- Update to version 0.2.7+117:
* CVE-2023-26964: rust-keylime: hyper,h2: stream stacking when H2 processing HTTP2 RST_STREAM frames (bsc#1210344).
* CVE-2024-12224: rust-keylime: idna: idna accepts Punycode labels that do not produce any non-ASCII when decoded (bsc#1243861).
* CVE-2024-32650: rust-keylime: rust-rustls: Infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223234).
* CVE-2024-43806: rust-keylime: rustix: rustix::fs::Dir iterator with the linux_raw backend can cause memory explosion (bsc#1229952).
* CVE-2025-3416: rust-keylime: openssl: Use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate (bsc#1242623).
* rust-shlex: Multiple issues involving quote API ( RUSTSEC-2024-0006, GHSA-r7qv-8r2h-pg27, bsc#1230029)
ImportantSUSE bug 1210344SUSE bug 1223234SUSE bug 1229952SUSE bug 1230029SUSE bug 1242623SUSE bug 1243861SUSE bug 1247193CVE-2023-26964 at SUSECVE-2023-26964 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-32650 at SUSECVE-2024-32650 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-58266 at SUSECVE-2025-58266 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Important)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
ImportantSUSE bug 1247106SUSE bug 1247108CVE-2025-8176 at SUSECVE-2025-8176 at NVDCVE-2025-8177 at SUSECVE-2025-8177 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38289: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk (bsc#1246287).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
The following non-security bugs were fixed:
- Revert 'hugetlb: unshare some PMDs when splitting VMAs' (bsc#1245431).
- Revert 'mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race'
- Revert 'mm/hugetlb: unshare page tables during VMA split, not before'
- bnxt_en: Fix GSO type for HW GRO packets on 5750X chips (bsc#1244523).
- net: usb: usbnet: restore usb%d name exception for local mac addresses (bsc#1234480 bsc#1246555).
ImportantSUSE bug 1206051SUSE bug 1221829SUSE bug 1233551SUSE bug 1234480SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1237164SUSE bug 1238160SUSE bug 1239644SUSE bug 1240799SUSE bug 1242414SUSE bug 1242417SUSE bug 1244309SUSE bug 1244523SUSE bug 1245217SUSE bug 1245431SUSE bug 1245506SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246073SUSE bug 1246186SUSE bug 1246287SUSE bug 1246555SUSE bug 1246781SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247437CVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-21701 at SUSECVE-2025-21701 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38289 at SUSECVE-2025-38289 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-Jinja2 (Important)SUSE Linux Enterprise Micro 5.5
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.5
This update for docker fixes the following issues:
- Update to Docker 28.3.3-ce.
- CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367)
ModerateSUSE bug 1246556SUSE bug 1247367CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:sle-micro:5.5Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.5
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
ModerateSUSE bug 1244116CVE-2025-48060 at SUSECVE-2025-48060 at NVDcpe:/o:suse:sle-micro:5.5Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ignition fixes the following issues:
CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518)
ModerateSUSE bug 1236518CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:sle-micro:5.5Security update for rust-keylime (Moderate)SUSE Linux Enterprise Micro 5.5
This update for rust-keylime fixes the following issues:
- Update slab to version 0.4.11:
* CVE-2025-55159: Fixed incorrect bounds check in get_disjoint_mut function (bsc#1248006)
- Update to version 0.2.8+12:
* build(deps): bump actions/checkout from 4 to 5
* build(deps): bump cfg-if from 1.0.0 to 1.0.1
* build(deps): bump openssl from 0.10.72 to 0.10.73
* build(deps): bump clap from 4.5.39 to 4.5.45
* build(deps): bump pest from 2.8.0 to 2.8.1
* Fix clippy warnings
* Use verifier-provided interval for continuous attestation timing
* Add meta object with seconds_to_next_attestation to evidence response
* Fix boot time retrieval
* Fix IMA log format (it must be ['text/plain']) (#1073)
* Remove unnecessary configuration fields
* cargo: Bump retry-policies to version 0.4.0
ModerateSUSE bug 1248006CVE-2025-55159 at SUSECVE-2025-55159 at NVDcpe:/o:suse:sle-micro:5.5Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.5
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-6199: Fixed uninitialized memory leading to arbitrary memory contents leak (bsc#1245227)
- CVE-2025-7345: Fixed heap buffer overflow within the gdk_pixbuf__jpeg_image_load_increment function (bsc#1246114)
ImportantSUSE bug 1245227SUSE bug 1246114CVE-2025-6199 at SUSECVE-2025-6199 at NVDCVE-2025-7345 at SUSECVE-2025-7345 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.5
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
ModerateSUSE bug 1232234SUSE bug 1246221CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
ModerateSUSE bug 1244925CVE-2025-50181 at SUSECVE-2025-50181 at NVDcpe:/o:suse:sle-micro:5.5Security update for udisks2 (Important)SUSE Linux Enterprise Micro 5.5
This update for udisks2 fixes the following issues:
- CVE-2025-8067: Fixed missing bounds check can lead to out-of-bounds read in udisks daemon (bsc#1248502)
ImportantSUSE bug 1248502CVE-2025-8067 at SUSECVE-2025-8067 at NVDcpe:/o:suse:sle-micro:5.5Security update for google-osconfig-agent (Moderate)SUSE Linux Enterprise Micro 5.5
This update for google-osconfig-agent fixes the following issues:
- Update to version 20250115.01 (bsc#1236406, bsc#1236407)
- CVE-2024-24790: Bump the golang compiler version to 1.22.4 (bsc#1225974)
ModerateSUSE bug 1225974SUSE bug 1236406SUSE bug 1236407CVE-2024-24790 at SUSECVE-2024-24790 at NVDcpe:/o:suse:sle-micro:5.5Security update for git (Important)SUSE Linux Enterprise Micro 5.5
This update for git fixes the following issues:
Updated to 2.43.7 (jsc#PED-13447):
- CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk (bsc#1245938)
- CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk (bsc#1245939)
- CVE-2025-46835: Fixed arbitrary writable file creation via untrusted repository clonation in Git GUI (bsc#1245942)
- CVE-2025-48384: Fixed arbitrary writable file creation when cloning untrusted repositories with submodules
using the --recursive flag (bsc#1245943)
- CVE-2025-48385: Fixed arbitrary code execution due to protocol injection via fetching advertised bundle (bsc#1245946)
Other fixes:
- Drop git-credential-gnome-keyring package as it was dropped upstream,
use git-credential-libsecret instead
- git-add--interactive was removed upstream in favor of built in implementation,
which was already the default in SLE.
ImportantSUSE bug 1245938SUSE bug 1245939SUSE bug 1245942SUSE bug 1245943SUSE bug 1245946CVE-2025-27613 at SUSECVE-2025-27613 at NVDCVE-2025-27614 at SUSECVE-2025-27614 at NVDCVE-2025-46835 at SUSECVE-2025-46835 at NVDCVE-2025-48384 at SUSECVE-2025-48384 at NVDCVE-2025-48385 at SUSECVE-2025-48385 at NVDcpe:/o:suse:sle-micro:5.5Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
ModerateSUSE bug 1236619CVE-2025-24528 at SUSECVE-2025-24528 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-future (Important)SUSE Linux Enterprise Micro 5.5
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
ImportantSUSE bug 1248124CVE-2025-50817 at SUSECVE-2025-50817 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
| GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
| ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
| LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
| MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases:
All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
ImportantSUSE bug 1248438CVE-2025-20053 at SUSECVE-2025-20053 at NVDCVE-2025-20109 at SUSECVE-2025-20109 at NVDCVE-2025-22839 at SUSECVE-2025-22839 at NVDCVE-2025-22840 at SUSECVE-2025-22840 at NVDCVE-2025-22889 at SUSECVE-2025-22889 at NVDCVE-2025-26403 at SUSECVE-2025-26403 at NVDCVE-2025-32086 at SUSECVE-2025-32086 at NVDcpe:/o:suse:sle-micro:5.5Security update for nvidia-open-driver-G06-signed (Important)SUSE Linux Enterprise Micro 5.5
This update for nvidia-open-driver-G06-signed fixes the following issues:
Updated CUDA variant to 580.65.06:
- CVE-2025-23277: Fixed access memory outside bounds permitted under normal
use cases in NVIDIA Display Driver (bsc#1247528)
- CVE-2025-23278: Fixed improper index validation by issuing a call with
crafted parameters in NVIDIA Display Driver (bsc#1247529)
- CVE-2025-23286: Fixed invalid memory read in NVIDIA GPU Display Driver (bsc#1247530)
- CVE-2025-23283: Fixed stack buffer overflow triggerable by a malicious guest
in Virtual GPU Manager in NVIDIA vGPU software (bsc#1247531)
- CVE-2025-23279: Fixed race condition that lead to privileges escalations
in NVIDIA .run Installer (bsc#1247532)
Updated non-CUDA variant to 570.172.08 (bsc#1246327)
ImportantSUSE bug 1236191SUSE bug 1236658SUSE bug 1236746SUSE bug 1237308SUSE bug 1237585SUSE bug 1239139SUSE bug 1239653SUSE bug 1241231SUSE bug 1242054SUSE bug 1243192SUSE bug 1244614SUSE bug 1246010SUSE bug 1246327SUSE bug 1247528SUSE bug 1247529SUSE bug 1247530SUSE bug 1247531SUSE bug 1247532CVE-2025-23277 at SUSECVE-2025-23277 at NVDCVE-2025-23278 at SUSECVE-2025-23278 at NVDCVE-2025-23279 at SUSECVE-2025-23279 at NVDCVE-2025-23283 at SUSECVE-2025-23283 at NVDCVE-2025-23286 at SUSECVE-2025-23286 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Low)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2025-4945: Fixed Integer Overflow in Cookie Expiration Date Handling in libsoup (bsc#1243314).
LowSUSE bug 1243314CVE-2025-4945 at SUSECVE-2025-4945 at NVDcpe:/o:suse:sle-micro:5.5Security update for regionServiceClientConfigAzure (Critical)SUSE Linux Enterprise Micro 5.5
This update for regionServiceClientConfigAzure contains the following fixes:
- Update to version 3.0.0.(bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency name for metadata package, name change in
SLE 16. (bsc#1243419)
+ Replacing certificate for rgnsrv-azure-southeastasia to get
rid of weird chain cert
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.5Security update for regionServiceClientConfigEC2 (Critical)SUSE Linux Enterprise Micro 5.5
This update for regionServiceClientConfigEC2 contains the following fixes:
- Update to version 5.0.0. (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency to accomodate metadata binary package name change
in SLE 16. (bsc#1243419)
+ New 4096 certificate for rgnsrv-ec2-us-east1
CriticalSUSE bug 1243419SUSE bug 1246995cpe:/o:suse:sle-micro:5.5Security update for regionServiceClientConfigGCE (Critical)SUSE Linux Enterprise Micro 5.5
This update for regionServiceClientConfigGCE contains the following fixes:
- Update to version 5.0.0 (bsc#1246995)
+ SLE 16 python-requests requires SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update conditional to handle name change of metadata package
in SLE 16. (bsc#1242063)
+ Add noipv6 patch
CriticalSUSE bug 1242063SUSE bug 1246995cpe:/o:suse:sle-micro:5.5Security update for clamav (Important)SUSE Linux Enterprise Micro 5.5
This update for clamav fixes the following issues:
New version 1.4.2:
* CVE-2025-20128, bsc#1236307: Fixed a possible buffer overflow
read bug in the OLE2 file parser that could cause a
denial-of-service (DoS) condition.
- Start clamonacc with --fdpass to avoid errors due to
clamd not being able to access user files. (bsc#1232242)
- New version 1.4.1:
* https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
- New version 1.4.0:
* Added support for extracting ALZ archives.
* Added support for extracting LHA/LZH archives.
* Added the ability to disable image fuzzy hashing, if needed.
For context, image fuzzy hashing is a detection mechanism
useful for identifying malware by matching images included with
the malware or phishing email/document.
* https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
- New version 1.3.2:
* CVE-2024-20506: Changed the logging module to disable following
symlinks on Linux and Unix systems so as to prevent an attacker
with existing access to the 'clamd' or 'freshclam' services from
using a symlink to corrupt system files.
* CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF
file parser that could cause a denial-of-service condition.
* Removed unused Python modules from freshclam tests including
deprecated 'cgi' module that is expected to cause test failures in
Python 3.13.
* Fix unit test caused by expiring signing certificate.
* Fixed a build issue on Windows with newer versions of Rust. Also
upgraded GitHub Actions imports to fix CI failures.
* Fixed an unaligned pointer dereference issue on select architectures.
* Fixes to Jenkins CI pipeline.
- New Version: 1.3.1:
* CVE-2024-20380: Fixed a possible crash in the HTML file parser
that could cause a denial-of-service (DoS) condition.
* Updated select Rust dependencies to the latest versions.
* Fixed a bug causing some text to be truncated when converting
from UTF-16.
* Fixed assorted complaints identified by Coverity static
analysis.
* Fixed a bug causing CVDs downloaded by the DatabaseCustomURL
* Added the new 'valhalla' database name to the list of optional
databases in preparation for future work.
- New version: 1.3.0:
* Added support for extracting and scanning attachments found in
Microsoft OneNote section files. OneNote parsing will be
enabled by default, but may be optionally disabled.
* Added file type recognition for compiled Python ('.pyc') files.
* Improved support for decrypting PDFs with empty passwords.
* Fixed a warning when scanning some HTML files.
* ClamOnAcc: Fixed an infinite loop when a watched directory
does not exist.
* ClamOnAcc: Fixed an infinite loop when a file has been deleted
before a scan.
- New version: 1.2.0:
* Added support for extracting Universal Disk Format (UDF)
partitions.
* Added an option to customize the size of ClamAV's clean file
cache.
* Raised the MaxScanSize limit so the total amount of data
scanned when scanning a file or archive may exceed 4 gigabytes.
* Added ability for Freshclam to use a client certificate PEM
file and a private key PEM file for authentication to a private
mirror.
* Fix an issue extracting files from ISO9660 partitions where the
files are listed in the plain ISO tree and there also exists an
empty Joliet tree.
* PID and socket are now located under /run/clamav/clamd.pid and
/run/clamav/clamd.sock .
* bsc#1211594: Fixed an issue where ClamAV does not abort the
signature load process after partially loading an invalid
signature.
- New version 1.1.0:
* https://blog.clamav.net/2023/05/clamav-110-released.html
* Added the ability to extract images embedded in HTML CSS
<style> blocks.
* Updated to Sigtool so that the '--vba' option will extract VBA
code from Microsoft Office documents the same way that
libclamav extracts VBA.
* Added a new option --fail-if-cvd-older-than=days to clamscan
and clamd, and FailIfCvdOlderThan to clamd.conf
* Added a new function 'cl_cvdgetage()' to the libclamav API.
* Added a new function 'cl_engine_set_clcb_vba()' to the
libclamav API.
- bsc#1180296: Integrate clamonacc as a service.
- New version 1.0.1 LTS (including changes in 0.104 and 0.105):
* As of ClamAV 0.104, CMake is required to build ClamAV.
* As of ClamAV 0.105, Rust is now required to compile ClamAV.
* Increased the default limits for file and scan size:
* MaxScanSize: 100M to 400M
* MaxFileSize: 25M to 100M
* StreamMaxLength: 25M to 100M
* PCREMaxFileSize: 25M to 100M
* MaxEmbeddedPE: 10M to 40M
* MaxHTMLNormalize: 10M to 40M
* MaxScriptNormalize: 5M to 20M
* MaxHTMLNoTags: 2M to 8M
* Added image fuzzy hash subsignatures for logical signatures.
* Support for decrypting read-only OLE2-based XLS files that are
encrypted with the default password.
* Overhauled the implementation of the all-match feature.
* Added a new callback to the public API for inspecting file
content during a scan at each layer of archive extraction.
* Added a new function to the public API for unpacking CVD
signature archives.
* The option to build with an external TomsFastMath library has
been removed. ClamAV requires non-default build options for
TomsFastMath to support bigger floating point numbers.
* For a full list of changes see the release announcements:
* https://blog.clamav.net/2022/11/clamav-100-lts-released.html
* https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html
* https://blog.clamav.net/2021/09/clamav-01040-released.html
- Build clamd with systemd support.
* CVE-2023-20197: Fixed a possible denial of service vulnerability in
the HFS+ file parser. (bsc#1214342)
* CVE-2018-14679: Fixed that an issue was discovered in mspack/chmd.c
in libmspack before 0.7alpha. There isan off-by-one error in the CHM
PMGI/PMGL chunk number validity checks, which could lead to denial of
service (uninitialized da (bsc#1103032)
- Package huge .html documentation in a separate subpackage.
- Update to 0.103.7 (bsc#1202986)
- Zip parser: tolerate 2-byte overlap in file entries
- Fix bug with logical signature Intermediates feature
- Update to UnRAR v6.1.7
- Patch UnRAR: allow skipping files in solid archives
- Patch UnRAR: limit dict winsize to 1GB
- Use a split-provides for clamav-milter instead of recommending it.
- Package clamav-milter in a subpackage
- Remove virus signatures upon uninstall
- Check for database existence before starting clamd
- Restart clamd when it exits
- Don't daemonize freshclam, but use a systemd timer instead to
trigger updates
ImportantSUSE bug 1102840SUSE bug 1103032SUSE bug 1180296SUSE bug 1202986SUSE bug 1211594SUSE bug 1214342SUSE bug 1232242SUSE bug 1236307CVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2023-20197 at SUSECVE-2023-20197 at NVDCVE-2024-20380 at SUSECVE-2024-20380 at NVDCVE-2024-20505 at SUSECVE-2024-20505 at NVDCVE-2024-20506 at SUSECVE-2024-20506 at NVDCVE-2025-20128 at SUSECVE-2025-20128 at NVDcpe:/o:suse:sle-micro:5.5Security update for net-tools (Moderate)SUSE Linux Enterprise Micro 5.5
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
ModerateSUSE bug 1243581SUSE bug 1246608SUSE bug 1248410SUSE bug 1248687SUSE bug 142461CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:sle-micro:5.5Security update for cups (Important)SUSE Linux Enterprise Micro 5.5
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
ImportantSUSE bug 1230932SUSE bug 1246533SUSE bug 1249049SUSE bug 1249128CVE-2024-47175 at SUSECVE-2024-47175 at NVDCVE-2025-58060 at SUSECVE-2025-58060 at NVDCVE-2025-58364 at SUSECVE-2025-58364 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Important)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Important)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:sle-micro:5.5Security update for bluez (Moderate)SUSE Linux Enterprise Micro 5.5
This update for bluez fixes the following issues:
- CVE-2023-45866: keystroke injection and arbitrary command execution via HID device connections (bsc#1217877).
ModerateSUSE bug 1217877CVE-2023-45866 at SUSECVE-2023-45866 at NVDcpe:/o:suse:sle-micro:5.5Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.
To avoid problems with those, SUSE has by default now disabled
those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in krb5.conf:
[libdefaults]
allow_des3 = true
allow_rc4 = true
to reenable them.
ModerateSUSE bug 1241219CVE-2025-3576 at SUSECVE-2025-3576 at NVDcpe:/o:suse:sle-micro:5.5Security update for cairo (Low)SUSE Linux Enterprise Micro 5.5
This update for cairo fixes the following issues:
- CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589).
LowSUSE bug 1247589CVE-2025-50422 at SUSECVE-2025-50422 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#122824 bsc#1233640).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- Disable N_GSM (jsc#PED-8240, bsc#1244824).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- security, lsm: Introduce security_mptcp_add_subflow() (bsc#1240375).
- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
ImportantSUSE bug 1229334SUSE bug 1233640SUSE bug 1234896SUSE bug 1240375SUSE bug 1242780SUSE bug 1244824SUSE bug 1245110SUSE bug 1245956SUSE bug 1245970SUSE bug 1246211SUSE bug 1246473SUSE bug 1246911SUSE bug 1247143SUSE bug 1247374SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.5Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
Updated to 9.1.1629:
- CVE-2025-53905: Fixed malicious tar archive may causing a path traversal in Vim’s tar.vim plugin (bsc#1246604)
- CVE-2025-53906: Fixed malicious zip archive may causing a path traversal in Vim’s zip (bsc#1246602)
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938)
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939)
ModerateSUSE bug 1246602SUSE bug 1246604SUSE bug 1247938SUSE bug 1247939CVE-2025-53905 at SUSECVE-2025-53905 at NVDCVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2025-55157 at SUSECVE-2025-55157 at NVDCVE-2025-55158 at SUSECVE-2025-55158 at NVDcpe:/o:suse:sle-micro:5.5Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.5
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
ModerateSUSE bug 1233421CVE-2024-52615 at SUSECVE-2024-52615 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1237164).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248297).
- CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- Disable N_GSM (jsc#PED-8240).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
- kabi fix for NFSv4: fairly test all delegations on a SEQ4_ revocation (bsc#1246211).
ImportantSUSE bug 1229334SUSE bug 1233640SUSE bug 1234896SUSE bug 1236333SUSE bug 1237164SUSE bug 1240799SUSE bug 1242414SUSE bug 1242780SUSE bug 1244309SUSE bug 1244824SUSE bug 1245110SUSE bug 1245506SUSE bug 1245711SUSE bug 1245956SUSE bug 1245970SUSE bug 1245986SUSE bug 1246211SUSE bug 1246473SUSE bug 1246781SUSE bug 1246911SUSE bug 1247143SUSE bug 1247314SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349SUSE bug 1247374SUSE bug 1247437SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248297SUSE bug 1248306SUSE bug 1248312SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748SUSE bug 1249353CVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-21701 at SUSECVE-2025-21701 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38088 at SUSECVE-2025-38088 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38555 at SUSECVE-2025-38555 at NVDCVE-2025-38560 at SUSECVE-2025-38560 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Low)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330).
- CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582).
- CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117).
LowSUSE bug 1247582SUSE bug 1248117SUSE bug 1248330CVE-2025-8534 at SUSECVE-2025-8534 at NVDCVE-2025-8961 at SUSECVE-2025-8961 at NVDCVE-2025-9165 at SUSECVE-2025-9165 at NVDcpe:/o:suse:sle-micro:5.5Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.5
This update for rsync fixes the following issues:
- Bump rsync protocol version to 32 to show server is patched against recent vulnerabilities.
ModerateSUSE bug 1233760cpe:/o:suse:sle-micro:5.5Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.5
This update for open-vm-tools fixes the following issues:
- CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373).
ImportantSUSE bug 1250373CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:sle-micro:5.5Security update for orc (Important)SUSE Linux Enterprise Micro 5.5
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
ModerateSUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
ImportantSUSE bug 1236460CVE-2022-49043 at SUSECVE-2022-49043 at NVDcpe:/o:suse:sle-micro:5.5Security update for haproxy (Moderate)SUSE Linux Enterprise Micro 5.5
This update for haproxy fixes the following issues:
- CVE-2025-11230: Fixed issue in the mjson JSON decoder, that could have let to excessive
resource consumption when processing numbers with large exponents (bsc#1250983).
ModerateSUSE bug 1250983CVE-2025-11230 at SUSECVE-2025-11230 at NVDcpe:/o:suse:sle-micro:5.5Security update for bind (Important)SUSE Linux Enterprise Micro 5.5
This update for bind fixes the following issues:
- CVE-2024-11187: Fixes CPU exhaustion caused by many records in the additional section (bsc#1236596)
ImportantSUSE bug 1236596CVE-2024-11187 at SUSECVE-2024-11187 at NVDcpe:/o:suse:sle-micro:5.5Security update for samba (Critical)SUSE Linux Enterprise Micro 5.5
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS server hook script (bsc#1251280).
CriticalSUSE bug 1251279SUSE bug 1251280CVE-2025-10230 at SUSECVE-2025-10230 at NVDCVE-2025-9640 at SUSECVE-2025-9640 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- !CONFIG & reference -> this is bug, immediate fail
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- Do not self obsolete older kernel variants
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps.
- build_bug.h: Add KABI assert (bsc#1249186).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- supported.conf: mark hyperv_drm as external
- use uniform permission checks for all mount propagation changes (git-fixes).
- xfs: rework datasync tracking and execution (bsc#1237449).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1205205SUSE bug 1206451SUSE bug 1206456SUSE bug 1206468SUSE bug 1206843SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207361SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1209980SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213533SUSE bug 1213666SUSE bug 1213747SUSE bug 1214073SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1223959SUSE bug 1234639SUSE bug 1236104SUSE bug 1237449SUSE bug 1238160SUSE bug 1241353SUSE bug 1242846SUSE bug 1243539SUSE bug 1244337SUSE bug 1244732SUSE bug 1245666SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1248108SUSE bug 1248111SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249159SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249648SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249673SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249695SUSE bug 1249696SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249704SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249708SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249756SUSE bug 1249757SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249780SUSE bug 1249781SUSE bug 1249782SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249800SUSE bug 1249802SUSE bug 1249808SUSE bug 1249810SUSE bug 1249816SUSE bug 1249820SUSE bug 1249824SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249861SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249869SUSE bug 1249872SUSE bug 1249874SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249883SUSE bug 1249884SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249894SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249913SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249940SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249951SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249994SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250017SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250037SUSE bug 1250039SUSE bug 1250040SUSE bug 1250041SUSE bug 1250042SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250068SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250075SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250089SUSE bug 1250103SUSE bug 1250104SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250112SUSE bug 1250114SUSE bug 1250117SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250130SUSE bug 1250131SUSE bug 1250132SUSE bug 1250134SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250144SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250157SUSE bug 1250159SUSE bug 1250161SUSE bug 1250165SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250189SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250201SUSE bug 1250208SUSE bug 1250209SUSE bug 1250211SUSE bug 1250215SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250278SUSE bug 1250285SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250306SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250327SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250397SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250765SUSE bug 1250767SUSE bug 1250768SUSE bug 1250771SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250793SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250814SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250829SUSE bug 1250830SUSE bug 1250831SUSE bug 1250832SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250849SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250861SUSE bug 1250862SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250873SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250881SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250913SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250931SUSE bug 1250932SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50242 at SUSECVE-2022-50242 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50287 at SUSECVE-2022-50287 at NVDCVE-2022-50288 at SUSECVE-2022-50288 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50292 at SUSECVE-2022-50292 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50303 at SUSECVE-2022-50303 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50323 at SUSECVE-2022-50323 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50325 at SUSECVE-2022-50325 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50339 at SUSECVE-2022-50339 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50354 at SUSECVE-2022-50354 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50356 at SUSECVE-2022-50356 at NVDCVE-2022-50357 at SUSECVE-2022-50357 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50360 at SUSECVE-2022-50360 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50378 at SUSECVE-2022-50378 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50390 at SUSECVE-2022-50390 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50393 at SUSECVE-2022-50393 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50396 at SUSECVE-2022-50396 at NVDCVE-2022-50398 at SUSECVE-2022-50398 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50406 at SUSECVE-2022-50406 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50412 at SUSECVE-2022-50412 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50418 at SUSECVE-2022-50418 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50433 at SUSECVE-2022-50433 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50441 at SUSECVE-2022-50441 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50447 at SUSECVE-2022-50447 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50452 at SUSECVE-2022-50452 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50464 at SUSECVE-2022-50464 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53152 at SUSECVE-2023-53152 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53168 at SUSECVE-2023-53168 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53181 at SUSECVE-2023-53181 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53189 at SUSECVE-2023-53189 at NVDCVE-2023-53193 at SUSECVE-2023-53193 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53210 at SUSECVE-2023-53210 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53232 at SUSECVE-2023-53232 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53237 at SUSECVE-2023-53237 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53252 at SUSECVE-2023-53252 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53257 at SUSECVE-2023-53257 at NVDCVE-2023-53258 at SUSECVE-2023-53258 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53263 at SUSECVE-2023-53263 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53284 at SUSECVE-2023-53284 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53287 at SUSECVE-2023-53287 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53320 at SUSECVE-2023-53320 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53332 at SUSECVE-2023-53332 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53340 at SUSECVE-2023-53340 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53347 at SUSECVE-2023-53347 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53357 at SUSECVE-2023-53357 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53370 at SUSECVE-2023-53370 at NVDCVE-2023-53371 at SUSECVE-2023-53371 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53378 at SUSECVE-2023-53378 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53383 at SUSECVE-2023-53383 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53391 at SUSECVE-2023-53391 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53398 at SUSECVE-2023-53398 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53442 at SUSECVE-2023-53442 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53444 at SUSECVE-2023-53444 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53448 at SUSECVE-2023-53448 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53456 at SUSECVE-2023-53456 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53466 at SUSECVE-2023-53466 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53480 at SUSECVE-2023-53480 at NVDCVE-2023-53482 at SUSECVE-2023-53482 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53489 at SUSECVE-2023-53489 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53511 at SUSECVE-2023-53511 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2023-53531 at SUSECVE-2023-53531 at NVDCVE-2023-53532 at SUSECVE-2023-53532 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38683 at SUSECVE-2025-38683 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Important)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:sle-micro:5.5Security update for wget (Moderate)SUSE Linux Enterprise Micro 5.5
This update for wget fixes the following issues:
- CVE-2021-31879: Authorization header disclosed upon redirects to different origins. (bsc#1185551)
ModerateSUSE bug 1185551SUSE bug 1230795CVE-2021-31879 at SUSECVE-2021-31879 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
ModerateSUSE bug 1236588SUSE bug 1236590CVE-2025-0167 at SUSECVE-2025-0167 at NVDCVE-2025-0725 at SUSECVE-2025-0725 at NVDcpe:/o:suse:sle-micro:5.5Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.5
This update for protobuf fixes the following issues:
- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
messages can lead to crash due to a `RecursionError` (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53257: wifi: mac80211: check S1G action frame size (bsc#1249869).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-37738: ext4: ignore xattrs past end (bsc#1242846).
- CVE-2025-37958: mm/huge_memory: fix dereferencing invalid pmd migration entry (bsc#1243539).
- CVE-2025-38014: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper (bsc#1244732).
- CVE-2025-38111: net/mdiobus: Fix potential out-of-bounds read/write access (bsc#1245666).
- CVE-2025-38380: i2c/designware: Fix an initialization issue (bsc#1247028).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38659: gfs2: No more self recovery (bsc#1248639).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38706: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (bsc#1249195).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324).
- CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374).
- CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315).
- CVE-2025-39726: s390/ism: fix concurrency management in ism_cmd() (bsc#1249266).
- CVE-2025-39746: wifi: ath10k: shutdown driver when hardware is unreliable (bsc#1249516).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39790: bus: mhi: host: Detect events pointing to unexpected TREs (bsc#1249548).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
- CVE-2025-39824: HID: asus: fix UAF via HID_CLAIMED_INPUT validation (bsc#1250007).
- CVE-2025-39860: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (bsc#1250247).
- CVE-2025-39869: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (bsc#1250406).
The following non-security bugs were fixed:
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186).
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- Revert selinux patches that caused regressions (bsc#1249353).
- btrfs: avoid NULL pointer dereference if no valid extent tree (bsc#1249158).
- build_bug.h: Add KABI assert (bsc#1249186).
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- kabi/severities: ignore kABI for atheros helper modules The symbols are used only internally by atheros drivers.
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- net/sched: ets: use old 'nbands' while purging unused classes (git-fixes).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- supported.conf: mark hyperv_drm as external
- use uniform permission checks for all mount propagation changes (git-fixes).
- xfs: rework datasync tracking and execution (bsc#1237449).
ImportantSUSE bug 1065729SUSE bug 1164051SUSE bug 1193629SUSE bug 1194869SUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1205205SUSE bug 1206451SUSE bug 1206456SUSE bug 1206468SUSE bug 1206843SUSE bug 1206883SUSE bug 1206884SUSE bug 1207158SUSE bug 1207361SUSE bug 1207621SUSE bug 1207624SUSE bug 1207625SUSE bug 1207628SUSE bug 1207629SUSE bug 1207631SUSE bug 1207645SUSE bug 1207651SUSE bug 1208607SUSE bug 1209287SUSE bug 1209291SUSE bug 1209980SUSE bug 1210584SUSE bug 1211960SUSE bug 1212603SUSE bug 1213015SUSE bug 1213016SUSE bug 1213040SUSE bug 1213041SUSE bug 1213061SUSE bug 1213099SUSE bug 1213104SUSE bug 1213533SUSE bug 1213666SUSE bug 1213747SUSE bug 1214073SUSE bug 1214953SUSE bug 1214967SUSE bug 1215150SUSE bug 1215696SUSE bug 1215911SUSE bug 1216976SUSE bug 1217790SUSE bug 1220185SUSE bug 1220186SUSE bug 1223959SUSE bug 1234639SUSE bug 1236104SUSE bug 1237449SUSE bug 1238160SUSE bug 1241353SUSE bug 1242846SUSE bug 1243539SUSE bug 1244337SUSE bug 1244732SUSE bug 1245666SUSE bug 1246879SUSE bug 1246968SUSE bug 1247028SUSE bug 1247172SUSE bug 1247239SUSE bug 1248108SUSE bug 1248111SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248639SUSE bug 1248847SUSE bug 1249126SUSE bug 1249158SUSE bug 1249159SUSE bug 1249186SUSE bug 1249195SUSE bug 1249200SUSE bug 1249220SUSE bug 1249266SUSE bug 1249315SUSE bug 1249324SUSE bug 1249346SUSE bug 1249353SUSE bug 1249374SUSE bug 1249516SUSE bug 1249538SUSE bug 1249548SUSE bug 1249604SUSE bug 1249638SUSE bug 1249639SUSE bug 1249641SUSE bug 1249642SUSE bug 1249648SUSE bug 1249650SUSE bug 1249651SUSE bug 1249658SUSE bug 1249661SUSE bug 1249664SUSE bug 1249667SUSE bug 1249669SUSE bug 1249673SUSE bug 1249677SUSE bug 1249681SUSE bug 1249683SUSE bug 1249685SUSE bug 1249687SUSE bug 1249691SUSE bug 1249695SUSE bug 1249696SUSE bug 1249699SUSE bug 1249700SUSE bug 1249701SUSE bug 1249704SUSE bug 1249705SUSE bug 1249706SUSE bug 1249707SUSE bug 1249708SUSE bug 1249709SUSE bug 1249712SUSE bug 1249713SUSE bug 1249715SUSE bug 1249716SUSE bug 1249718SUSE bug 1249722SUSE bug 1249727SUSE bug 1249730SUSE bug 1249733SUSE bug 1249734SUSE bug 1249739SUSE bug 1249740SUSE bug 1249741SUSE bug 1249742SUSE bug 1249743SUSE bug 1249745SUSE bug 1249746SUSE bug 1249747SUSE bug 1249749SUSE bug 1249750SUSE bug 1249751SUSE bug 1249753SUSE bug 1249756SUSE bug 1249757SUSE bug 1249758SUSE bug 1249762SUSE bug 1249767SUSE bug 1249777SUSE bug 1249780SUSE bug 1249781SUSE bug 1249782SUSE bug 1249784SUSE bug 1249791SUSE bug 1249799SUSE bug 1249800SUSE bug 1249802SUSE bug 1249808SUSE bug 1249810SUSE bug 1249816SUSE bug 1249820SUSE bug 1249824SUSE bug 1249825SUSE bug 1249827SUSE bug 1249836SUSE bug 1249840SUSE bug 1249844SUSE bug 1249846SUSE bug 1249853SUSE bug 1249858SUSE bug 1249860SUSE bug 1249861SUSE bug 1249864SUSE bug 1249865SUSE bug 1249866SUSE bug 1249867SUSE bug 1249868SUSE bug 1249869SUSE bug 1249872SUSE bug 1249874SUSE bug 1249877SUSE bug 1249880SUSE bug 1249882SUSE bug 1249883SUSE bug 1249884SUSE bug 1249885SUSE bug 1249890SUSE bug 1249892SUSE bug 1249894SUSE bug 1249908SUSE bug 1249910SUSE bug 1249911SUSE bug 1249913SUSE bug 1249914SUSE bug 1249917SUSE bug 1249918SUSE bug 1249920SUSE bug 1249923SUSE bug 1249924SUSE bug 1249925SUSE bug 1249927SUSE bug 1249928SUSE bug 1249930SUSE bug 1249933SUSE bug 1249934SUSE bug 1249936SUSE bug 1249938SUSE bug 1249939SUSE bug 1249940SUSE bug 1249944SUSE bug 1249947SUSE bug 1249949SUSE bug 1249950SUSE bug 1249951SUSE bug 1249954SUSE bug 1249958SUSE bug 1249979SUSE bug 1249981SUSE bug 1249991SUSE bug 1249994SUSE bug 1249997SUSE bug 1250002SUSE bug 1250006SUSE bug 1250007SUSE bug 1250009SUSE bug 1250010SUSE bug 1250011SUSE bug 1250014SUSE bug 1250015SUSE bug 1250017SUSE bug 1250023SUSE bug 1250024SUSE bug 1250026SUSE bug 1250037SUSE bug 1250039SUSE bug 1250040SUSE bug 1250041SUSE bug 1250042SUSE bug 1250044SUSE bug 1250047SUSE bug 1250049SUSE bug 1250052SUSE bug 1250055SUSE bug 1250058SUSE bug 1250060SUSE bug 1250062SUSE bug 1250065SUSE bug 1250066SUSE bug 1250068SUSE bug 1250070SUSE bug 1250071SUSE bug 1250072SUSE bug 1250075SUSE bug 1250077SUSE bug 1250080SUSE bug 1250081SUSE bug 1250083SUSE bug 1250089SUSE bug 1250103SUSE bug 1250104SUSE bug 1250105SUSE bug 1250106SUSE bug 1250107SUSE bug 1250108SUSE bug 1250112SUSE bug 1250114SUSE bug 1250117SUSE bug 1250118SUSE bug 1250121SUSE bug 1250127SUSE bug 1250128SUSE bug 1250130SUSE bug 1250131SUSE bug 1250132SUSE bug 1250134SUSE bug 1250137SUSE bug 1250138SUSE bug 1250140SUSE bug 1250144SUSE bug 1250145SUSE bug 1250151SUSE bug 1250153SUSE bug 1250156SUSE bug 1250157SUSE bug 1250159SUSE bug 1250161SUSE bug 1250165SUSE bug 1250168SUSE bug 1250178SUSE bug 1250180SUSE bug 1250181SUSE bug 1250182SUSE bug 1250183SUSE bug 1250184SUSE bug 1250187SUSE bug 1250189SUSE bug 1250191SUSE bug 1250197SUSE bug 1250198SUSE bug 1250200SUSE bug 1250201SUSE bug 1250208SUSE bug 1250209SUSE bug 1250211SUSE bug 1250215SUSE bug 1250245SUSE bug 1250247SUSE bug 1250250SUSE bug 1250257SUSE bug 1250264SUSE bug 1250269SUSE bug 1250277SUSE bug 1250278SUSE bug 1250285SUSE bug 1250287SUSE bug 1250293SUSE bug 1250301SUSE bug 1250303SUSE bug 1250306SUSE bug 1250309SUSE bug 1250311SUSE bug 1250313SUSE bug 1250315SUSE bug 1250316SUSE bug 1250322SUSE bug 1250323SUSE bug 1250324SUSE bug 1250325SUSE bug 1250327SUSE bug 1250328SUSE bug 1250331SUSE bug 1250358SUSE bug 1250362SUSE bug 1250363SUSE bug 1250370SUSE bug 1250374SUSE bug 1250391SUSE bug 1250392SUSE bug 1250393SUSE bug 1250394SUSE bug 1250395SUSE bug 1250397SUSE bug 1250406SUSE bug 1250412SUSE bug 1250418SUSE bug 1250425SUSE bug 1250428SUSE bug 1250453SUSE bug 1250454SUSE bug 1250457SUSE bug 1250459SUSE bug 1250522SUSE bug 1250759SUSE bug 1250761SUSE bug 1250762SUSE bug 1250763SUSE bug 1250765SUSE bug 1250767SUSE bug 1250768SUSE bug 1250771SUSE bug 1250774SUSE bug 1250781SUSE bug 1250784SUSE bug 1250786SUSE bug 1250787SUSE bug 1250790SUSE bug 1250791SUSE bug 1250792SUSE bug 1250793SUSE bug 1250797SUSE bug 1250799SUSE bug 1250807SUSE bug 1250810SUSE bug 1250811SUSE bug 1250814SUSE bug 1250818SUSE bug 1250819SUSE bug 1250822SUSE bug 1250823SUSE bug 1250824SUSE bug 1250825SUSE bug 1250829SUSE bug 1250830SUSE bug 1250831SUSE bug 1250832SUSE bug 1250839SUSE bug 1250841SUSE bug 1250842SUSE bug 1250843SUSE bug 1250846SUSE bug 1250847SUSE bug 1250848SUSE bug 1250849SUSE bug 1250850SUSE bug 1250851SUSE bug 1250853SUSE bug 1250856SUSE bug 1250861SUSE bug 1250862SUSE bug 1250863SUSE bug 1250864SUSE bug 1250866SUSE bug 1250867SUSE bug 1250868SUSE bug 1250872SUSE bug 1250873SUSE bug 1250874SUSE bug 1250875SUSE bug 1250877SUSE bug 1250879SUSE bug 1250881SUSE bug 1250883SUSE bug 1250887SUSE bug 1250888SUSE bug 1250889SUSE bug 1250890SUSE bug 1250891SUSE bug 1250905SUSE bug 1250913SUSE bug 1250915SUSE bug 1250917SUSE bug 1250923SUSE bug 1250927SUSE bug 1250928SUSE bug 1250931SUSE bug 1250932SUSE bug 1250948SUSE bug 1250949SUSE bug 1250953SUSE bug 1250963SUSE bug 1250964SUSE bug 1250965CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49138 at SUSECVE-2022-49138 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50239 at SUSECVE-2022-50239 at NVDCVE-2022-50241 at SUSECVE-2022-50241 at NVDCVE-2022-50242 at SUSECVE-2022-50242 at NVDCVE-2022-50246 at SUSECVE-2022-50246 at NVDCVE-2022-50247 at SUSECVE-2022-50247 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50250 at SUSECVE-2022-50250 at NVDCVE-2022-50251 at SUSECVE-2022-50251 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50255 at SUSECVE-2022-50255 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50261 at SUSECVE-2022-50261 at NVDCVE-2022-50264 at SUSECVE-2022-50264 at NVDCVE-2022-50266 at SUSECVE-2022-50266 at NVDCVE-2022-50267 at SUSECVE-2022-50267 at NVDCVE-2022-50268 at SUSECVE-2022-50268 at NVDCVE-2022-50269 at SUSECVE-2022-50269 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50275 at SUSECVE-2022-50275 at NVDCVE-2022-50276 at SUSECVE-2022-50276 at NVDCVE-2022-50277 at SUSECVE-2022-50277 at NVDCVE-2022-50278 at SUSECVE-2022-50278 at NVDCVE-2022-50279 at SUSECVE-2022-50279 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50286 at SUSECVE-2022-50286 at NVDCVE-2022-50287 at SUSECVE-2022-50287 at NVDCVE-2022-50288 at SUSECVE-2022-50288 at NVDCVE-2022-50289 at SUSECVE-2022-50289 at NVDCVE-2022-50292 at SUSECVE-2022-50292 at NVDCVE-2022-50294 at SUSECVE-2022-50294 at NVDCVE-2022-50297 at SUSECVE-2022-50297 at NVDCVE-2022-50298 at SUSECVE-2022-50298 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50301 at SUSECVE-2022-50301 at NVDCVE-2022-50303 at SUSECVE-2022-50303 at NVDCVE-2022-50308 at SUSECVE-2022-50308 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50318 at SUSECVE-2022-50318 at NVDCVE-2022-50320 at SUSECVE-2022-50320 at NVDCVE-2022-50321 at SUSECVE-2022-50321 at NVDCVE-2022-50323 at SUSECVE-2022-50323 at NVDCVE-2022-50324 at SUSECVE-2022-50324 at NVDCVE-2022-50325 at SUSECVE-2022-50325 at NVDCVE-2022-50328 at SUSECVE-2022-50328 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50331 at SUSECVE-2022-50331 at NVDCVE-2022-50333 at SUSECVE-2022-50333 at NVDCVE-2022-50339 at SUSECVE-2022-50339 at NVDCVE-2022-50340 at SUSECVE-2022-50340 at NVDCVE-2022-50342 at SUSECVE-2022-50342 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50346 at SUSECVE-2022-50346 at NVDCVE-2022-50347 at SUSECVE-2022-50347 at NVDCVE-2022-50348 at SUSECVE-2022-50348 at NVDCVE-2022-50349 at SUSECVE-2022-50349 at NVDCVE-2022-50351 at SUSECVE-2022-50351 at NVDCVE-2022-50353 at SUSECVE-2022-50353 at NVDCVE-2022-50354 at SUSECVE-2022-50354 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50356 at SUSECVE-2022-50356 at NVDCVE-2022-50357 at SUSECVE-2022-50357 at NVDCVE-2022-50358 at SUSECVE-2022-50358 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50360 at SUSECVE-2022-50360 at NVDCVE-2022-50362 at SUSECVE-2022-50362 at NVDCVE-2022-50364 at SUSECVE-2022-50364 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50369 at SUSECVE-2022-50369 at NVDCVE-2022-50370 at SUSECVE-2022-50370 at NVDCVE-2022-50372 at SUSECVE-2022-50372 at NVDCVE-2022-50373 at SUSECVE-2022-50373 at NVDCVE-2022-50374 at SUSECVE-2022-50374 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50376 at SUSECVE-2022-50376 at NVDCVE-2022-50378 at SUSECVE-2022-50378 at NVDCVE-2022-50379 at SUSECVE-2022-50379 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50389 at SUSECVE-2022-50389 at NVDCVE-2022-50390 at SUSECVE-2022-50390 at NVDCVE-2022-50391 at SUSECVE-2022-50391 at NVDCVE-2022-50392 at SUSECVE-2022-50392 at NVDCVE-2022-50393 at SUSECVE-2022-50393 at NVDCVE-2022-50394 at SUSECVE-2022-50394 at NVDCVE-2022-50395 at SUSECVE-2022-50395 at NVDCVE-2022-50396 at SUSECVE-2022-50396 at NVDCVE-2022-50398 at SUSECVE-2022-50398 at NVDCVE-2022-50399 at SUSECVE-2022-50399 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50402 at SUSECVE-2022-50402 at NVDCVE-2022-50404 at SUSECVE-2022-50404 at NVDCVE-2022-50406 at SUSECVE-2022-50406 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50411 at SUSECVE-2022-50411 at NVDCVE-2022-50412 at SUSECVE-2022-50412 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50417 at SUSECVE-2022-50417 at NVDCVE-2022-50418 at SUSECVE-2022-50418 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50425 at SUSECVE-2022-50425 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50428 at SUSECVE-2022-50428 at NVDCVE-2022-50429 at SUSECVE-2022-50429 at NVDCVE-2022-50430 at SUSECVE-2022-50430 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50433 at SUSECVE-2022-50433 at NVDCVE-2022-50434 at SUSECVE-2022-50434 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50436 at SUSECVE-2022-50436 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50439 at SUSECVE-2022-50439 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50441 at SUSECVE-2022-50441 at NVDCVE-2022-50443 at SUSECVE-2022-50443 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50447 at SUSECVE-2022-50447 at NVDCVE-2022-50449 at SUSECVE-2022-50449 at NVDCVE-2022-50452 at SUSECVE-2022-50452 at NVDCVE-2022-50453 at SUSECVE-2022-50453 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50456 at SUSECVE-2022-50456 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50460 at SUSECVE-2022-50460 at NVDCVE-2022-50464 at SUSECVE-2022-50464 at NVDCVE-2022-50465 at SUSECVE-2022-50465 at NVDCVE-2022-50466 at SUSECVE-2022-50466 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2022-50468 at SUSECVE-2022-50468 at NVDCVE-2022-50469 at SUSECVE-2022-50469 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53149 at SUSECVE-2023-53149 at NVDCVE-2023-53150 at SUSECVE-2023-53150 at NVDCVE-2023-53151 at SUSECVE-2023-53151 at NVDCVE-2023-53152 at SUSECVE-2023-53152 at NVDCVE-2023-53153 at SUSECVE-2023-53153 at NVDCVE-2023-53165 at SUSECVE-2023-53165 at NVDCVE-2023-53167 at SUSECVE-2023-53167 at NVDCVE-2023-53168 at SUSECVE-2023-53168 at NVDCVE-2023-53171 at SUSECVE-2023-53171 at NVDCVE-2023-53174 at SUSECVE-2023-53174 at NVDCVE-2023-53176 at SUSECVE-2023-53176 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53181 at SUSECVE-2023-53181 at NVDCVE-2023-53182 at SUSECVE-2023-53182 at NVDCVE-2023-53185 at SUSECVE-2023-53185 at NVDCVE-2023-53189 at SUSECVE-2023-53189 at NVDCVE-2023-53193 at SUSECVE-2023-53193 at NVDCVE-2023-53196 at SUSECVE-2023-53196 at NVDCVE-2023-53197 at SUSECVE-2023-53197 at NVDCVE-2023-53199 at SUSECVE-2023-53199 at NVDCVE-2023-53201 at SUSECVE-2023-53201 at NVDCVE-2023-53205 at SUSECVE-2023-53205 at NVDCVE-2023-53210 at SUSECVE-2023-53210 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53216 at SUSECVE-2023-53216 at NVDCVE-2023-53219 at SUSECVE-2023-53219 at NVDCVE-2023-53222 at SUSECVE-2023-53222 at NVDCVE-2023-53223 at SUSECVE-2023-53223 at NVDCVE-2023-53226 at SUSECVE-2023-53226 at NVDCVE-2023-53229 at SUSECVE-2023-53229 at NVDCVE-2023-53230 at SUSECVE-2023-53230 at NVDCVE-2023-53232 at SUSECVE-2023-53232 at NVDCVE-2023-53234 at SUSECVE-2023-53234 at NVDCVE-2023-53237 at SUSECVE-2023-53237 at NVDCVE-2023-53238 at SUSECVE-2023-53238 at NVDCVE-2023-53239 at SUSECVE-2023-53239 at NVDCVE-2023-53241 at SUSECVE-2023-53241 at NVDCVE-2023-53242 at SUSECVE-2023-53242 at NVDCVE-2023-53244 at SUSECVE-2023-53244 at NVDCVE-2023-53245 at SUSECVE-2023-53245 at NVDCVE-2023-53246 at SUSECVE-2023-53246 at NVDCVE-2023-53249 at SUSECVE-2023-53249 at NVDCVE-2023-53250 at SUSECVE-2023-53250 at NVDCVE-2023-53251 at SUSECVE-2023-53251 at NVDCVE-2023-53252 at SUSECVE-2023-53252 at NVDCVE-2023-53255 at SUSECVE-2023-53255 at NVDCVE-2023-53257 at SUSECVE-2023-53257 at NVDCVE-2023-53258 at SUSECVE-2023-53258 at NVDCVE-2023-53259 at SUSECVE-2023-53259 at NVDCVE-2023-53263 at SUSECVE-2023-53263 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53268 at SUSECVE-2023-53268 at NVDCVE-2023-53270 at SUSECVE-2023-53270 at NVDCVE-2023-53272 at SUSECVE-2023-53272 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53275 at SUSECVE-2023-53275 at NVDCVE-2023-53276 at SUSECVE-2023-53276 at NVDCVE-2023-53277 at SUSECVE-2023-53277 at NVDCVE-2023-53280 at SUSECVE-2023-53280 at NVDCVE-2023-53281 at SUSECVE-2023-53281 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53284 at SUSECVE-2023-53284 at NVDCVE-2023-53286 at SUSECVE-2023-53286 at NVDCVE-2023-53287 at SUSECVE-2023-53287 at NVDCVE-2023-53288 at SUSECVE-2023-53288 at NVDCVE-2023-53295 at SUSECVE-2023-53295 at NVDCVE-2023-53297 at SUSECVE-2023-53297 at NVDCVE-2023-53298 at SUSECVE-2023-53298 at NVDCVE-2023-53299 at SUSECVE-2023-53299 at NVDCVE-2023-53302 at SUSECVE-2023-53302 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53305 at SUSECVE-2023-53305 at NVDCVE-2023-53309 at SUSECVE-2023-53309 at NVDCVE-2023-53311 at SUSECVE-2023-53311 at NVDCVE-2023-53313 at SUSECVE-2023-53313 at NVDCVE-2023-53314 at SUSECVE-2023-53314 at NVDCVE-2023-53315 at SUSECVE-2023-53315 at NVDCVE-2023-53316 at SUSECVE-2023-53316 at NVDCVE-2023-53317 at SUSECVE-2023-53317 at NVDCVE-2023-53320 at SUSECVE-2023-53320 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53322 at SUSECVE-2023-53322 at NVDCVE-2023-53324 at SUSECVE-2023-53324 at NVDCVE-2023-53326 at SUSECVE-2023-53326 at NVDCVE-2023-53330 at SUSECVE-2023-53330 at NVDCVE-2023-53331 at SUSECVE-2023-53331 at NVDCVE-2023-53332 at SUSECVE-2023-53332 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53334 at SUSECVE-2023-53334 at NVDCVE-2023-53335 at SUSECVE-2023-53335 at NVDCVE-2023-53337 at SUSECVE-2023-53337 at NVDCVE-2023-53340 at SUSECVE-2023-53340 at NVDCVE-2023-53344 at SUSECVE-2023-53344 at NVDCVE-2023-53347 at SUSECVE-2023-53347 at NVDCVE-2023-53349 at SUSECVE-2023-53349 at NVDCVE-2023-53352 at SUSECVE-2023-53352 at NVDCVE-2023-53356 at SUSECVE-2023-53356 at NVDCVE-2023-53357 at SUSECVE-2023-53357 at NVDCVE-2023-53359 at SUSECVE-2023-53359 at NVDCVE-2023-53368 at SUSECVE-2023-53368 at NVDCVE-2023-53370 at SUSECVE-2023-53370 at NVDCVE-2023-53371 at SUSECVE-2023-53371 at NVDCVE-2023-53373 at SUSECVE-2023-53373 at NVDCVE-2023-53375 at SUSECVE-2023-53375 at NVDCVE-2023-53377 at SUSECVE-2023-53377 at NVDCVE-2023-53378 at SUSECVE-2023-53378 at NVDCVE-2023-53379 at SUSECVE-2023-53379 at NVDCVE-2023-53380 at SUSECVE-2023-53380 at NVDCVE-2023-53381 at SUSECVE-2023-53381 at NVDCVE-2023-53383 at SUSECVE-2023-53383 at NVDCVE-2023-53384 at SUSECVE-2023-53384 at NVDCVE-2023-53386 at SUSECVE-2023-53386 at NVDCVE-2023-53388 at SUSECVE-2023-53388 at NVDCVE-2023-53390 at SUSECVE-2023-53390 at NVDCVE-2023-53391 at SUSECVE-2023-53391 at NVDCVE-2023-53393 at SUSECVE-2023-53393 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53396 at SUSECVE-2023-53396 at NVDCVE-2023-53398 at SUSECVE-2023-53398 at NVDCVE-2023-53400 at SUSECVE-2023-53400 at NVDCVE-2023-53404 at SUSECVE-2023-53404 at NVDCVE-2023-53405 at SUSECVE-2023-53405 at NVDCVE-2023-53406 at SUSECVE-2023-53406 at NVDCVE-2023-53409 at SUSECVE-2023-53409 at NVDCVE-2023-53413 at SUSECVE-2023-53413 at NVDCVE-2023-53414 at SUSECVE-2023-53414 at NVDCVE-2023-53415 at SUSECVE-2023-53415 at NVDCVE-2023-53416 at SUSECVE-2023-53416 at NVDCVE-2023-53422 at SUSECVE-2023-53422 at NVDCVE-2023-53427 at SUSECVE-2023-53427 at NVDCVE-2023-53431 at SUSECVE-2023-53431 at NVDCVE-2023-53435 at SUSECVE-2023-53435 at NVDCVE-2023-53436 at SUSECVE-2023-53436 at NVDCVE-2023-53437 at SUSECVE-2023-53437 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53440 at SUSECVE-2023-53440 at NVDCVE-2023-53442 at SUSECVE-2023-53442 at NVDCVE-2023-53443 at SUSECVE-2023-53443 at NVDCVE-2023-53444 at SUSECVE-2023-53444 at NVDCVE-2023-53446 at SUSECVE-2023-53446 at NVDCVE-2023-53448 at SUSECVE-2023-53448 at NVDCVE-2023-53449 at SUSECVE-2023-53449 at NVDCVE-2023-53451 at SUSECVE-2023-53451 at NVDCVE-2023-53452 at SUSECVE-2023-53452 at NVDCVE-2023-53453 at SUSECVE-2023-53453 at NVDCVE-2023-53454 at SUSECVE-2023-53454 at NVDCVE-2023-53456 at SUSECVE-2023-53456 at NVDCVE-2023-53457 at SUSECVE-2023-53457 at NVDCVE-2023-53458 at SUSECVE-2023-53458 at NVDCVE-2023-53463 at SUSECVE-2023-53463 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53465 at SUSECVE-2023-53465 at NVDCVE-2023-53466 at SUSECVE-2023-53466 at NVDCVE-2023-53468 at SUSECVE-2023-53468 at NVDCVE-2023-53471 at SUSECVE-2023-53471 at NVDCVE-2023-53472 at SUSECVE-2023-53472 at NVDCVE-2023-53473 at SUSECVE-2023-53473 at NVDCVE-2023-53474 at SUSECVE-2023-53474 at NVDCVE-2023-53475 at SUSECVE-2023-53475 at NVDCVE-2023-53476 at SUSECVE-2023-53476 at NVDCVE-2023-53480 at SUSECVE-2023-53480 at NVDCVE-2023-53482 at SUSECVE-2023-53482 at NVDCVE-2023-53485 at SUSECVE-2023-53485 at NVDCVE-2023-53487 at SUSECVE-2023-53487 at NVDCVE-2023-53488 at SUSECVE-2023-53488 at NVDCVE-2023-53489 at SUSECVE-2023-53489 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2023-53494 at SUSECVE-2023-53494 at NVDCVE-2023-53496 at SUSECVE-2023-53496 at NVDCVE-2023-53498 at SUSECVE-2023-53498 at NVDCVE-2023-53499 at SUSECVE-2023-53499 at NVDCVE-2023-53505 at SUSECVE-2023-53505 at NVDCVE-2023-53506 at SUSECVE-2023-53506 at NVDCVE-2023-53509 at SUSECVE-2023-53509 at NVDCVE-2023-53511 at SUSECVE-2023-53511 at NVDCVE-2023-53512 at SUSECVE-2023-53512 at NVDCVE-2023-53515 at SUSECVE-2023-53515 at NVDCVE-2023-53518 at SUSECVE-2023-53518 at NVDCVE-2023-53519 at SUSECVE-2023-53519 at NVDCVE-2023-53521 at SUSECVE-2023-53521 at NVDCVE-2023-53524 at SUSECVE-2023-53524 at NVDCVE-2023-53525 at SUSECVE-2023-53525 at NVDCVE-2023-53526 at SUSECVE-2023-53526 at NVDCVE-2023-53530 at SUSECVE-2023-53530 at NVDCVE-2023-53531 at SUSECVE-2023-53531 at NVDCVE-2023-53532 at SUSECVE-2023-53532 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-37738 at SUSECVE-2025-37738 at NVDCVE-2025-37958 at SUSECVE-2025-37958 at NVDCVE-2025-38014 at SUSECVE-2025-38014 at NVDCVE-2025-38111 at SUSECVE-2025-38111 at NVDCVE-2025-38380 at SUSECVE-2025-38380 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38659 at SUSECVE-2025-38659 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38678 at SUSECVE-2025-38678 at NVDCVE-2025-38683 at SUSECVE-2025-38683 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38706 at SUSECVE-2025-38706 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-38734 at SUSECVE-2025-38734 at NVDCVE-2025-39691 at SUSECVE-2025-39691 at NVDCVE-2025-39703 at SUSECVE-2025-39703 at NVDCVE-2025-39726 at SUSECVE-2025-39726 at NVDCVE-2025-39746 at SUSECVE-2025-39746 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39790 at SUSECVE-2025-39790 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDCVE-2025-39824 at SUSECVE-2025-39824 at NVDCVE-2025-39860 at SUSECVE-2025-39860 at NVDCVE-2025-39869 at SUSECVE-2025-39869 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-9566: fixed a case when kube play command could overwrite host files (bsc#1249154).
ImportantSUSE bug 1249154CVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:sle-micro:5.5Security update for afterburn (Important)SUSE Linux Enterprise Micro 5.5
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
ImportantSUSE bug 1196972SUSE bug 1242665SUSE bug 1243850SUSE bug 1244199SUSE bug 1244675SUSE bug 1250471CVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-5791 at SUSECVE-2025-5791 at NVDcpe:/o:suse:sle-micro:5.5Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
ModerateSUSE bug 1246974SUSE bug 1249375CVE-2025-8114 at SUSECVE-2025-8114 at NVDCVE-2025-8277 at SUSECVE-2025-8277 at NVDcpe:/o:suse:sle-micro:5.5Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.5
This update for chrony fixes the following issues:
- Race condition during socket creation by chronyc allows privilege escalation from user chrony to root (bsc#1246544).
This update also ships chrony-pool-empty to SLE Micro 5.x (jsc#SMO-587)
ModerateSUSE bug 1246544cpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472)
ImportantSUSE bug 1248807SUSE bug 1251271CVE-2025-27466 at SUSECVE-2025-27466 at NVDCVE-2025-58142 at SUSECVE-2025-58142 at NVDCVE-2025-58143 at SUSECVE-2025-58143 at NVDCVE-2025-58147 at SUSECVE-2025-58147 at NVDCVE-2025-58148 at SUSECVE-2025-58148 at NVDcpe:/o:suse:sle-micro:5.5Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.5
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
ImportantSUSE bug 1251263CVE-2025-9187 at SUSECVE-2025-9187 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
ImportantSUSE bug 1236270CVE-2024-11218 at SUSECVE-2024-11218 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.5
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function leading to denial of service (bsc#1251979)
- CVE-2025-10911: last fix caused a regression, patch was temporary disabled (bsc#1250553)
ImportantSUSE bug 1250553SUSE bug 1251979CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:sle-micro:5.5Security update for colord (Moderate)SUSE Linux Enterprise Micro 5.5
This update for colord fixes the following issues:
- CVE-2021-42523: The original fix was wrong and did not properly free the error, resulting in a crash that has now been addressed (bsc#1250750).
ModerateSUSE bug 1250750CVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:sle-micro:5.5Security update for tiff (Important)SUSE Linux Enterprise Micro 5.5
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
ImportantSUSE bug 1250413CVE-2025-9900 at SUSECVE-2025-9900 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Important)SUSE Linux Enterprise Micro 5.5
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
ImportantSUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.5Security update for gpg2 (Low)SUSE Linux Enterprise Micro 5.5
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
LowSUSE bug 1239119CVE-2025-30258 at SUSECVE-2025-30258 at NVDcpe:/o:suse:sle-micro:5.5Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.5
This update for ovmf fixes the following issues:
- CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages.
(bsc#1218879)
- CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880)
- CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881)
- CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882)
- CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883)
- CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message.
(bsc#1218884)
- CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message.
(bsc#1218885)
- CVE-2023-45236: predictable TCP Initial Sequence Numbers in edk2 network packages. (bsc#1218886)
- CVE-2023-45237: use of a weak pseudorandom number generator in edk2. (bsc#1218887)
ImportantSUSE bug 1218879SUSE bug 1218880SUSE bug 1218881SUSE bug 1218882SUSE bug 1218883SUSE bug 1218884SUSE bug 1218885SUSE bug 1218886SUSE bug 1218887CVE-2023-45229 at SUSECVE-2023-45229 at NVDCVE-2023-45230 at SUSECVE-2023-45230 at NVDCVE-2023-45231 at SUSECVE-2023-45231 at NVDCVE-2023-45232 at SUSECVE-2023-45232 at NVDCVE-2023-45233 at SUSECVE-2023-45233 at NVDCVE-2023-45234 at SUSECVE-2023-45234 at NVDCVE-2023-45235 at SUSECVE-2023-45235 at NVDCVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDcpe:/o:suse:sle-micro:5.5Security update for runc (Important)SUSE Linux Enterprise Micro 5.5
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0> ImportantSUSE bug 1252110SUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
ImportantSUSE bug 1252376SUSE bug 1252543CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:sle-micro:5.5Security update for elfutils (Moderate)SUSE Linux Enterprise Micro 5.5
This update for elfutils fixes the following issues:
- Fixing build/testsuite for more recent glibc and kernels.
- Fixing denial of service and general buffer overflow errors
(bsc#1237236, bsc#1237240, bsc#1237241, bsc#1237242):
- CVE-2025-1376: Fixed denial of service in function elf_strptr in the library /libelf/elf_strptr.c of the component eu-strip
- CVE-2025-1377: Fixed denial of service in function gelf_getsymshndx of the file strip.c of the component eu-strip
- CVE-2025-1372: Fixed buffer overflow in function dump_data_section/print_string_section of the file readelf.c of the component eu-readelf
- CVE-2025-1352: Fixed SEGV (illegal read access) in function __libdw_thread_tail in the library libdw_alloc.c of the component eu-readelf
- Fixing testsuite race conditions in run-debuginfod-find.sh. ModerateSUSE bug 1237236SUSE bug 1237240SUSE bug 1237241SUSE bug 1237242CVE-2025-1352 at SUSECVE-2025-1352 at NVDCVE-2025-1372 at SUSECVE-2025-1372 at NVDCVE-2025-1376 at SUSECVE-2025-1376 at NVDCVE-2025-1377 at SUSECVE-2025-1377 at NVDcpe:/o:suse:sle-micro:5.5Security update for bind (Important)SUSE Linux Enterprise Micro 5.5
This update for bind fixes the following issues:
- CVE-2025-40778: Address various spoofing attacks (bsc#1252379).
- CVE-2025-40780: Cache-poisoning due to weak pseudo-random number generator (bsc#1252380).
ImportantSUSE bug 1252379SUSE bug 1252380CVE-2025-40778 at SUSECVE-2025-40778 at NVDCVE-2025-40780 at SUSECVE-2025-40780 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
ModerateSUSE bug 1251198SUSE bug 1251199CVE-2025-61984 at SUSECVE-2025-61984 at NVDCVE-2025-61985 at SUSECVE-2025-61985 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
The following non security issues were fixed:
- NFS: remove revoked delegation from server's delegation list (bsc#1246211).
- NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211).
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211).
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
- net: mana: Switch to page pool for jumbo frames (bsc#1248754).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). No CVE available yet, please see the bugzilla ticket referenced.
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206843SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214754SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1242960SUSE bug 1245498SUSE bug 1245499SUSE bug 1246211SUSE bug 1247317SUSE bug 1248754SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250237SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251037SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251046SUSE bug 1251047SUSE bug 1251052SUSE bug 1251054SUSE bug 1251057SUSE bug 1251059SUSE bug 1251060SUSE bug 1251061SUSE bug 1251063SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251079SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251105SUSE bug 1251106SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251153SUSE bug 1251154SUSE bug 1251159SUSE bug 1251162SUSE bug 1251164SUSE bug 1251166SUSE bug 1251167SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251174SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251221SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251284SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251301SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251307SUSE bug 1251310SUSE bug 1251312SUSE bug 1251315SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251738SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252060SUSE bug 1252069SUSE bug 1252265SUSE bug 1252473SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252494SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252534SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252632SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50479 at SUSECVE-2022-50479 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50515 at SUSECVE-2022-50515 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50524 at SUSECVE-2022-50524 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50526 at SUSECVE-2022-50526 at NVDCVE-2022-50527 at SUSECVE-2022-50527 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50543 at SUSECVE-2022-50543 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50577 at SUSECVE-2022-50577 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53539 at SUSECVE-2023-53539 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53546 at SUSECVE-2023-53546 at NVDCVE-2023-53547 at SUSECVE-2023-53547 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53557 at SUSECVE-2023-53557 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53562 at SUSECVE-2023-53562 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53578 at SUSECVE-2023-53578 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53580 at SUSECVE-2023-53580 at NVDCVE-2023-53581 at SUSECVE-2023-53581 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53591 at SUSECVE-2023-53591 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53598 at SUSECVE-2023-53598 at NVDCVE-2023-53601 at SUSECVE-2023-53601 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53697 at SUSECVE-2023-53697 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53707 at SUSECVE-2023-53707 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53716 at SUSECVE-2023-53716 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-39981 at SUSECVE-2025-39981 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDcpe:/o:suse:sle-micro:5.5Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
Other fixes:
- Bump upstream SBAT generation to 6
ModerateSUSE bug 1252931SUSE bug 1252932SUSE bug 1252933SUSE bug 1252934SUSE bug 1252935CVE-2025-54771 at SUSECVE-2025-54771 at NVDCVE-2025-61661 at SUSECVE-2025-61661 at NVDCVE-2025-61662 at SUSECVE-2025-61662 at NVDCVE-2025-61663 at SUSECVE-2025-61663 at NVDCVE-2025-61664 at SUSECVE-2025-61664 at NVDcpe:/o:suse:sle-micro:5.5Security update for sssd (Important)SUSE Linux Enterprise Micro 5.5
This update for sssd fixes the following issues:
- CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due
to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827)
Other fixes:
- Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325)
ImportantSUSE bug 1244325SUSE bug 1251827CVE-2025-11561 at SUSECVE-2025-11561 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542)
ImportantSUSE bug 1253542CVE-2025-47913 at SUSECVE-2025-47913 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm fixes the following issues:
- Update to version 3.19.1
- CVE-2025-53547: Fixed local code execution in Helm Chart. (bsc#1246152)
- CVE-2025-58190: Fixed excessive memory consumption by `html.ParseFragment` when processing specially crafted input. (bsc#1251649)
- CVE-2025-47911: Fixed various algorithms with quadratic complexity when parsing HTML documents. (bsc#1251442)
ImportantSUSE bug 1246152SUSE bug 1251442SUSE bug 1251649CVE-2025-47911 at SUSECVE-2025-47911 at NVDCVE-2025-53547 at SUSECVE-2025-53547 at NVDCVE-2025-58190 at SUSECVE-2025-58190 at NVDcpe:/o:suse:sle-micro:5.5Security update for skopeo (Moderate)SUSE Linux Enterprise Micro 5.5
This update for skopeo fixes the following issues:
- CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing
them to log files. (bsc#1227056)
- CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames
read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236483)
ModerateSUSE bug 1227056SUSE bug 1236483CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.5Security update for containerd (Important)SUSE Linux Enterprise Micro 5.5
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
ImportantSUSE bug 1253126SUSE bug 1253132CVE-2024-25621 at SUSECVE-2024-25621 at NVDCVE-2025-64329 at SUSECVE-2025-64329 at NVDcpe:/o:suse:sle-micro:5.5Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
ModerateSUSE bug 1234225SUSE bug 1244057SUSE bug 1253783CVE-2025-58436 at SUSECVE-2025-58436 at NVDCVE-2025-61915 at SUSECVE-2025-61915 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
ModerateSUSE bug 1253757CVE-2025-11563 at SUSECVE-2025-11563 at NVDcpe:/o:suse:sle-micro:5.5Security update for cups (Important)SUSE Linux Enterprise Micro 5.5
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
ImportantSUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50490: bpf: Propagate error from htab_lock_bucket() to userspace (bsc#1251164).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2025-37885: KVM: x86: Reset IRTE to host control if *new* route isn't postable (bsc#1242960).
- CVE-2025-38084: hugetlb: unshare some PMDs when splitting VMAs (bsc#1245498).
- CVE-2025-38085: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (bsc#1245499).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-39742: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (bsc#1249479).
- CVE-2025-39797: xfrm: Duplicate SPI Handling (bsc#1249608).
- CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230).
- CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
- CVE-2025-39981: Bluetooth: MGMT: Fix possible UAFs (bsc#1252060).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
- CVE-2025-40044: fs: udf: fix OOB read in lengthAllocDescs handling (bsc#1252785).
The following non security issues were fixed:
- NFS: remove revoked delegation from server's delegation list (bsc#1246211).
- NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211).
- fbcon: Fix OOB access in font allocation (bsc#1252033)
- kabi fix for NFSv4: Allow FREE_STATEID to clean up delegations (bsc#1246211).
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- mm: avoid unnecessary page fault retires on shared memory types (bsc#1251823).
- net: hv_netvsc: fix loss of early receive events from host during channel open (bsc#1252265).
- net: mana: Switch to page pool for jumbo frames (bsc#1248754).
- net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754).
- netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237).
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
ImportantSUSE bug 1065729SUSE bug 1205128SUSE bug 1206843SUSE bug 1206893SUSE bug 1207612SUSE bug 1207619SUSE bug 1210763SUSE bug 1211162SUSE bug 1211692SUSE bug 1213098SUSE bug 1213114SUSE bug 1213747SUSE bug 1214754SUSE bug 1214954SUSE bug 1214992SUSE bug 1215148SUSE bug 1217366SUSE bug 1236104SUSE bug 1242960SUSE bug 1245498SUSE bug 1245499SUSE bug 1246211SUSE bug 1247317SUSE bug 1248754SUSE bug 1249479SUSE bug 1249608SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250237SUSE bug 1250742SUSE bug 1250816SUSE bug 1250946SUSE bug 1251027SUSE bug 1251032SUSE bug 1251034SUSE bug 1251035SUSE bug 1251037SUSE bug 1251040SUSE bug 1251043SUSE bug 1251045SUSE bug 1251046SUSE bug 1251047SUSE bug 1251052SUSE bug 1251054SUSE bug 1251057SUSE bug 1251059SUSE bug 1251060SUSE bug 1251061SUSE bug 1251063SUSE bug 1251065SUSE bug 1251066SUSE bug 1251068SUSE bug 1251072SUSE bug 1251079SUSE bug 1251080SUSE bug 1251082SUSE bug 1251086SUSE bug 1251087SUSE bug 1251088SUSE bug 1251091SUSE bug 1251092SUSE bug 1251093SUSE bug 1251097SUSE bug 1251099SUSE bug 1251101SUSE bug 1251104SUSE bug 1251105SUSE bug 1251106SUSE bug 1251110SUSE bug 1251113SUSE bug 1251115SUSE bug 1251123SUSE bug 1251128SUSE bug 1251129SUSE bug 1251133SUSE bug 1251136SUSE bug 1251147SUSE bug 1251149SUSE bug 1251153SUSE bug 1251154SUSE bug 1251159SUSE bug 1251162SUSE bug 1251164SUSE bug 1251166SUSE bug 1251167SUSE bug 1251169SUSE bug 1251170SUSE bug 1251173SUSE bug 1251174SUSE bug 1251178SUSE bug 1251180SUSE bug 1251182SUSE bug 1251197SUSE bug 1251200SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251210SUSE bug 1251215SUSE bug 1251218SUSE bug 1251221SUSE bug 1251222SUSE bug 1251223SUSE bug 1251230SUSE bug 1251247SUSE bug 1251268SUSE bug 1251281SUSE bug 1251282SUSE bug 1251283SUSE bug 1251284SUSE bug 1251285SUSE bug 1251286SUSE bug 1251292SUSE bug 1251294SUSE bug 1251295SUSE bug 1251296SUSE bug 1251298SUSE bug 1251299SUSE bug 1251300SUSE bug 1251301SUSE bug 1251302SUSE bug 1251303SUSE bug 1251306SUSE bug 1251307SUSE bug 1251310SUSE bug 1251312SUSE bug 1251315SUSE bug 1251322SUSE bug 1251324SUSE bug 1251325SUSE bug 1251326SUSE bug 1251327SUSE bug 1251329SUSE bug 1251330SUSE bug 1251331SUSE bug 1251519SUSE bug 1251521SUSE bug 1251522SUSE bug 1251527SUSE bug 1251529SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251728SUSE bug 1251730SUSE bug 1251736SUSE bug 1251737SUSE bug 1251738SUSE bug 1251741SUSE bug 1251743SUSE bug 1251750SUSE bug 1251753SUSE bug 1251759SUSE bug 1251761SUSE bug 1251762SUSE bug 1251763SUSE bug 1251764SUSE bug 1251767SUSE bug 1251769SUSE bug 1251772SUSE bug 1251775SUSE bug 1251777SUSE bug 1251785SUSE bug 1251823SUSE bug 1251930SUSE bug 1251967SUSE bug 1252033SUSE bug 1252035SUSE bug 1252047SUSE bug 1252060SUSE bug 1252069SUSE bug 1252265SUSE bug 1252473SUSE bug 1252474SUSE bug 1252475SUSE bug 1252476SUSE bug 1252480SUSE bug 1252484SUSE bug 1252486SUSE bug 1252489SUSE bug 1252490SUSE bug 1252492SUSE bug 1252494SUSE bug 1252495SUSE bug 1252497SUSE bug 1252499SUSE bug 1252501SUSE bug 1252508SUSE bug 1252509SUSE bug 1252513SUSE bug 1252515SUSE bug 1252516SUSE bug 1252519SUSE bug 1252521SUSE bug 1252522SUSE bug 1252523SUSE bug 1252526SUSE bug 1252528SUSE bug 1252529SUSE bug 1252532SUSE bug 1252534SUSE bug 1252535SUSE bug 1252536SUSE bug 1252537SUSE bug 1252538SUSE bug 1252539SUSE bug 1252542SUSE bug 1252545SUSE bug 1252549SUSE bug 1252554SUSE bug 1252560SUSE bug 1252564SUSE bug 1252565SUSE bug 1252568SUSE bug 1252632SUSE bug 1252634SUSE bug 1252688SUSE bug 1252785SUSE bug 1252893CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50471 at SUSECVE-2022-50471 at NVDCVE-2022-50472 at SUSECVE-2022-50472 at NVDCVE-2022-50475 at SUSECVE-2022-50475 at NVDCVE-2022-50478 at SUSECVE-2022-50478 at NVDCVE-2022-50479 at SUSECVE-2022-50479 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50482 at SUSECVE-2022-50482 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50485 at SUSECVE-2022-50485 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50490 at SUSECVE-2022-50490 at NVDCVE-2022-50492 at SUSECVE-2022-50492 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50497 at SUSECVE-2022-50497 at NVDCVE-2022-50498 at SUSECVE-2022-50498 at NVDCVE-2022-50499 at SUSECVE-2022-50499 at NVDCVE-2022-50501 at SUSECVE-2022-50501 at NVDCVE-2022-50503 at SUSECVE-2022-50503 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50505 at SUSECVE-2022-50505 at NVDCVE-2022-50509 at SUSECVE-2022-50509 at NVDCVE-2022-50511 at SUSECVE-2022-50511 at NVDCVE-2022-50512 at SUSECVE-2022-50512 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50514 at SUSECVE-2022-50514 at NVDCVE-2022-50515 at SUSECVE-2022-50515 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50519 at SUSECVE-2022-50519 at NVDCVE-2022-50520 at SUSECVE-2022-50520 at NVDCVE-2022-50521 at SUSECVE-2022-50521 at NVDCVE-2022-50523 at SUSECVE-2022-50523 at NVDCVE-2022-50524 at SUSECVE-2022-50524 at NVDCVE-2022-50525 at SUSECVE-2022-50525 at NVDCVE-2022-50526 at SUSECVE-2022-50526 at NVDCVE-2022-50527 at SUSECVE-2022-50527 at NVDCVE-2022-50528 at SUSECVE-2022-50528 at NVDCVE-2022-50529 at SUSECVE-2022-50529 at NVDCVE-2022-50530 at SUSECVE-2022-50530 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50535 at SUSECVE-2022-50535 at NVDCVE-2022-50537 at SUSECVE-2022-50537 at NVDCVE-2022-50541 at SUSECVE-2022-50541 at NVDCVE-2022-50542 at SUSECVE-2022-50542 at NVDCVE-2022-50543 at SUSECVE-2022-50543 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50545 at SUSECVE-2022-50545 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50551 at SUSECVE-2022-50551 at NVDCVE-2022-50553 at SUSECVE-2022-50553 at NVDCVE-2022-50556 at SUSECVE-2022-50556 at NVDCVE-2022-50559 at SUSECVE-2022-50559 at NVDCVE-2022-50560 at SUSECVE-2022-50560 at NVDCVE-2022-50561 at SUSECVE-2022-50561 at NVDCVE-2022-50562 at SUSECVE-2022-50562 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50564 at SUSECVE-2022-50564 at NVDCVE-2022-50566 at SUSECVE-2022-50566 at NVDCVE-2022-50567 at SUSECVE-2022-50567 at NVDCVE-2022-50568 at SUSECVE-2022-50568 at NVDCVE-2022-50570 at SUSECVE-2022-50570 at NVDCVE-2022-50572 at SUSECVE-2022-50572 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2022-50575 at SUSECVE-2022-50575 at NVDCVE-2022-50576 at SUSECVE-2022-50576 at NVDCVE-2022-50577 at SUSECVE-2022-50577 at NVDCVE-2022-50578 at SUSECVE-2022-50578 at NVDCVE-2022-50579 at SUSECVE-2022-50579 at NVDCVE-2022-50580 at SUSECVE-2022-50580 at NVDCVE-2022-50581 at SUSECVE-2022-50581 at NVDCVE-2022-50582 at SUSECVE-2022-50582 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53533 at SUSECVE-2023-53533 at NVDCVE-2023-53534 at SUSECVE-2023-53534 at NVDCVE-2023-53539 at SUSECVE-2023-53539 at NVDCVE-2023-53541 at SUSECVE-2023-53541 at NVDCVE-2023-53542 at SUSECVE-2023-53542 at NVDCVE-2023-53546 at SUSECVE-2023-53546 at NVDCVE-2023-53547 at SUSECVE-2023-53547 at NVDCVE-2023-53548 at SUSECVE-2023-53548 at NVDCVE-2023-53551 at SUSECVE-2023-53551 at NVDCVE-2023-53552 at SUSECVE-2023-53552 at NVDCVE-2023-53553 at SUSECVE-2023-53553 at NVDCVE-2023-53554 at SUSECVE-2023-53554 at NVDCVE-2023-53556 at SUSECVE-2023-53556 at NVDCVE-2023-53557 at SUSECVE-2023-53557 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53560 at SUSECVE-2023-53560 at NVDCVE-2023-53562 at SUSECVE-2023-53562 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53567 at SUSECVE-2023-53567 at NVDCVE-2023-53568 at SUSECVE-2023-53568 at NVDCVE-2023-53571 at SUSECVE-2023-53571 at NVDCVE-2023-53572 at SUSECVE-2023-53572 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53578 at SUSECVE-2023-53578 at NVDCVE-2023-53579 at SUSECVE-2023-53579 at NVDCVE-2023-53580 at SUSECVE-2023-53580 at NVDCVE-2023-53581 at SUSECVE-2023-53581 at NVDCVE-2023-53582 at SUSECVE-2023-53582 at NVDCVE-2023-53587 at SUSECVE-2023-53587 at NVDCVE-2023-53589 at SUSECVE-2023-53589 at NVDCVE-2023-53591 at SUSECVE-2023-53591 at NVDCVE-2023-53592 at SUSECVE-2023-53592 at NVDCVE-2023-53594 at SUSECVE-2023-53594 at NVDCVE-2023-53597 at SUSECVE-2023-53597 at NVDCVE-2023-53598 at SUSECVE-2023-53598 at NVDCVE-2023-53601 at SUSECVE-2023-53601 at NVDCVE-2023-53603 at SUSECVE-2023-53603 at NVDCVE-2023-53604 at SUSECVE-2023-53604 at NVDCVE-2023-53605 at SUSECVE-2023-53605 at NVDCVE-2023-53607 at SUSECVE-2023-53607 at NVDCVE-2023-53608 at SUSECVE-2023-53608 at NVDCVE-2023-53611 at SUSECVE-2023-53611 at NVDCVE-2023-53612 at SUSECVE-2023-53612 at NVDCVE-2023-53615 at SUSECVE-2023-53615 at NVDCVE-2023-53616 at SUSECVE-2023-53616 at NVDCVE-2023-53617 at SUSECVE-2023-53617 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53622 at SUSECVE-2023-53622 at NVDCVE-2023-53625 at SUSECVE-2023-53625 at NVDCVE-2023-53626 at SUSECVE-2023-53626 at NVDCVE-2023-53631 at SUSECVE-2023-53631 at NVDCVE-2023-53637 at SUSECVE-2023-53637 at NVDCVE-2023-53639 at SUSECVE-2023-53639 at NVDCVE-2023-53640 at SUSECVE-2023-53640 at NVDCVE-2023-53641 at SUSECVE-2023-53641 at NVDCVE-2023-53644 at SUSECVE-2023-53644 at NVDCVE-2023-53648 at SUSECVE-2023-53648 at NVDCVE-2023-53650 at SUSECVE-2023-53650 at NVDCVE-2023-53651 at SUSECVE-2023-53651 at NVDCVE-2023-53658 at SUSECVE-2023-53658 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53662 at SUSECVE-2023-53662 at NVDCVE-2023-53667 at SUSECVE-2023-53667 at NVDCVE-2023-53668 at SUSECVE-2023-53668 at NVDCVE-2023-53670 at SUSECVE-2023-53670 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53674 at SUSECVE-2023-53674 at NVDCVE-2023-53675 at SUSECVE-2023-53675 at NVDCVE-2023-53679 at SUSECVE-2023-53679 at NVDCVE-2023-53680 at SUSECVE-2023-53680 at NVDCVE-2023-53681 at SUSECVE-2023-53681 at NVDCVE-2023-53683 at SUSECVE-2023-53683 at NVDCVE-2023-53687 at SUSECVE-2023-53687 at NVDCVE-2023-53692 at SUSECVE-2023-53692 at NVDCVE-2023-53693 at SUSECVE-2023-53693 at NVDCVE-2023-53695 at SUSECVE-2023-53695 at NVDCVE-2023-53696 at SUSECVE-2023-53696 at NVDCVE-2023-53697 at SUSECVE-2023-53697 at NVDCVE-2023-53700 at SUSECVE-2023-53700 at NVDCVE-2023-53704 at SUSECVE-2023-53704 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53707 at SUSECVE-2023-53707 at NVDCVE-2023-53708 at SUSECVE-2023-53708 at NVDCVE-2023-53709 at SUSECVE-2023-53709 at NVDCVE-2023-53711 at SUSECVE-2023-53711 at NVDCVE-2023-53715 at SUSECVE-2023-53715 at NVDCVE-2023-53716 at SUSECVE-2023-53716 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2023-53718 at SUSECVE-2023-53718 at NVDCVE-2023-53719 at SUSECVE-2023-53719 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2023-53723 at SUSECVE-2023-53723 at NVDCVE-2023-53724 at SUSECVE-2023-53724 at NVDCVE-2023-53725 at SUSECVE-2023-53725 at NVDCVE-2023-53726 at SUSECVE-2023-53726 at NVDCVE-2023-53730 at SUSECVE-2023-53730 at NVDCVE-2023-7324 at SUSECVE-2023-7324 at NVDCVE-2025-37885 at SUSECVE-2025-37885 at NVDCVE-2025-38084 at SUSECVE-2025-38084 at NVDCVE-2025-38085 at SUSECVE-2025-38085 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-39742 at SUSECVE-2025-39742 at NVDCVE-2025-39797 at SUSECVE-2025-39797 at NVDCVE-2025-39945 at SUSECVE-2025-39945 at NVDCVE-2025-39965 at SUSECVE-2025-39965 at NVDCVE-2025-39967 at SUSECVE-2025-39967 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-39978 at SUSECVE-2025-39978 at NVDCVE-2025-39981 at SUSECVE-2025-39981 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDcpe:/o:suse:sle-micro:5.5Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
ModerateSUSE bug 1249055CVE-2025-7039 at SUSECVE-2025-7039 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Low)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
LowSUSE bug 1251305SUSE bug 1252974CVE-2025-6075 at SUSECVE-2025-6075 at NVDCVE-2025-8291 at SUSECVE-2025-8291 at NVDcpe:/o:suse:sle-micro:5.5Security update for unbound (Moderate)SUSE Linux Enterprise Micro 5.5
This update for unbound fixes the following issues:
- CVE-2025-11411: Fixed domain hijacking due to promiscuous records (bsc#1252525)
ModerateSUSE bug 1252525CVE-2025-11411 at SUSECVE-2025-11411 at NVDcpe:/o:suse:sle-micro:5.5Security update for librsvg (Moderate)SUSE Linux Enterprise Micro 5.5
This update for librsvg fixes the following issues:
Update to version 2.52.12.
- CVE-2024-12224: idna: incorrect hostname comparisons and URL parsing may be performed due to acceptance of Punycode
labels that do not produce any non-ASCII output when decoded (bsc#1243867).
- CVE-2024-43806: rustix: unbounded memory explosion leading to an application OOM crash when using the `rustix::fs::Dir`
iterator with the `linux_raw` backend (bsc#1229950).
ModerateSUSE bug 1229950SUSE bug 1243867CVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:suse:sle-micro:5.5Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.5
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
ModerateSUSE bug 1244057SUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:sle-micro:5.5Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.5
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
ImportantSUSE bug 1254157SUSE bug 1254158SUSE bug 1254159SUSE bug 1254160SUSE bug 1254480CVE-2025-64505 at SUSECVE-2025-64505 at NVDCVE-2025-64506 at SUSECVE-2025-64506 at NVDCVE-2025-64720 at SUSECVE-2025-64720 at NVDCVE-2025-65018 at SUSECVE-2025-65018 at NVDCVE-2025-66293 at SUSECVE-2025-66293 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm rebuilds it against current GO to fix security issues in go-stdlib.
Importantcpe:/o:suse:sle-micro:5.5Security update for salt (Important)SUSE Linux Enterprise Micro 5.5
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
- CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
- Backport security fixes for vendored tornado
* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
- Other changes and bugs fixed:
- Fixed TLS and x509 modules for OSes with older cryptography module
- Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
- Fixed payload signature verification on Tumbleweed (bsc#1251776)
- Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
- Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
- Improved SL Micro 6.2 detection with grains
- Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
- Set python-CherryPy as required for python-salt-testsuite
ImportantSUSE bug 1227207SUSE bug 1250520SUSE bug 1250755SUSE bug 1251776SUSE bug 1252244SUSE bug 1252285SUSE bug 1254256SUSE bug 1254257CVE-2025-62348 at SUSECVE-2025-62348 at NVDCVE-2025-62349 at SUSECVE-2025-62349 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
Update to Xen 4.17.6.
Security issues fixed:
- CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no
longer assigned to them (bsc#1252692).
Other issues fixed:
- Several upstream bug fixes (bsc#1027519).
- Failure to restart xenstored (bsc#1254180).
ModerateSUSE bug 1027519SUSE bug 1252692SUSE bug 1254180CVE-2025-58149 at SUSECVE-2025-58149 at NVDcpe:/o:suse:sle-micro:5.5Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()` functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
ImportantSUSE bug 1254297SUSE bug 1254662SUSE bug 1254878CVE-2025-13601 at SUSECVE-2025-13601 at NVDCVE-2025-14087 at SUSECVE-2025-14087 at NVDCVE-2025-14512 at SUSECVE-2025-14512 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- Fix type signess in fbcon_set_font() (bsc#1252033).
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1233640SUSE bug 1249806SUSE bug 1251786SUSE bug 1252033SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
ModerateSUSE bug 1254132CVE-2025-9820 at SUSECVE-2025-9820 at NVDcpe:/o:suse:sle-micro:5.5Security update for dpdk22 (Important)SUSE Linux Enterprise Micro 5.5
This update for dpdk22 fixes the following issues:
Update to version 22.11.10.
Security issues fixed:
- CVE-2025-23259: issue in the Poll Mode Driver (PMD) allows an attacker on a VM in the system to leak information and
cause a denial of service on the network interface (bsc#1254161).
Other updates and bugfixes:
- Fix SUSE provided DPDK modules tainting the kernel as unsupported (bsc#1214724).
ImportantSUSE bug 1214724SUSE bug 1254161CVE-2025-23259 at SUSECVE-2025-23259 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2024-6104: possible sensitive data exposure due to hashicorp/go-retryablehttp not sanitizing URLs when writing
them to log files. (bsc#1227052)
- CVE-2023-45288: possible excessive CPU consumption due to no limit being set on the number of CONTINUATION frames
read for an HTTP/2 request in golang.org/x/net/http2. (bsc#1236507)
ModerateSUSE bug 1227052SUSE bug 1236507CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2023-42467: Disallow block sizes smaller than 512 (bsc#1215192).
ModerateSUSE bug 1215192CVE-2023-42467 at SUSECVE-2023-42467 at NVDcpe:/o:suse:sle-micro:5.5Security update for gstreamer (Important)SUSE Linux Enterprise Micro 5.5
This update for gstreamer fixes the following issues:
- CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes. (boo#1234449)
ImportantSUSE bug 1234449CVE-2024-47606 at SUSECVE-2024-47606 at NVDcpe:/o:suse:sle-micro:5.5Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.5
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
ImportantSUSE bug 1234415SUSE bug 1234450SUSE bug 1234453SUSE bug 1234455SUSE bug 1234456SUSE bug 1234459SUSE bug 1234460CVE-2024-47538 at SUSECVE-2024-47538 at NVDCVE-2024-47541 at SUSECVE-2024-47541 at NVDCVE-2024-47542 at SUSECVE-2024-47542 at NVDCVE-2024-47600 at SUSECVE-2024-47600 at NVDCVE-2024-47607 at SUSECVE-2024-47607 at NVDCVE-2024-47615 at SUSECVE-2024-47615 at NVDCVE-2024-47835 at SUSECVE-2024-47835 at NVDcpe:/o:suse:sle-micro:5.5Security update for libtasn1 (Important)SUSE Linux Enterprise Micro 5.5
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
ImportantSUSE bug 1236878CVE-2024-12133 at SUSECVE-2024-12133 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
ModerateSUSE bug 1236705CVE-2025-0938 at SUSECVE-2025-0938 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
- CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011).
- CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592).
- ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
- netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778 ZDI-24-1454).
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1216813SUSE bug 1223384SUSE bug 1225736SUSE bug 1226848SUSE bug 1226980SUSE bug 1228537SUSE bug 1228592SUSE bug 1230341SUSE bug 1230432SUSE bug 1230527SUSE bug 1230697SUSE bug 1231088SUSE bug 1231847SUSE bug 1232914SUSE bug 1233028SUSE bug 1233055SUSE bug 1233097SUSE bug 1233103SUSE bug 1233112SUSE bug 1233464SUSE bug 1233488SUSE bug 1233642SUSE bug 1233778SUSE bug 1234024SUSE bug 1234025SUSE bug 1234078SUSE bug 1234087SUSE bug 1234153SUSE bug 1234155SUSE bug 1234223SUSE bug 1234381SUSE bug 1234683SUSE bug 1234690SUSE bug 1234825SUSE bug 1234829SUSE bug 1234832SUSE bug 1234884SUSE bug 1234889SUSE bug 1234896SUSE bug 1234899SUSE bug 1234900SUSE bug 1234905SUSE bug 1234909SUSE bug 1234916SUSE bug 1234918SUSE bug 1234922SUSE bug 1234930SUSE bug 1234931SUSE bug 1234934SUSE bug 1234962SUSE bug 1234999SUSE bug 1235002SUSE bug 1235009SUSE bug 1235011SUSE bug 1235053SUSE bug 1235057SUSE bug 1235059SUSE bug 1235100SUSE bug 1235122SUSE bug 1235123SUSE bug 1235133SUSE bug 1235134SUSE bug 1235217SUSE bug 1235222SUSE bug 1235230SUSE bug 1235249SUSE bug 1235410SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235458SUSE bug 1235466SUSE bug 1235473SUSE bug 1235480SUSE bug 1235491SUSE bug 1235495SUSE bug 1235496SUSE bug 1235521SUSE bug 1235557SUSE bug 1235563SUSE bug 1235570SUSE bug 1235584SUSE bug 1235611SUSE bug 1235635SUSE bug 1235641SUSE bug 1235643SUSE bug 1235645SUSE bug 1235647SUSE bug 1235723SUSE bug 1235739SUSE bug 1235747SUSE bug 1235759SUSE bug 1235764SUSE bug 1235768SUSE bug 1235806SUSE bug 1235812SUSE bug 1235814SUSE bug 1235818SUSE bug 1235842SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-36898 at SUSECVE-2024-36898 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-41047 at SUSECVE-2024-41047 at NVDCVE-2024-45019 at SUSECVE-2024-45019 at NVDCVE-2024-46858 at SUSECVE-2024-46858 at NVDCVE-2024-50051 at SUSECVE-2024-50051 at NVDCVE-2024-50136 at SUSECVE-2024-50136 at NVDCVE-2024-50142 at SUSECVE-2024-50142 at NVDCVE-2024-50151 at SUSECVE-2024-50151 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-50210 at SUSECVE-2024-50210 at NVDCVE-2024-50275 at SUSECVE-2024-50275 at NVDCVE-2024-50299 at SUSECVE-2024-50299 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53103 at SUSECVE-2024-53103 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53112 at SUSECVE-2024-53112 at NVDCVE-2024-53121 at SUSECVE-2024-53121 at NVDCVE-2024-53127 at SUSECVE-2024-53127 at NVDCVE-2024-53129 at SUSECVE-2024-53129 at NVDCVE-2024-53138 at SUSECVE-2024-53138 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53148 at SUSECVE-2024-53148 at NVDCVE-2024-53151 at SUSECVE-2024-53151 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53169 at SUSECVE-2024-53169 at NVDCVE-2024-53171 at SUSECVE-2024-53171 at NVDCVE-2024-53174 at SUSECVE-2024-53174 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-53208 at SUSECVE-2024-53208 at NVDCVE-2024-53209 at SUSECVE-2024-53209 at NVDCVE-2024-53215 at SUSECVE-2024-53215 at NVDCVE-2024-53217 at SUSECVE-2024-53217 at NVDCVE-2024-53224 at SUSECVE-2024-53224 at NVDCVE-2024-53227 at SUSECVE-2024-53227 at NVDCVE-2024-53229 at SUSECVE-2024-53229 at NVDCVE-2024-53690 at SUSECVE-2024-53690 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-55916 at SUSECVE-2024-55916 at NVDCVE-2024-56531 at SUSECVE-2024-56531 at NVDCVE-2024-56532 at SUSECVE-2024-56532 at NVDCVE-2024-56533 at SUSECVE-2024-56533 at NVDCVE-2024-56557 at SUSECVE-2024-56557 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2024-56562 at SUSECVE-2024-56562 at NVDCVE-2024-56567 at SUSECVE-2024-56567 at NVDCVE-2024-56588 at SUSECVE-2024-56588 at NVDCVE-2024-56595 at SUSECVE-2024-56595 at NVDCVE-2024-56596 at SUSECVE-2024-56596 at NVDCVE-2024-56597 at SUSECVE-2024-56597 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56629 at SUSECVE-2024-56629 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56644 at SUSECVE-2024-56644 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56678 at SUSECVE-2024-56678 at NVDCVE-2024-56681 at SUSECVE-2024-56681 at NVDCVE-2024-56698 at SUSECVE-2024-56698 at NVDCVE-2024-56701 at SUSECVE-2024-56701 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56722 at SUSECVE-2024-56722 at NVDCVE-2024-56739 at SUSECVE-2024-56739 at NVDCVE-2024-56745 at SUSECVE-2024-56745 at NVDCVE-2024-56747 at SUSECVE-2024-56747 at NVDCVE-2024-56754 at SUSECVE-2024-56754 at NVDCVE-2024-56756 at SUSECVE-2024-56756 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-56765 at SUSECVE-2024-56765 at NVDCVE-2024-56776 at SUSECVE-2024-56776 at NVDCVE-2024-56777 at SUSECVE-2024-56777 at NVDCVE-2024-56778 at SUSECVE-2024-56778 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57793 at SUSECVE-2024-57793 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57850 at SUSECVE-2024-57850 at NVDCVE-2024-57876 at SUSECVE-2024-57876 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Low)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
LowSUSE bug 1236282CVE-2025-0395 at SUSECVE-2025-0395 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-36898: gpiolib: cdev: fix uninitialised kfifo (bsc#1225736).
- CVE-2024-46858: mptcp: pm: Fix uaf in __timer_delete_sync (bsc#1231088).
- CVE-2024-50142: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (bsc#1233028).
- CVE-2024-50151: smb: client: fix OOBs when building SMB2_IOCTL request (bsc#1233055).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-50299: sctp: properly validate chunk size in sctp_sf_ootb() (bsc#1233488).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53166: block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234884).
- CVE-2024-53177: smb: prevent use-after-free due to open_cached_dir error paths (bsc#1234896).
- CVE-2024-53209: bnxt_en: Fix receive ring space parameters when XDP is active (bsc#1235002).
- CVE-2024-53227: scsi: bfa: Fix use-after-free in bfad_im_module_exit() (bsc#1235011).
- CVE-2024-56588: scsi: hisi_sas: Create all dump files during debugfs initialization (bsc#1235123).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56602: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() (bsc#1235521).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56645: can: j1939: j1939_session_new(): fix skb reference counting (bsc#1235134).
- CVE-2024-56648: net: hsr: avoid potential out-of-bound access in fill_frame_info() (bsc#1235451).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
- CVE-2024-56747: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (bsc#1234934).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57792: power: supply: gpio-charger: Fix set charge current limits (bsc#1235764).
- CVE-2024-57793: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors (bsc#1235768).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57876: drm/dp_mst: Fix resetting msg rx state after topology removal (bsc#1235806).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2024-57897: drm/amdkfd: Correct the migration DMA map direction (bsc#1235969).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- VFS: use system_unbound_wq for delayed_mntput (bsc#1234683).
- ceph: improve error handling and short/overflow-read logic in __ceph_sync_read() (bsc#1228592).
- ibmvnic: Free any outstanding tx skbs during scrq reset (bsc#1226980).
- netfilter: nf_tables: validate family when identifying table via handle (bsc#1233778).
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct (bsc#1234825).
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1216813SUSE bug 1223384SUSE bug 1225736SUSE bug 1226848SUSE bug 1226980SUSE bug 1228537SUSE bug 1228592SUSE bug 1230341SUSE bug 1230432SUSE bug 1230527SUSE bug 1230697SUSE bug 1231088SUSE bug 1231847SUSE bug 1232914SUSE bug 1233028SUSE bug 1233055SUSE bug 1233097SUSE bug 1233103SUSE bug 1233112SUSE bug 1233464SUSE bug 1233488SUSE bug 1233642SUSE bug 1233778SUSE bug 1234024SUSE bug 1234025SUSE bug 1234078SUSE bug 1234087SUSE bug 1234153SUSE bug 1234155SUSE bug 1234223SUSE bug 1234381SUSE bug 1234683SUSE bug 1234690SUSE bug 1234825SUSE bug 1234829SUSE bug 1234832SUSE bug 1234884SUSE bug 1234889SUSE bug 1234896SUSE bug 1234899SUSE bug 1234900SUSE bug 1234905SUSE bug 1234909SUSE bug 1234916SUSE bug 1234918SUSE bug 1234922SUSE bug 1234930SUSE bug 1234931SUSE bug 1234934SUSE bug 1234962SUSE bug 1234999SUSE bug 1235002SUSE bug 1235009SUSE bug 1235011SUSE bug 1235053SUSE bug 1235057SUSE bug 1235059SUSE bug 1235100SUSE bug 1235122SUSE bug 1235123SUSE bug 1235133SUSE bug 1235134SUSE bug 1235217SUSE bug 1235222SUSE bug 1235230SUSE bug 1235249SUSE bug 1235410SUSE bug 1235430SUSE bug 1235433SUSE bug 1235441SUSE bug 1235451SUSE bug 1235458SUSE bug 1235466SUSE bug 1235473SUSE bug 1235480SUSE bug 1235491SUSE bug 1235495SUSE bug 1235496SUSE bug 1235521SUSE bug 1235557SUSE bug 1235563SUSE bug 1235570SUSE bug 1235584SUSE bug 1235611SUSE bug 1235635SUSE bug 1235641SUSE bug 1235643SUSE bug 1235645SUSE bug 1235647SUSE bug 1235723SUSE bug 1235739SUSE bug 1235747SUSE bug 1235759SUSE bug 1235764SUSE bug 1235768SUSE bug 1235806SUSE bug 1235812SUSE bug 1235814SUSE bug 1235818SUSE bug 1235842SUSE bug 1235920SUSE bug 1235969SUSE bug 1236628CVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-36898 at SUSECVE-2024-36898 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-41047 at SUSECVE-2024-41047 at NVDCVE-2024-45019 at SUSECVE-2024-45019 at NVDCVE-2024-46858 at SUSECVE-2024-46858 at NVDCVE-2024-50051 at SUSECVE-2024-50051 at NVDCVE-2024-50136 at SUSECVE-2024-50136 at NVDCVE-2024-50142 at SUSECVE-2024-50142 at NVDCVE-2024-50151 at SUSECVE-2024-50151 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-50210 at SUSECVE-2024-50210 at NVDCVE-2024-50275 at SUSECVE-2024-50275 at NVDCVE-2024-50299 at SUSECVE-2024-50299 at NVDCVE-2024-53095 at SUSECVE-2024-53095 at NVDCVE-2024-53103 at SUSECVE-2024-53103 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53112 at SUSECVE-2024-53112 at NVDCVE-2024-53121 at SUSECVE-2024-53121 at NVDCVE-2024-53127 at SUSECVE-2024-53127 at NVDCVE-2024-53129 at SUSECVE-2024-53129 at NVDCVE-2024-53138 at SUSECVE-2024-53138 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53148 at SUSECVE-2024-53148 at NVDCVE-2024-53151 at SUSECVE-2024-53151 at NVDCVE-2024-53166 at SUSECVE-2024-53166 at NVDCVE-2024-53169 at SUSECVE-2024-53169 at NVDCVE-2024-53171 at SUSECVE-2024-53171 at NVDCVE-2024-53174 at SUSECVE-2024-53174 at NVDCVE-2024-53177 at SUSECVE-2024-53177 at NVDCVE-2024-53208 at SUSECVE-2024-53208 at NVDCVE-2024-53209 at SUSECVE-2024-53209 at NVDCVE-2024-53215 at SUSECVE-2024-53215 at NVDCVE-2024-53217 at SUSECVE-2024-53217 at NVDCVE-2024-53224 at SUSECVE-2024-53224 at NVDCVE-2024-53227 at SUSECVE-2024-53227 at NVDCVE-2024-53229 at SUSECVE-2024-53229 at NVDCVE-2024-53690 at SUSECVE-2024-53690 at NVDCVE-2024-54680 at SUSECVE-2024-54680 at NVDCVE-2024-55916 at SUSECVE-2024-55916 at NVDCVE-2024-56531 at SUSECVE-2024-56531 at NVDCVE-2024-56532 at SUSECVE-2024-56532 at NVDCVE-2024-56533 at SUSECVE-2024-56533 at NVDCVE-2024-56557 at SUSECVE-2024-56557 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2024-56562 at SUSECVE-2024-56562 at NVDCVE-2024-56567 at SUSECVE-2024-56567 at NVDCVE-2024-56588 at SUSECVE-2024-56588 at NVDCVE-2024-56595 at SUSECVE-2024-56595 at NVDCVE-2024-56596 at SUSECVE-2024-56596 at NVDCVE-2024-56597 at SUSECVE-2024-56597 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56602 at SUSECVE-2024-56602 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56629 at SUSECVE-2024-56629 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56644 at SUSECVE-2024-56644 at NVDCVE-2024-56645 at SUSECVE-2024-56645 at NVDCVE-2024-56648 at SUSECVE-2024-56648 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56678 at SUSECVE-2024-56678 at NVDCVE-2024-56681 at SUSECVE-2024-56681 at NVDCVE-2024-56698 at SUSECVE-2024-56698 at NVDCVE-2024-56701 at SUSECVE-2024-56701 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-56722 at SUSECVE-2024-56722 at NVDCVE-2024-56739 at SUSECVE-2024-56739 at NVDCVE-2024-56745 at SUSECVE-2024-56745 at NVDCVE-2024-56747 at SUSECVE-2024-56747 at NVDCVE-2024-56754 at SUSECVE-2024-56754 at NVDCVE-2024-56756 at SUSECVE-2024-56756 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-56765 at SUSECVE-2024-56765 at NVDCVE-2024-56776 at SUSECVE-2024-56776 at NVDCVE-2024-56777 at SUSECVE-2024-56777 at NVDCVE-2024-56778 at SUSECVE-2024-56778 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57792 at SUSECVE-2024-57792 at NVDCVE-2024-57793 at SUSECVE-2024-57793 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57850 at SUSECVE-2024-57850 at NVDCVE-2024-57876 at SUSECVE-2024-57876 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2024-57897 at SUSECVE-2024-57897 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:sle-micro:5.5Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.5
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
ImportantSUSE bug 1233606SUSE bug 1233608SUSE bug 1233609SUSE bug 1233610SUSE bug 1233612SUSE bug 1233613SUSE bug 1233614SUSE bug 1233615SUSE bug 1233616SUSE bug 1233617SUSE bug 1234958SUSE bug 1236316SUSE bug 1236317SUSE bug 1237002SUSE bug 1237006SUSE bug 1237008SUSE bug 1237009SUSE bug 1237010SUSE bug 1237011SUSE bug 1237012SUSE bug 1237013SUSE bug 1237014CVE-2024-45774 at SUSECVE-2024-45774 at NVDCVE-2024-45775 at SUSECVE-2024-45775 at NVDCVE-2024-45776 at SUSECVE-2024-45776 at NVDCVE-2024-45777 at SUSECVE-2024-45777 at NVDCVE-2024-45778 at SUSECVE-2024-45778 at NVDCVE-2024-45779 at SUSECVE-2024-45779 at NVDCVE-2024-45780 at SUSECVE-2024-45780 at NVDCVE-2024-45781 at SUSECVE-2024-45781 at NVDCVE-2024-45782 at SUSECVE-2024-45782 at NVDCVE-2024-45783 at SUSECVE-2024-45783 at NVDCVE-2024-56737 at SUSECVE-2024-56737 at NVDCVE-2025-0622 at SUSECVE-2025-0622 at NVDCVE-2025-0624 at SUSECVE-2025-0624 at NVDCVE-2025-0677 at SUSECVE-2025-0677 at NVDCVE-2025-0678 at SUSECVE-2025-0678 at NVDCVE-2025-0684 at SUSECVE-2025-0684 at NVDCVE-2025-0685 at SUSECVE-2025-0685 at NVDCVE-2025-0686 at SUSECVE-2025-0686 at NVDCVE-2025-0689 at SUSECVE-2025-0689 at NVDCVE-2025-0690 at SUSECVE-2025-0690 at NVDCVE-2025-1118 at SUSECVE-2025-1118 at NVDCVE-2025-1125 at SUSECVE-2025-1125 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
- CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
- CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
ModerateSUSE bug 1237096CVE-2024-31068 at SUSECVE-2024-31068 at NVDCVE-2024-36293 at SUSECVE-2024-36293 at NVDCVE-2024-37020 at SUSECVE-2024-37020 at NVDCVE-2024-39355 at SUSECVE-2024-39355 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm fixes the following issues:
Update to version 3.17.1:
- CVE-2024-45338: Fixed denial of service due to non-linear parsing of case-insensitive content (bsc#1235318).
- CVE-2024-45337: Fixed misuse of ServerConfig.PublicKeyCallback to prevent authorization bypass in golang.org/x/crypto (bsc#1234482).
ImportantSUSE bug 1234482SUSE bug 1235318CVE-2024-45337 at SUSECVE-2024-45337 at NVDCVE-2024-45338 at SUSECVE-2024-45338 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
ModerateSUSE bug 1237040CVE-2025-26465 at SUSECVE-2025-26465 at NVDcpe:/o:suse:sle-micro:5.5Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.5
This update for ovmf fixes the following issues:
- PXE boot is failing due to patches applied to fix CVE-2023-45236 and CVE-2023-45237 (bsc#1237084).
ImportantSUSE bug 1237084CVE-2023-45236 at SUSECVE-2023-45236 at NVDCVE-2023-45237 at SUSECVE-2023-45237 at NVDcpe:/o:suse:sle-micro:5.5Security update for google-osconfig-agent (Important)SUSE Linux Enterprise Micro 5.5
This update for google-osconfig-agent fixes the following issues:
- CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to
overwrite other sensitive files in a system. (bsc#1236560)
ImportantSUSE bug 1236560CVE-2024-45339 at SUSECVE-2024-45339 at NVDcpe:/o:suse:sle-micro:5.5Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.5
This update for dnsmasq fixes the following issues:
- Version update to 2.90:
- CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823)
- CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826)
- CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232. (bsc#1209358)
ImportantSUSE bug 1200344SUSE bug 1207174SUSE bug 1209358SUSE bug 1214884SUSE bug 1219823SUSE bug 1219826CVE-2023-28450 at SUSECVE-2023-28450 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:sle-micro:5.5Security update for pam_pkcs11 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062).
- CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to
crash (bsc#1237058).
ModerateSUSE bug 1237058SUSE bug 1237062CVE-2025-24031 at SUSECVE-2025-24031 at NVDCVE-2025-24032 at SUSECVE-2025-24032 at NVDcpe:/o:suse:sle-micro:5.5Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
ModerateSUSE bug 1229685SUSE bug 1229822SUSE bug 1230078SUSE bug 1235695SUSE bug 1236151SUSE bug 1237137CVE-2024-43790 at SUSECVE-2024-43790 at NVDCVE-2024-43802 at SUSECVE-2024-43802 at NVDCVE-2024-45306 at SUSECVE-2024-45306 at NVDCVE-2025-1215 at SUSECVE-2025-1215 at NVDCVE-2025-22134 at SUSECVE-2025-22134 at NVDCVE-2025-24014 at SUSECVE-2025-24014 at NVDcpe:/o:suse:sle-micro:5.5Security update for procps (Important)SUSE Linux Enterprise Micro 5.5
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
ImportantSUSE bug 1214290SUSE bug 1236842CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:sle-micro:5.5Security update for openvswitch3 (Important)SUSE Linux Enterprise Micro 5.5
This update for openvswitch3 fixes the following issues:
- CVE-2025-0650: Fixed egress ACLs that may be bypassed via specially crafted UDP packet (bsc#1236353).
ImportantSUSE bug 1236353CVE-2025-0650 at SUSECVE-2025-0650 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
(bsc#1237363).
- CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).
ImportantSUSE bug 1237363SUSE bug 1237370SUSE bug 1237418CVE-2024-56171 at SUSECVE-2024-56171 at NVDCVE-2025-24928 at SUSECVE-2025-24928 at NVDCVE-2025-27113 at SUSECVE-2025-27113 at NVDcpe:/o:suse:sle-micro:5.5Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libX11 fixes the following issues:
- CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in
XkbChangeTypesOfKey() (bsc#1237431).
ModerateSUSE bug 1237431CVE-2025-26597 at SUSECVE-2025-26597 at NVDcpe:/o:suse:sle-micro:5.5Security update for u-boot (Moderate)SUSE Linux Enterprise Micro 5.5
This update for u-boot fixes the following issues:
- CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284).
- CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).
ModerateSUSE bug 1237284SUSE bug 1237287CVE-2024-57256 at SUSECVE-2024-57256 at NVDCVE-2024-57258 at SUSECVE-2024-57258 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
ModerateSUSE bug 1236974CVE-2024-12243 at SUSECVE-2024-12243 at NVDcpe:/o:suse:sle-micro:5.5Security update for skopeo (Important)SUSE Linux Enterprise Micro 5.5
This update for skopeo fixes the following issues:
- CVE-2025-27144: excessive memory consumption by Go JOSE when parsing compact JWS or JWE input containing a large
number of '.' characters (bsc#1237613).
ImportantSUSE bug 1237613CVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.5
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
ModerateSUSE bug 1234089SUSE bug 1237335CVE-2024-29018 at SUSECVE-2024-29018 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Important)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
ImportantSUSE bug 1237641CVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:sle-micro:5.5Recommended update for python3-M2Crypto (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3-M2Crypto fixes the following issues:
- Fix spelling of BSD-2-Clause license.
- Update to 0.44.0:
- The real license is BSD 2-Clause, not MIT.
- Remove python-M2Crypto.keyring, because PyPI broke GPG support
- Build for modern python stack on SLE/Leap
- require setuptools
- Make tests running again.
- Remove unnecessary fdupes call
- Add python-typing as a dependency
- SLE12 requires swig3 for a successful build, too ModerateSUSE bug 1205042SUSE bug 1231589SUSE bug 1236664CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576)
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777).
- iavf: fix the waiting time for initial reset (bsc#1235111).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: introduce a function to check if a netdev name is in use (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: minor __dev_alloc_name() optimization (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- nfsd: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472).
- rcu: Remove rcu_is_idle_cpu() (bsc#1236289).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289).
- x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289).
- x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289).
- x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289).
- x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289).
- x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289).
- x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289).
- x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289).
- x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289).
- x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
- x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (bsc#1236951).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1225742SUSE bug 1232472SUSE bug 1232919SUSE bug 1233701SUSE bug 1233749SUSE bug 1234154SUSE bug 1234650SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1235111SUSE bug 1236133SUSE bug 1236289SUSE bug 1236576SUSE bug 1236661SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1236777SUSE bug 1236951SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53226 at SUSECVE-2024-53226 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21647 at SUSECVE-2025-21647 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-53135: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (bsc#1234154).
- CVE-2024-53226: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (bsc#1236576)
- CVE-2024-57948: mac802154: check local interfaces before deleting sdata list (bsc#1236677).
- CVE-2025-21647: sched: sch_cake: add bounds checks to host bulk flow fairness counts (bsc#1236133).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- NFSD: use explicit lock/unlock for directory ops (bsc#1234650 bsc#1233701 bsc#1232472).
- cpufreq/amd-pstate: Only print supported EPP values for performance governor (bsc#1236777).
- iavf: fix the waiting time for initial reset (bsc#1235111).
- ice: add ice_adapter for shared data across PFs on the same NIC (bsc#1235111).
- ice: avoid the PTP hardware semaphore in gettimex64 path (bsc#1235111).
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (bsc#1235111).
- idpf: call set_real_num_queues in idpf_open (bsc#1236661 bsc#1237316).
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- kabi: hide adding RCU head into struct netdev_name_node (bsc#1233749).
- net: Fix undefined behavior in netdev name allocation (bsc#1233749).
- net: avoid UAF on deleted altname (bsc#1233749).
- net: check for altname conflicts when changing netdev's netns (bsc#1233749).
- net: core: Use the bitmap API to allocate bitmaps (bsc#1233749).
- net: do not send a MOVE event when netdev changes netns (bsc#1233749).
- net: do not use input buffer of __dev_alloc_name() as a scratch space (bsc#1233749).
- net: fix ifname in netlink ntf during netns move (bsc#1233749).
- net: fix removing a namespace with conflicting altnames (bsc#1233749).
- net: free altname using an RCU callback (bsc#1233749).
- net: introduce a function to check if a netdev name is in use (bsc#1233749).
- net: make dev_alloc_name() call dev_prep_valid_name() (bsc#1233749).
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: mana: Cleanup 'mana' debugfs dir after cleanup of all children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: minor __dev_alloc_name() optimization (bsc#1233749).
- net: move altnames together with the netdevice (bsc#1233749).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- net: reduce indentation of __dev_alloc_name() (bsc#1233749).
- net: remove dev_valid_name() check from __dev_alloc_name() (bsc#1233749).
- net: remove else after return in dev_prep_valid_name() (bsc#1233749).
- net: trust the bitmap in __dev_alloc_name() (bsc#1233749).
- rcu: Remove rcu_is_idle_cpu() (bsc#1236289).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- x86/aperfmperf: Dont wake idle CPUs in arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Integrate the fallback code from show_cpuinfo() (bsc#1236289).
- x86/aperfmperf: Make parts of the frequency invariance code unconditional (bsc#1236289).
- x86/aperfmperf: Put frequency invariance aperf/mperf data into a struct (bsc#1236289).
- x86/aperfmperf: Replace aperfmperf_get_khz() (bsc#1236289).
- x86/aperfmperf: Replace arch_freq_get_on_cpu() (bsc#1236289).
- x86/aperfmperf: Restructure arch_scale_freq_tick() (bsc#1236289).
- x86/aperfmperf: Separate AP/BP frequency invariance init (bsc#1236289).
- x86/aperfmperf: Store aperf/mperf data for cpu frequency reads (bsc#1236289).
- x86/aperfmperf: Untangle Intel and AMD frequency invariance init (bsc#1236289).
- x86/aperfperf: Make it correct on 32bit and UP kernels (bsc#1236289).
- x86/smp: Move APERF/MPERF code where it belongs (bsc#1236289).
- x86/smp: Remove unnecessary assignment to local var freq_scale (bsc#1236289).
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- x86/xen: allow larger contiguous memory regions in PV guests (bsc#1236951).
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (git-fixes).
- xen/swiotlb: relax alignment requirements (bsc#1236951).
ImportantSUSE bug 1208995SUSE bug 1220946SUSE bug 1225742SUSE bug 1232472SUSE bug 1232919SUSE bug 1233701SUSE bug 1233749SUSE bug 1234154SUSE bug 1234650SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1235111SUSE bug 1236133SUSE bug 1236289SUSE bug 1236576SUSE bug 1236661SUSE bug 1236677SUSE bug 1236757SUSE bug 1236758SUSE bug 1236760SUSE bug 1236761SUSE bug 1236777SUSE bug 1236951SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237316SUSE bug 1237693SUSE bug 1238033CVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-53135 at SUSECVE-2024-53135 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53226 at SUSECVE-2024-53226 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-57948 at SUSECVE-2024-57948 at NVDCVE-2025-21647 at SUSECVE-2025-21647 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:sle-micro:5.5Security update for libarchive (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libarchive fixes the following issues:
- CVE-2025-25724: Fixed buffer overflow vulnerability in function list_item_verbose() in tar/util.c (bsc#1238610).
ModerateSUSE bug 1238610CVE-2025-25724 at SUSECVE-2025-25724 at NVDcpe:/o:suse:sle-micro:5.5Security update for freetype2 (Important)SUSE Linux Enterprise Micro 5.5
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
ImportantSUSE bug 1239465CVE-2025-27363 at SUSECVE-2025-27363 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1255075SUSE bug 1256645SUSE bug 1257231SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1257749SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.5Security update for salt (Important)SUSE Linux Enterprise Micro 5.5
This update for salt fixes the following issues:
- Security issues fixed:
* CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904)
* CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400)
- Made syntax in httputil_test compatible with Python 3.6
- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Improved wheel key.finger call (bsc#1240532)
- Improved utils.find_json function (bsc#1246130)
- Extended warn_until period to 2027
ImportantSUSE bug 1240532SUSE bug 1246130SUSE bug 1254325SUSE bug 1254400SUSE bug 1254903SUSE bug 1254904SUSE bug 1254905CVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-67724 at SUSECVE-2025-67724 at NVDCVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.5Security update for systemd (Important)SUSE Linux Enterprise Micro 5.5
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 6a38d88a42 machined: reject invalid class types when registering machines
- 8c9a592e5a udev: fix review mixup
- b57007a917 udev-builtin-net-id: print cescaped bad attributes
- ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
- 0f63e799e6 udev: ensure tag parsing stays within bounds
- 046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
- 5be21460ce udev: check for invalid chars in various fields received from the kernel
- 9559607b16 core/cgroup: avoid one unnecessary strjoina()
- fcae348ca4 core: validate input cgroup path more prudently
- a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
- 08125d6b06 units: add dep on systemd-logind.service by user@.service
ImportantSUSE bug 1259418SUSE bug 1259650SUSE bug 1259697CVE-2026-29111 at SUSECVE-2026-29111 at NVDCVE-2026-4105 at SUSECVE-2026-4105 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
ModerateSUSE bug 1254670SUSE bug 1259619CVE-2025-70873 at SUSECVE-2025-70873 at NVDCVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
ModerateSUSE bug 1254867SUSE bug 1259829CVE-2025-66471 at SUSECVE-2025-66471 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
(bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non security issues were fixed:
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1255075SUSE bug 1256645SUSE bug 1257231SUSE bug 1257473SUSE bug 1257732SUSE bug 1257735SUSE bug 1257749SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258518SUSE bug 1258849SUSE bug 1258850SUSE bug 1259857CVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-40242 at SUSECVE-2025-40242 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23054 at SUSECVE-2026-23054 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23209 at SUSECVE-2026-23209 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ImportantSUSE bug 1257181CVE-2026-1299 at SUSECVE-2026-1299 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Important)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480)
ImportantSUSE bug 1259247CVE-2026-23554 at SUSECVE-2026-23554 at NVDcpe:/o:suse:sle-micro:5.5Security update for containerd (Important)SUSE Linux Enterprise Micro 5.5
This update for containerd rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.5Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.5
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
ImportantSUSE bug 1259803CVE-2026-30922 at SUSECVE-2026-30922 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Important)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
ImportantSUSE bug 1259711SUSE bug 1259726SUSE bug 1259729CVE-2026-32776 at SUSECVE-2026-32776 at NVDCVE-2026-32777 at SUSECVE-2026-32777 at NVDCVE-2026-32778 at SUSECVE-2026-32778 at NVDcpe:/o:suse:sle-micro:5.5Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.5
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
ModerateSUSE bug 1254666CVE-2025-14104 at SUSECVE-2025-14104 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.5
This update for python-tornado fixes the following issues:
- CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
- incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes
(bsc#1259630).
ImportantSUSE bug 1254905SUSE bug 1259553SUSE bug 1259630CVE-2026-31958 at SUSECVE-2026-31958 at NVDcpe:/o:suse:sle-micro:5.5Security update for tar (Important)SUSE Linux Enterprise Micro 5.5
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
ImportantSUSE bug 1246399CVE-2025-45582 at SUSECVE-2025-45582 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issue:
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
ModerateSUSE bug 1256418CVE-2026-0716 at SUSECVE-2026-0716 at NVDcpe:/o:suse:sle-micro:5.5Security update for ignition (Important)SUSE Linux Enterprise Micro 5.5
This update for ignition fixes the following issue:
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260251)
ImportantSUSE bug 1260251CVE-2026-33186 at SUSECVE-2026-33186 at NVDcpe:/o:suse:sle-micro:5.5Security update for bind (Important)SUSE Linux Enterprise Micro 5.5
This update for bind fixes the following issues:
- CVE-2026-1519: high CPU load during insecure delegation validation due to excessive NSEC3 iterations (bsc#1260805).
ImportantSUSE bug 1260805CVE-2026-1519 at SUSECVE-2026-1519 at NVDcpe:/o:suse:sle-micro:5.5Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.5
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
ImportantSUSE bug 1259845CVE-2026-27135 at SUSECVE-2026-27135 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDcpe:/o:suse:sle-micro:5.5Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.5
This update for ovmf fixes the following issues:
- CVE-2022-36765: Fixed integer overflow to buffer overflow via local network vulnerability (bsc#1218680).
ImportantSUSE bug 1218680CVE-2022-36765 at SUSECVE-2022-36765 at NVDcpe:/o:suse:sle-micro:5.5Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.5
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
ImportantSUSE bug 1255715SUSE bug 1256244SUSE bug 1256246SUSE bug 1256390CVE-2025-68973 at SUSECVE-2025-68973 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.5
This update for python-tornado fixes the following issues:
- CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905).
- CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904).
ImportantSUSE bug 1254904SUSE bug 1254905CVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
ModerateSUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDcpe:/o:suse:sle-micro:5.5Security update for libtasn1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
ModerateSUSE bug 1256341CVE-2025-13151 at SUSECVE-2025-13151 at NVDcpe:/o:suse:sle-micro:5.5Security update for net-snmp (Important)SUSE Linux Enterprise Micro 5.5
This update for net-snmp fixes the following issues:
- CVE-2025-68615: Fixed snmptrapd buffer overflow (bsc#1255491)
ImportantSUSE bug 1255491CVE-2025-68615 at SUSECVE-2025-68615 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed upstream update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
ImportantSUSE bug 1254876SUSE bug 1256399CVE-2025-14523 at SUSECVE-2025-14523 at NVDCVE-2026-0719 at SUSECVE-2026-0719 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2024-56590: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (bsc#1235038).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
The following non security issues were fixed:
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- KVM: SVM: Fix TSC_AUX virtualization setup (git-fixes).
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes).
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes).
- RDMA/hns: Fix the modification of max_send_sge (git-fixes).
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes).
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes).
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes).
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes).
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes).
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes).
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes).
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes).
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes).
- arch/idle: Change arch_cpu_idle() behavior: always exit with IRQs disabled (git-fixes).
- cpuidle/poll: Ensure IRQs stay disabled after cpuidle_state::enter() calls (git-fixes).
- cpuidle: Move IRQ state validation (git-fixes).
- cpuidle: haltpoll: Do not enable interrupts when entering idle (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes).
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- x86/tdx: Drop flags from __tdx_hypercall() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL (git-fixes).
- x86/tdx: Make macros of TDCALLs consistent with the spec (git-fixes).
- x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure (git-fixes).
- x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm (git-fixes).
- x86/tdx: Remove 'struct tdx_hypercall_args' (git-fixes).
- x86/tdx: Remove TDX_HCALL_ISSUE_STI (git-fixes).
- x86/tdx: Rename __tdx_module_call() to __tdcall() (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/tdx: Retry partially-completed page conversion hypercalls (git-fixes).
- x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid (git-fixes).
- x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (git-fixes).
- x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP (git-fixes).
- x86/virt/tdx: Wire up basic SEAMCALL functions (git-fixes).
- xfs: fix sparse inode limits on runt AG (bsc#1254392).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206451SUSE bug 1206843SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207315SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1209980SUSE bug 1210644SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1224573SUSE bug 1225832SUSE bug 1226797SUSE bug 1226846SUSE bug 1228015SUSE bug 1233640SUSE bug 1235038SUSE bug 1237563SUSE bug 1249871SUSE bug 1252046SUSE bug 1252678SUSE bug 1253409SUSE bug 1254392SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254601SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254623SUSE bug 1254625SUSE bug 1254626SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254651SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254681SUSE bug 1254684SUSE bug 1254685SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254753SUSE bug 1254754SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254786SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254910SUSE bug 1254911SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254922SUSE bug 1254958SUSE bug 1254959SUSE bug 1254974SUSE bug 1254979SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255107SUSE bug 1255163SUSE bug 1255165SUSE bug 1255245SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255532SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255561SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255596SUSE bug 1255600SUSE bug 1255605SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255635SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255745SUSE bug 1255747SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255761SUSE bug 1255762SUSE bug 1255763SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255841SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255881SUSE bug 1255888SUSE bug 1255889SUSE bug 1255890SUSE bug 1255899SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255916SUSE bug 1255919SUSE bug 1255920SUSE bug 1255922SUSE bug 1255924SUSE bug 1255925SUSE bug 1255939SUSE bug 1255946SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255955SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255974SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1255998SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256050SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256071SUSE bug 1256074SUSE bug 1256081SUSE bug 1256084SUSE bug 1256086SUSE bug 1256088SUSE bug 1256091SUSE bug 1256093SUSE bug 1256099SUSE bug 1256101SUSE bug 1256103SUSE bug 1256106SUSE bug 1256111SUSE bug 1256112SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256128SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256144SUSE bug 1256145SUSE bug 1256149SUSE bug 1256150SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256164SUSE bug 1256165SUSE bug 1256166SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256198SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256214SUSE bug 1256215SUSE bug 1256216SUSE bug 1256218SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256239SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256294SUSE bug 1256295SUSE bug 1256300SUSE bug 1256302SUSE bug 1256306SUSE bug 1256309SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256352SUSE bug 1256353SUSE bug 1256355SUSE bug 1256358SUSE bug 1256359SUSE bug 1256363SUSE bug 1256364SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256381SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256398SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50621 at SUSECVE-2022-50621 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50665 at SUSECVE-2022-50665 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50667 at SUSECVE-2022-50667 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50701 at SUSECVE-2022-50701 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50705 at SUSECVE-2022-50705 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50710 at SUSECVE-2022-50710 at NVDCVE-2022-50712 at SUSECVE-2022-50712 at NVDCVE-2022-50714 at SUSECVE-2022-50714 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50723 at SUSECVE-2022-50723 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50738 at SUSECVE-2022-50738 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50768 at SUSECVE-2022-50768 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50818 at SUSECVE-2022-50818 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50833 at SUSECVE-2022-50833 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50838 at SUSECVE-2022-50838 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50847 at SUSECVE-2022-50847 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50862 at SUSECVE-2022-50862 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50867 at SUSECVE-2022-50867 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50873 at SUSECVE-2022-50873 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50883 at SUSECVE-2022-50883 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53753 at SUSECVE-2023-53753 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53769 at SUSECVE-2023-53769 at NVDCVE-2023-53780 at SUSECVE-2023-53780 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53801 at SUSECVE-2023-53801 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53806 at SUSECVE-2023-53806 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53816 at SUSECVE-2023-53816 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53828 at SUSECVE-2023-53828 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53833 at SUSECVE-2023-53833 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53848 at SUSECVE-2023-53848 at NVDCVE-2023-53849 at SUSECVE-2023-53849 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53860 at SUSECVE-2023-53860 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53864 at SUSECVE-2023-53864 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53989 at SUSECVE-2023-53989 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54017 at SUSECVE-2023-54017 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54041 at SUSECVE-2023-54041 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54044 at SUSECVE-2023-54044 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54047 at SUSECVE-2023-54047 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54057 at SUSECVE-2023-54057 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54070 at SUSECVE-2023-54070 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54074 at SUSECVE-2023-54074 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54106 at SUSECVE-2023-54106 at NVDCVE-2023-54107 at SUSECVE-2023-54107 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54114 at SUSECVE-2023-54114 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54116 at SUSECVE-2023-54116 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54128 at SUSECVE-2023-54128 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54132 at SUSECVE-2023-54132 at NVDCVE-2023-54134 at SUSECVE-2023-54134 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54138 at SUSECVE-2023-54138 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54144 at SUSECVE-2023-54144 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54148 at SUSECVE-2023-54148 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54164 at SUSECVE-2023-54164 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54169 at SUSECVE-2023-54169 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54175 at SUSECVE-2023-54175 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54194 at SUSECVE-2023-54194 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54210 at SUSECVE-2023-54210 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54226 at SUSECVE-2023-54226 at NVDCVE-2023-54229 at SUSECVE-2023-54229 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54234 at SUSECVE-2023-54234 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54238 at SUSECVE-2023-54238 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54251 at SUSECVE-2023-54251 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54254 at SUSECVE-2023-54254 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54262 at SUSECVE-2023-54262 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54267 at SUSECVE-2023-54267 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54320 at SUSECVE-2023-54320 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54322 at SUSECVE-2023-54322 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2024-56590 at SUSECVE-2024-56590 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68218 at SUSECVE-2025-68218 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
ModerateSUSE bug 1254400SUSE bug 1254401SUSE bug 1254997CVE-2025-12084 at SUSECVE-2025-12084 at NVDCVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-13837 at SUSECVE-2025-13837 at NVDcpe:/o:suse:sle-micro:5.5Security update for openvswitch3 (Important)SUSE Linux Enterprise Micro 5.5
This update for openvswitch3 fixes the following issues:
Update to v3.1.7:
- CVE-2023-3966: openvswitch, openvswitch3: Invalid memory access in Geneve with HW offload (bsc#1219465).
- CVE-2024-2182: openvswitch: ov: insufficient validation of incoming BFD packets may lead to denial of service (bsc#1255435).
- CVE-2023-1668: openvswitch: remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054).
- CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited (bsc#1212125).
- CVE-2023-5366: openvswitch: missing masks on a final stage with ports trie (bsc#1216002).
ImportantSUSE bug 1210054SUSE bug 1212125SUSE bug 1216002SUSE bug 1219465SUSE bug 1255435CVE-2023-1668 at SUSECVE-2023-1668 at NVDCVE-2023-3152 at SUSECVE-2023-3152 at NVDCVE-2023-3153 at SUSECVE-2023-3153 at NVDCVE-2023-3966 at SUSECVE-2023-3966 at NVDCVE-2023-5366 at SUSECVE-2023-5366 at NVDCVE-2024-2182 at SUSECVE-2024-2182 at NVDCVE-2025-0650 at SUSECVE-2025-0650 at NVDcpe:/o:suse:sle-micro:5.5Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.5
This update for xen fixes the following issues:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
ModerateSUSE bug 1256745SUSE bug 1256747CVE-2025-58150 at SUSECVE-2025-58150 at NVDCVE-2026-23553 at SUSECVE-2026-23553 at NVDcpe:/o:suse:sle-micro:5.5Recommended update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.5
This update for kernel-firmware fixes the following issues:
- Update AMD ucode to 20251203 (bsc#1256483)
ImportantSUSE bug 1256483cpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2024-56590: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (bsc#1235038).
- CVE-2025-39977: futex: Prevent use-after-free during requeue-PI (bsc#1252046).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40139: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set() (bsc#1253409).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40258: mptcp: fix race condition in mptcp_schedule_work() (bsc#1254843).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68732: gpu: host1x: Fix race in syncpt alloc/free (bsc#1255688).
The following non security issues were fixed:
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- ACPI: PRM: Remove unnecessary strict handler address checks (git-fixes).
- ACPI: property: Do not pass NULL handles to acpi_attach_data() (git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes (git-fixes).
- KVM: SVM: Fix TSC_AUX virtualization setup (git-fixes).
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes).
- RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes).
- RDMA/hns: Fix the modification of max_send_sge (git-fixes).
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes).
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes).
- RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes).
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes).
- RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes).
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes).
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes).
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes).
- RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes).
- arch/idle: Change arch_cpu_idle() behavior: always exit with IRQs disabled (git-fixes).
- cpuidle/poll: Ensure IRQs stay disabled after cpuidle_state::enter() calls (git-fixes).
- cpuidle: Move IRQ state validation (git-fixes).
- cpuidle: haltpoll: Do not enable interrupts when entering idle (git-fixes).
- dm: free table mempools if not used in __bind (git-fixes).
- padata: Honor the caller's alignment in case of chunk_size 0 (bsc#1237563).
- platform/x86/intel-uncore-freq: Fail module load when plat_info is NULL (git-fixes).
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- x86/tdx: Drop flags from __tdx_hypercall() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs (git-fixes).
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL (git-fixes).
- x86/tdx: Make macros of TDCALLs consistent with the spec (git-fixes).
- x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure (git-fixes).
- x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm (git-fixes).
- x86/tdx: Remove 'struct tdx_hypercall_args' (git-fixes).
- x86/tdx: Remove TDX_HCALL_ISSUE_STI (git-fixes).
- x86/tdx: Rename __tdx_module_call() to __tdcall() (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/tdx: Retry partially-completed page conversion hypercalls (git-fixes).
- x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid (git-fixes).
- x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (git-fixes).
- x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP (git-fixes).
- x86/virt/tdx: Wire up basic SEAMCALL functions (git-fixes).
- xfs: fix sparse inode limits on runt AG (bsc#1254392).
ImportantSUSE bug 1065729SUSE bug 1193629SUSE bug 1194869SUSE bug 1196823SUSE bug 1204957SUSE bug 1205567SUSE bug 1206451SUSE bug 1206843SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207315SUSE bug 1207611SUSE bug 1207620SUSE bug 1207622SUSE bug 1207636SUSE bug 1207644SUSE bug 1207646SUSE bug 1207652SUSE bug 1207653SUSE bug 1208570SUSE bug 1208758SUSE bug 1209799SUSE bug 1209980SUSE bug 1210644SUSE bug 1210817SUSE bug 1210943SUSE bug 1211690SUSE bug 1213025SUSE bug 1213032SUSE bug 1213093SUSE bug 1213105SUSE bug 1213110SUSE bug 1213111SUSE bug 1213653SUSE bug 1213747SUSE bug 1213867SUSE bug 1214635SUSE bug 1214940SUSE bug 1214962SUSE bug 1214986SUSE bug 1214990SUSE bug 1216062SUSE bug 1224573SUSE bug 1225832SUSE bug 1226797SUSE bug 1226846SUSE bug 1228015SUSE bug 1233640SUSE bug 1235038SUSE bug 1237563SUSE bug 1249871SUSE bug 1252046SUSE bug 1252678SUSE bug 1253409SUSE bug 1254392SUSE bug 1254520SUSE bug 1254559SUSE bug 1254562SUSE bug 1254572SUSE bug 1254578SUSE bug 1254580SUSE bug 1254592SUSE bug 1254601SUSE bug 1254608SUSE bug 1254609SUSE bug 1254614SUSE bug 1254615SUSE bug 1254617SUSE bug 1254623SUSE bug 1254625SUSE bug 1254626SUSE bug 1254631SUSE bug 1254632SUSE bug 1254634SUSE bug 1254644SUSE bug 1254645SUSE bug 1254649SUSE bug 1254651SUSE bug 1254653SUSE bug 1254656SUSE bug 1254658SUSE bug 1254660SUSE bug 1254664SUSE bug 1254671SUSE bug 1254674SUSE bug 1254676SUSE bug 1254677SUSE bug 1254681SUSE bug 1254684SUSE bug 1254685SUSE bug 1254686SUSE bug 1254690SUSE bug 1254692SUSE bug 1254694SUSE bug 1254696SUSE bug 1254698SUSE bug 1254699SUSE bug 1254704SUSE bug 1254706SUSE bug 1254709SUSE bug 1254710SUSE bug 1254711SUSE bug 1254712SUSE bug 1254713SUSE bug 1254714SUSE bug 1254716SUSE bug 1254723SUSE bug 1254725SUSE bug 1254728SUSE bug 1254729SUSE bug 1254743SUSE bug 1254745SUSE bug 1254751SUSE bug 1254753SUSE bug 1254754SUSE bug 1254756SUSE bug 1254759SUSE bug 1254763SUSE bug 1254775SUSE bug 1254780SUSE bug 1254781SUSE bug 1254782SUSE bug 1254783SUSE bug 1254785SUSE bug 1254786SUSE bug 1254788SUSE bug 1254789SUSE bug 1254792SUSE bug 1254813SUSE bug 1254843SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254910SUSE bug 1254911SUSE bug 1254915SUSE bug 1254916SUSE bug 1254917SUSE bug 1254920SUSE bug 1254922SUSE bug 1254958SUSE bug 1254959SUSE bug 1254974SUSE bug 1254979SUSE bug 1254986SUSE bug 1254994SUSE bug 1255002SUSE bug 1255005SUSE bug 1255007SUSE bug 1255049SUSE bug 1255060SUSE bug 1255107SUSE bug 1255163SUSE bug 1255165SUSE bug 1255245SUSE bug 1255467SUSE bug 1255469SUSE bug 1255521SUSE bug 1255528SUSE bug 1255532SUSE bug 1255546SUSE bug 1255549SUSE bug 1255554SUSE bug 1255555SUSE bug 1255558SUSE bug 1255560SUSE bug 1255561SUSE bug 1255562SUSE bug 1255565SUSE bug 1255574SUSE bug 1255576SUSE bug 1255578SUSE bug 1255582SUSE bug 1255596SUSE bug 1255600SUSE bug 1255605SUSE bug 1255607SUSE bug 1255608SUSE bug 1255609SUSE bug 1255618SUSE bug 1255619SUSE bug 1255620SUSE bug 1255623SUSE bug 1255624SUSE bug 1255626SUSE bug 1255627SUSE bug 1255628SUSE bug 1255635SUSE bug 1255636SUSE bug 1255688SUSE bug 1255690SUSE bug 1255697SUSE bug 1255702SUSE bug 1255704SUSE bug 1255745SUSE bug 1255747SUSE bug 1255749SUSE bug 1255750SUSE bug 1255757SUSE bug 1255758SUSE bug 1255760SUSE bug 1255761SUSE bug 1255762SUSE bug 1255763SUSE bug 1255769SUSE bug 1255771SUSE bug 1255773SUSE bug 1255780SUSE bug 1255786SUSE bug 1255787SUSE bug 1255789SUSE bug 1255790SUSE bug 1255791SUSE bug 1255792SUSE bug 1255796SUSE bug 1255797SUSE bug 1255800SUSE bug 1255801SUSE bug 1255802SUSE bug 1255803SUSE bug 1255804SUSE bug 1255806SUSE bug 1255808SUSE bug 1255819SUSE bug 1255839SUSE bug 1255841SUSE bug 1255843SUSE bug 1255844SUSE bug 1255872SUSE bug 1255875SUSE bug 1255876SUSE bug 1255877SUSE bug 1255878SUSE bug 1255880SUSE bug 1255881SUSE bug 1255888SUSE bug 1255889SUSE bug 1255890SUSE bug 1255899SUSE bug 1255901SUSE bug 1255902SUSE bug 1255905SUSE bug 1255906SUSE bug 1255909SUSE bug 1255910SUSE bug 1255912SUSE bug 1255916SUSE bug 1255919SUSE bug 1255920SUSE bug 1255922SUSE bug 1255924SUSE bug 1255925SUSE bug 1255939SUSE bug 1255946SUSE bug 1255950SUSE bug 1255953SUSE bug 1255954SUSE bug 1255955SUSE bug 1255962SUSE bug 1255964SUSE bug 1255968SUSE bug 1255969SUSE bug 1255970SUSE bug 1255971SUSE bug 1255974SUSE bug 1255978SUSE bug 1255979SUSE bug 1255983SUSE bug 1255985SUSE bug 1255990SUSE bug 1255993SUSE bug 1255994SUSE bug 1255996SUSE bug 1255998SUSE bug 1256034SUSE bug 1256040SUSE bug 1256042SUSE bug 1256045SUSE bug 1256046SUSE bug 1256048SUSE bug 1256049SUSE bug 1256050SUSE bug 1256053SUSE bug 1256056SUSE bug 1256057SUSE bug 1256062SUSE bug 1256063SUSE bug 1256064SUSE bug 1256065SUSE bug 1256071SUSE bug 1256074SUSE bug 1256081SUSE bug 1256084SUSE bug 1256086SUSE bug 1256088SUSE bug 1256091SUSE bug 1256093SUSE bug 1256099SUSE bug 1256101SUSE bug 1256103SUSE bug 1256106SUSE bug 1256111SUSE bug 1256112SUSE bug 1256114SUSE bug 1256115SUSE bug 1256118SUSE bug 1256119SUSE bug 1256121SUSE bug 1256122SUSE bug 1256124SUSE bug 1256125SUSE bug 1256126SUSE bug 1256127SUSE bug 1256128SUSE bug 1256130SUSE bug 1256131SUSE bug 1256132SUSE bug 1256133SUSE bug 1256136SUSE bug 1256137SUSE bug 1256140SUSE bug 1256141SUSE bug 1256142SUSE bug 1256143SUSE bug 1256144SUSE bug 1256145SUSE bug 1256149SUSE bug 1256150SUSE bug 1256152SUSE bug 1256154SUSE bug 1256155SUSE bug 1256157SUSE bug 1256158SUSE bug 1256162SUSE bug 1256164SUSE bug 1256165SUSE bug 1256166SUSE bug 1256167SUSE bug 1256172SUSE bug 1256173SUSE bug 1256174SUSE bug 1256177SUSE bug 1256178SUSE bug 1256179SUSE bug 1256182SUSE bug 1256184SUSE bug 1256185SUSE bug 1256186SUSE bug 1256188SUSE bug 1256189SUSE bug 1256191SUSE bug 1256192SUSE bug 1256193SUSE bug 1256194SUSE bug 1256196SUSE bug 1256198SUSE bug 1256199SUSE bug 1256200SUSE bug 1256202SUSE bug 1256203SUSE bug 1256204SUSE bug 1256205SUSE bug 1256206SUSE bug 1256207SUSE bug 1256208SUSE bug 1256211SUSE bug 1256214SUSE bug 1256215SUSE bug 1256216SUSE bug 1256218SUSE bug 1256219SUSE bug 1256220SUSE bug 1256221SUSE bug 1256223SUSE bug 1256228SUSE bug 1256230SUSE bug 1256231SUSE bug 1256235SUSE bug 1256239SUSE bug 1256241SUSE bug 1256242SUSE bug 1256245SUSE bug 1256248SUSE bug 1256250SUSE bug 1256254SUSE bug 1256260SUSE bug 1256265SUSE bug 1256269SUSE bug 1256271SUSE bug 1256274SUSE bug 1256282SUSE bug 1256285SUSE bug 1256291SUSE bug 1256294SUSE bug 1256295SUSE bug 1256300SUSE bug 1256302SUSE bug 1256306SUSE bug 1256309SUSE bug 1256317SUSE bug 1256320SUSE bug 1256323SUSE bug 1256326SUSE bug 1256328SUSE bug 1256333SUSE bug 1256334SUSE bug 1256335SUSE bug 1256337SUSE bug 1256338SUSE bug 1256344SUSE bug 1256346SUSE bug 1256349SUSE bug 1256352SUSE bug 1256353SUSE bug 1256355SUSE bug 1256358SUSE bug 1256359SUSE bug 1256363SUSE bug 1256364SUSE bug 1256368SUSE bug 1256370SUSE bug 1256375SUSE bug 1256381SUSE bug 1256382SUSE bug 1256383SUSE bug 1256384SUSE bug 1256386SUSE bug 1256388SUSE bug 1256391SUSE bug 1256394SUSE bug 1256395SUSE bug 1256396SUSE bug 1256397SUSE bug 1256398SUSE bug 1256423SUSE bug 1256426SUSE bug 1256432CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50614 at SUSECVE-2022-50614 at NVDCVE-2022-50615 at SUSECVE-2022-50615 at NVDCVE-2022-50617 at SUSECVE-2022-50617 at NVDCVE-2022-50618 at SUSECVE-2022-50618 at NVDCVE-2022-50619 at SUSECVE-2022-50619 at NVDCVE-2022-50621 at SUSECVE-2022-50621 at NVDCVE-2022-50622 at SUSECVE-2022-50622 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50625 at SUSECVE-2022-50625 at NVDCVE-2022-50626 at SUSECVE-2022-50626 at NVDCVE-2022-50629 at SUSECVE-2022-50629 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50633 at SUSECVE-2022-50633 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50636 at SUSECVE-2022-50636 at NVDCVE-2022-50638 at SUSECVE-2022-50638 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50643 at SUSECVE-2022-50643 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50652 at SUSECVE-2022-50652 at NVDCVE-2022-50653 at SUSECVE-2022-50653 at NVDCVE-2022-50656 at SUSECVE-2022-50656 at NVDCVE-2022-50658 at SUSECVE-2022-50658 at NVDCVE-2022-50660 at SUSECVE-2022-50660 at NVDCVE-2022-50661 at SUSECVE-2022-50661 at NVDCVE-2022-50662 at SUSECVE-2022-50662 at NVDCVE-2022-50664 at SUSECVE-2022-50664 at NVDCVE-2022-50665 at SUSECVE-2022-50665 at NVDCVE-2022-50666 at SUSECVE-2022-50666 at NVDCVE-2022-50667 at SUSECVE-2022-50667 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50669 at SUSECVE-2022-50669 at NVDCVE-2022-50670 at SUSECVE-2022-50670 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50672 at SUSECVE-2022-50672 at NVDCVE-2022-50673 at SUSECVE-2022-50673 at NVDCVE-2022-50675 at SUSECVE-2022-50675 at NVDCVE-2022-50677 at SUSECVE-2022-50677 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50679 at SUSECVE-2022-50679 at NVDCVE-2022-50698 at SUSECVE-2022-50698 at NVDCVE-2022-50699 at SUSECVE-2022-50699 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50701 at SUSECVE-2022-50701 at NVDCVE-2022-50702 at SUSECVE-2022-50702 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50704 at SUSECVE-2022-50704 at NVDCVE-2022-50705 at SUSECVE-2022-50705 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50710 at SUSECVE-2022-50710 at NVDCVE-2022-50712 at SUSECVE-2022-50712 at NVDCVE-2022-50714 at SUSECVE-2022-50714 at NVDCVE-2022-50715 at SUSECVE-2022-50715 at NVDCVE-2022-50716 at SUSECVE-2022-50716 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50718 at SUSECVE-2022-50718 at NVDCVE-2022-50719 at SUSECVE-2022-50719 at NVDCVE-2022-50722 at SUSECVE-2022-50722 at NVDCVE-2022-50723 at SUSECVE-2022-50723 at NVDCVE-2022-50724 at SUSECVE-2022-50724 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50727 at SUSECVE-2022-50727 at NVDCVE-2022-50728 at SUSECVE-2022-50728 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50732 at SUSECVE-2022-50732 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50735 at SUSECVE-2022-50735 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50738 at SUSECVE-2022-50738 at NVDCVE-2022-50740 at SUSECVE-2022-50740 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50745 at SUSECVE-2022-50745 at NVDCVE-2022-50747 at SUSECVE-2022-50747 at NVDCVE-2022-50749 at SUSECVE-2022-50749 at NVDCVE-2022-50750 at SUSECVE-2022-50750 at NVDCVE-2022-50751 at SUSECVE-2022-50751 at NVDCVE-2022-50752 at SUSECVE-2022-50752 at NVDCVE-2022-50754 at SUSECVE-2022-50754 at NVDCVE-2022-50755 at SUSECVE-2022-50755 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50757 at SUSECVE-2022-50757 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50760 at SUSECVE-2022-50760 at NVDCVE-2022-50761 at SUSECVE-2022-50761 at NVDCVE-2022-50763 at SUSECVE-2022-50763 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50768 at SUSECVE-2022-50768 at NVDCVE-2022-50769 at SUSECVE-2022-50769 at NVDCVE-2022-50770 at SUSECVE-2022-50770 at NVDCVE-2022-50773 at SUSECVE-2022-50773 at NVDCVE-2022-50774 at SUSECVE-2022-50774 at NVDCVE-2022-50776 at SUSECVE-2022-50776 at NVDCVE-2022-50777 at SUSECVE-2022-50777 at NVDCVE-2022-50779 at SUSECVE-2022-50779 at NVDCVE-2022-50781 at SUSECVE-2022-50781 at NVDCVE-2022-50782 at SUSECVE-2022-50782 at NVDCVE-2022-50809 at SUSECVE-2022-50809 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50818 at SUSECVE-2022-50818 at NVDCVE-2022-50819 at SUSECVE-2022-50819 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50822 at SUSECVE-2022-50822 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50824 at SUSECVE-2022-50824 at NVDCVE-2022-50826 at SUSECVE-2022-50826 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50829 at SUSECVE-2022-50829 at NVDCVE-2022-50830 at SUSECVE-2022-50830 at NVDCVE-2022-50832 at SUSECVE-2022-50832 at NVDCVE-2022-50833 at SUSECVE-2022-50833 at NVDCVE-2022-50834 at SUSECVE-2022-50834 at NVDCVE-2022-50835 at SUSECVE-2022-50835 at NVDCVE-2022-50836 at SUSECVE-2022-50836 at NVDCVE-2022-50838 at SUSECVE-2022-50838 at NVDCVE-2022-50839 at SUSECVE-2022-50839 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50842 at SUSECVE-2022-50842 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50844 at SUSECVE-2022-50844 at NVDCVE-2022-50845 at SUSECVE-2022-50845 at NVDCVE-2022-50846 at SUSECVE-2022-50846 at NVDCVE-2022-50847 at SUSECVE-2022-50847 at NVDCVE-2022-50848 at SUSECVE-2022-50848 at NVDCVE-2022-50849 at SUSECVE-2022-50849 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50851 at SUSECVE-2022-50851 at NVDCVE-2022-50853 at SUSECVE-2022-50853 at NVDCVE-2022-50856 at SUSECVE-2022-50856 at NVDCVE-2022-50858 at SUSECVE-2022-50858 at NVDCVE-2022-50859 at SUSECVE-2022-50859 at NVDCVE-2022-50860 at SUSECVE-2022-50860 at NVDCVE-2022-50861 at SUSECVE-2022-50861 at NVDCVE-2022-50862 at SUSECVE-2022-50862 at NVDCVE-2022-50864 at SUSECVE-2022-50864 at NVDCVE-2022-50866 at SUSECVE-2022-50866 at NVDCVE-2022-50867 at SUSECVE-2022-50867 at NVDCVE-2022-50868 at SUSECVE-2022-50868 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50872 at SUSECVE-2022-50872 at NVDCVE-2022-50873 at SUSECVE-2022-50873 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50878 at SUSECVE-2022-50878 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50881 at SUSECVE-2022-50881 at NVDCVE-2022-50882 at SUSECVE-2022-50882 at NVDCVE-2022-50883 at SUSECVE-2022-50883 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50885 at SUSECVE-2022-50885 at NVDCVE-2022-50886 at SUSECVE-2022-50886 at NVDCVE-2022-50887 at SUSECVE-2022-50887 at NVDCVE-2022-50888 at SUSECVE-2022-50888 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53743 at SUSECVE-2023-53743 at NVDCVE-2023-53744 at SUSECVE-2023-53744 at NVDCVE-2023-53746 at SUSECVE-2023-53746 at NVDCVE-2023-53747 at SUSECVE-2023-53747 at NVDCVE-2023-53751 at SUSECVE-2023-53751 at NVDCVE-2023-53753 at SUSECVE-2023-53753 at NVDCVE-2023-53754 at SUSECVE-2023-53754 at NVDCVE-2023-53755 at SUSECVE-2023-53755 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53766 at SUSECVE-2023-53766 at NVDCVE-2023-53769 at SUSECVE-2023-53769 at NVDCVE-2023-53780 at SUSECVE-2023-53780 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-53783 at SUSECVE-2023-53783 at NVDCVE-2023-53786 at SUSECVE-2023-53786 at NVDCVE-2023-53788 at SUSECVE-2023-53788 at NVDCVE-2023-53792 at SUSECVE-2023-53792 at NVDCVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53801 at SUSECVE-2023-53801 at NVDCVE-2023-53802 at SUSECVE-2023-53802 at NVDCVE-2023-53803 at SUSECVE-2023-53803 at NVDCVE-2023-53804 at SUSECVE-2023-53804 at NVDCVE-2023-53806 at SUSECVE-2023-53806 at NVDCVE-2023-53808 at SUSECVE-2023-53808 at NVDCVE-2023-53811 at SUSECVE-2023-53811 at NVDCVE-2023-53814 at SUSECVE-2023-53814 at NVDCVE-2023-53816 at SUSECVE-2023-53816 at NVDCVE-2023-53818 at SUSECVE-2023-53818 at NVDCVE-2023-53819 at SUSECVE-2023-53819 at NVDCVE-2023-53820 at SUSECVE-2023-53820 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2023-53828 at SUSECVE-2023-53828 at NVDCVE-2023-53830 at SUSECVE-2023-53830 at NVDCVE-2023-53832 at SUSECVE-2023-53832 at NVDCVE-2023-53833 at SUSECVE-2023-53833 at NVDCVE-2023-53834 at SUSECVE-2023-53834 at NVDCVE-2023-53837 at SUSECVE-2023-53837 at NVDCVE-2023-53840 at SUSECVE-2023-53840 at NVDCVE-2023-53842 at SUSECVE-2023-53842 at NVDCVE-2023-53844 at SUSECVE-2023-53844 at NVDCVE-2023-53845 at SUSECVE-2023-53845 at NVDCVE-2023-53847 at SUSECVE-2023-53847 at NVDCVE-2023-53848 at SUSECVE-2023-53848 at NVDCVE-2023-53849 at SUSECVE-2023-53849 at NVDCVE-2023-53850 at SUSECVE-2023-53850 at NVDCVE-2023-53852 at SUSECVE-2023-53852 at NVDCVE-2023-53858 at SUSECVE-2023-53858 at NVDCVE-2023-53860 at SUSECVE-2023-53860 at NVDCVE-2023-53862 at SUSECVE-2023-53862 at NVDCVE-2023-53864 at SUSECVE-2023-53864 at NVDCVE-2023-53866 at SUSECVE-2023-53866 at NVDCVE-2023-53989 at SUSECVE-2023-53989 at NVDCVE-2023-53990 at SUSECVE-2023-53990 at NVDCVE-2023-53991 at SUSECVE-2023-53991 at NVDCVE-2023-53996 at SUSECVE-2023-53996 at NVDCVE-2023-53998 at SUSECVE-2023-53998 at NVDCVE-2023-54001 at SUSECVE-2023-54001 at NVDCVE-2023-54003 at SUSECVE-2023-54003 at NVDCVE-2023-54007 at SUSECVE-2023-54007 at NVDCVE-2023-54009 at SUSECVE-2023-54009 at NVDCVE-2023-54010 at SUSECVE-2023-54010 at NVDCVE-2023-54014 at SUSECVE-2023-54014 at NVDCVE-2023-54015 at SUSECVE-2023-54015 at NVDCVE-2023-54017 at SUSECVE-2023-54017 at NVDCVE-2023-54018 at SUSECVE-2023-54018 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54020 at SUSECVE-2023-54020 at NVDCVE-2023-54021 at SUSECVE-2023-54021 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54025 at SUSECVE-2023-54025 at NVDCVE-2023-54026 at SUSECVE-2023-54026 at NVDCVE-2023-54028 at SUSECVE-2023-54028 at NVDCVE-2023-54036 at SUSECVE-2023-54036 at NVDCVE-2023-54039 at SUSECVE-2023-54039 at NVDCVE-2023-54040 at SUSECVE-2023-54040 at NVDCVE-2023-54041 at SUSECVE-2023-54041 at NVDCVE-2023-54042 at SUSECVE-2023-54042 at NVDCVE-2023-54044 at SUSECVE-2023-54044 at NVDCVE-2023-54045 at SUSECVE-2023-54045 at NVDCVE-2023-54046 at SUSECVE-2023-54046 at NVDCVE-2023-54047 at SUSECVE-2023-54047 at NVDCVE-2023-54048 at SUSECVE-2023-54048 at NVDCVE-2023-54049 at SUSECVE-2023-54049 at NVDCVE-2023-54050 at SUSECVE-2023-54050 at NVDCVE-2023-54051 at SUSECVE-2023-54051 at NVDCVE-2023-54053 at SUSECVE-2023-54053 at NVDCVE-2023-54055 at SUSECVE-2023-54055 at NVDCVE-2023-54057 at SUSECVE-2023-54057 at NVDCVE-2023-54058 at SUSECVE-2023-54058 at NVDCVE-2023-54064 at SUSECVE-2023-54064 at NVDCVE-2023-54070 at SUSECVE-2023-54070 at NVDCVE-2023-54072 at SUSECVE-2023-54072 at NVDCVE-2023-54074 at SUSECVE-2023-54074 at NVDCVE-2023-54076 at SUSECVE-2023-54076 at NVDCVE-2023-54078 at SUSECVE-2023-54078 at NVDCVE-2023-54079 at SUSECVE-2023-54079 at NVDCVE-2023-54083 at SUSECVE-2023-54083 at NVDCVE-2023-54084 at SUSECVE-2023-54084 at NVDCVE-2023-54090 at SUSECVE-2023-54090 at NVDCVE-2023-54091 at SUSECVE-2023-54091 at NVDCVE-2023-54092 at SUSECVE-2023-54092 at NVDCVE-2023-54095 at SUSECVE-2023-54095 at NVDCVE-2023-54096 at SUSECVE-2023-54096 at NVDCVE-2023-54097 at SUSECVE-2023-54097 at NVDCVE-2023-54098 at SUSECVE-2023-54098 at NVDCVE-2023-54100 at SUSECVE-2023-54100 at NVDCVE-2023-54102 at SUSECVE-2023-54102 at NVDCVE-2023-54104 at SUSECVE-2023-54104 at NVDCVE-2023-54106 at SUSECVE-2023-54106 at NVDCVE-2023-54107 at SUSECVE-2023-54107 at NVDCVE-2023-54108 at SUSECVE-2023-54108 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54111 at SUSECVE-2023-54111 at NVDCVE-2023-54114 at SUSECVE-2023-54114 at NVDCVE-2023-54115 at SUSECVE-2023-54115 at NVDCVE-2023-54116 at SUSECVE-2023-54116 at NVDCVE-2023-54118 at SUSECVE-2023-54118 at NVDCVE-2023-54119 at SUSECVE-2023-54119 at NVDCVE-2023-54120 at SUSECVE-2023-54120 at NVDCVE-2023-54122 at SUSECVE-2023-54122 at NVDCVE-2023-54123 at SUSECVE-2023-54123 at NVDCVE-2023-54126 at SUSECVE-2023-54126 at NVDCVE-2023-54127 at SUSECVE-2023-54127 at NVDCVE-2023-54128 at SUSECVE-2023-54128 at NVDCVE-2023-54130 at SUSECVE-2023-54130 at NVDCVE-2023-54131 at SUSECVE-2023-54131 at NVDCVE-2023-54132 at SUSECVE-2023-54132 at NVDCVE-2023-54134 at SUSECVE-2023-54134 at NVDCVE-2023-54136 at SUSECVE-2023-54136 at NVDCVE-2023-54138 at SUSECVE-2023-54138 at NVDCVE-2023-54140 at SUSECVE-2023-54140 at NVDCVE-2023-54144 at SUSECVE-2023-54144 at NVDCVE-2023-54146 at SUSECVE-2023-54146 at NVDCVE-2023-54148 at SUSECVE-2023-54148 at NVDCVE-2023-54150 at SUSECVE-2023-54150 at NVDCVE-2023-54153 at SUSECVE-2023-54153 at NVDCVE-2023-54156 at SUSECVE-2023-54156 at NVDCVE-2023-54159 at SUSECVE-2023-54159 at NVDCVE-2023-54164 at SUSECVE-2023-54164 at NVDCVE-2023-54166 at SUSECVE-2023-54166 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54169 at SUSECVE-2023-54169 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54171 at SUSECVE-2023-54171 at NVDCVE-2023-54173 at SUSECVE-2023-54173 at NVDCVE-2023-54175 at SUSECVE-2023-54175 at NVDCVE-2023-54177 at SUSECVE-2023-54177 at NVDCVE-2023-54179 at SUSECVE-2023-54179 at NVDCVE-2023-54183 at SUSECVE-2023-54183 at NVDCVE-2023-54186 at SUSECVE-2023-54186 at NVDCVE-2023-54189 at SUSECVE-2023-54189 at NVDCVE-2023-54190 at SUSECVE-2023-54190 at NVDCVE-2023-54194 at SUSECVE-2023-54194 at NVDCVE-2023-54197 at SUSECVE-2023-54197 at NVDCVE-2023-54198 at SUSECVE-2023-54198 at NVDCVE-2023-54199 at SUSECVE-2023-54199 at NVDCVE-2023-54201 at SUSECVE-2023-54201 at NVDCVE-2023-54202 at SUSECVE-2023-54202 at NVDCVE-2023-54205 at SUSECVE-2023-54205 at NVDCVE-2023-54208 at SUSECVE-2023-54208 at NVDCVE-2023-54210 at SUSECVE-2023-54210 at NVDCVE-2023-54211 at SUSECVE-2023-54211 at NVDCVE-2023-54213 at SUSECVE-2023-54213 at NVDCVE-2023-54214 at SUSECVE-2023-54214 at NVDCVE-2023-54219 at SUSECVE-2023-54219 at NVDCVE-2023-54226 at SUSECVE-2023-54226 at NVDCVE-2023-54229 at SUSECVE-2023-54229 at NVDCVE-2023-54230 at SUSECVE-2023-54230 at NVDCVE-2023-54234 at SUSECVE-2023-54234 at NVDCVE-2023-54236 at SUSECVE-2023-54236 at NVDCVE-2023-54238 at SUSECVE-2023-54238 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54244 at SUSECVE-2023-54244 at NVDCVE-2023-54245 at SUSECVE-2023-54245 at NVDCVE-2023-54251 at SUSECVE-2023-54251 at NVDCVE-2023-54252 at SUSECVE-2023-54252 at NVDCVE-2023-54254 at SUSECVE-2023-54254 at NVDCVE-2023-54260 at SUSECVE-2023-54260 at NVDCVE-2023-54262 at SUSECVE-2023-54262 at NVDCVE-2023-54264 at SUSECVE-2023-54264 at NVDCVE-2023-54266 at SUSECVE-2023-54266 at NVDCVE-2023-54267 at SUSECVE-2023-54267 at NVDCVE-2023-54269 at SUSECVE-2023-54269 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2023-54271 at SUSECVE-2023-54271 at NVDCVE-2023-54274 at SUSECVE-2023-54274 at NVDCVE-2023-54275 at SUSECVE-2023-54275 at NVDCVE-2023-54277 at SUSECVE-2023-54277 at NVDCVE-2023-54280 at SUSECVE-2023-54280 at NVDCVE-2023-54284 at SUSECVE-2023-54284 at NVDCVE-2023-54286 at SUSECVE-2023-54286 at NVDCVE-2023-54287 at SUSECVE-2023-54287 at NVDCVE-2023-54289 at SUSECVE-2023-54289 at NVDCVE-2023-54292 at SUSECVE-2023-54292 at NVDCVE-2023-54293 at SUSECVE-2023-54293 at NVDCVE-2023-54294 at SUSECVE-2023-54294 at NVDCVE-2023-54295 at SUSECVE-2023-54295 at NVDCVE-2023-54298 at SUSECVE-2023-54298 at NVDCVE-2023-54299 at SUSECVE-2023-54299 at NVDCVE-2023-54300 at SUSECVE-2023-54300 at NVDCVE-2023-54301 at SUSECVE-2023-54301 at NVDCVE-2023-54302 at SUSECVE-2023-54302 at NVDCVE-2023-54304 at SUSECVE-2023-54304 at NVDCVE-2023-54305 at SUSECVE-2023-54305 at NVDCVE-2023-54309 at SUSECVE-2023-54309 at NVDCVE-2023-54311 at SUSECVE-2023-54311 at NVDCVE-2023-54315 at SUSECVE-2023-54315 at NVDCVE-2023-54317 at SUSECVE-2023-54317 at NVDCVE-2023-54319 at SUSECVE-2023-54319 at NVDCVE-2023-54320 at SUSECVE-2023-54320 at NVDCVE-2023-54321 at SUSECVE-2023-54321 at NVDCVE-2023-54322 at SUSECVE-2023-54322 at NVDCVE-2023-54325 at SUSECVE-2023-54325 at NVDCVE-2023-54326 at SUSECVE-2023-54326 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2024-56590 at SUSECVE-2024-56590 at NVDCVE-2025-39977 at SUSECVE-2025-39977 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40258 at SUSECVE-2025-40258 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68218 at SUSECVE-2025-68218 at NVDCVE-2025-68732 at SUSECVE-2025-68732 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm rebuilds it against the current GO security release.
Importantcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- Fix type signess in fbcon_set_font() (bsc#1252033).
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
ImportantSUSE bug 1233640SUSE bug 1249806SUSE bug 1251786SUSE bug 1252267SUSE bug 1252780SUSE bug 1252862SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40048 at SUSECVE-2025-40048 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:sle-micro:5.5Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
ModerateSUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).
ModerateSUSE bug 1255764SUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDCVE-2025-69277 at SUSECVE-2025-69277 at NVDcpe:/o:suse:sle-micro:5.5Security update for abseil-cpp (Moderate)SUSE Linux Enterprise Micro 5.5
This update for abseil-cpp fixes the following issues:
Update to 20240116.3
- CVE-2025-0838: Fixed potential integer overflow in hash container create/resize (bsc#1237543).
ModerateSUSE bug 1237543CVE-2025-0838 at SUSECVE-2025-0838 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Important)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issues:
- CVE-2024-6505: qemu-kvm: virtio-net: Fixed queue index
out-of-bounds access in software RSS (bsc#1227397)
- CVE-2025-12464: net: pad packets to minimum length in
qemu_receive_packet() (bsc#1253002)
- CVE-2025-11234: qemu-kvm: Fixed use-after-free in websocket
handshake code leading to denial of service (bsc#1250984)
Other fixes:
- Fixed *-virtio-gpu-pci dependency on ARM (bsc#1254286)
- block/curl: Fixed curl internal handles handling (bsc#1252768)
ImportantSUSE bug 1227397SUSE bug 1250984SUSE bug 1252768SUSE bug 1253002SUSE bug 1254286CVE-2024-6505 at SUSECVE-2024-6505 at NVDCVE-2025-11234 at SUSECVE-2025-11234 at NVDCVE-2025-12464 at SUSECVE-2025-12464 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application
crash due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256805)
LowSUSE bug 1256805CVE-2026-0989 at SUSECVE-2026-0989 at NVDcpe:/o:suse:sle-micro:5.5Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.5
This update for rsync fixes the following issues:
- CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441)
ModerateSUSE bug 1254441CVE-2025-10158 at SUSECVE-2025-10158 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.5
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
ImportantSUSE bug 1256902CVE-2026-23490 at SUSECVE-2026-23490 at NVDcpe:/o:suse:sle-micro:5.5Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
ModerateSUSE bug 1248586SUSE bug 1254670CVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-urllib3_1 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
ModerateSUSE bug 1254866SUSE bug 1254867SUSE bug 1256331CVE-2025-66418 at SUSECVE-2025-66418 at NVDCVE-2025-66471 at SUSECVE-2025-66471 at NVDCVE-2026-21441 at SUSECVE-2026-21441 at NVDcpe:/o:suse:sle-micro:5.5Security update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda (Important)SUSE Linux Enterprise Micro 5.5
This update for nvidia-modprobe.cuda, nvidia-open-driver-G06-signed, nvidia-persistenced.cuda fixes the following issues:
Changes in nvidia-open-driver-G06-signed:
- updated CUDA variant to version 580.126.09
- update non-CUDA variant to version 580.126.09 (bsc#1255858)
- update non-CUDA variant to version 580.119.02 (bsc#1254801)
Changes in nvidia-persistenced.cuda:
- update to version 580.126.09
Changes in nvidia-modprobe.cuda:
- update to version 580.126.09
ImportantSUSE bug 1254801SUSE bug 1255858cpe:/o:suse:sle-micro:5.5Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.5
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
ImportantSUSE bug 1257049CVE-2026-0988 at SUSECVE-2026-0988 at NVDcpe:/o:suse:sle-micro:5.5Security update for rust-keylime (Important)SUSE Linux Enterprise Micro 5.5
This update for rust-keylime fixes the following issues:
Update to version 0.2.8+116.
Security issues fixed:
- CVE-2026-25727: time: parsing of user-provided input by the RFC 2822 date parser can lead to stack exhaustion
(bsc#1257908).
Other updates and bugfixes:
- Update vendored crates `time` to version 0.3.47.
- Update to version 0.2.8+116:
* build(deps): bump bytes from 1.7.2 to 1.11.1
* api: Modify /version endpoint output in version 2.5
* Add API v2.5 with backward-compatible /v2.5/quotes/integrity
* tests: add unit test for resolve_agent_id (#1182)
* (pull-model): enable retry logic for registration
* rpm: Update specfiles to apply on master
* workflows: Add test to detect unused crates
* lib: Drop unused crates
* push-model: Drop unused crates
* keylime-agent: Drop unused crates
* build(deps): bump uuid from 1.18.1 to 1.19.0
* Update reqwest-retry to 0.8, retry-policies to 0.5
* rpm: Fix cargo_build macro usage on CentOS Stream
* fix(push-model): resolve hash_ek uuid to actual EK hash
* build(deps): bump thiserror from 2.0.16 to 2.0.17
* workflows: Separate upstream test suite from e2e coverage
* Send UEFI measured boot logs as raw bytes (#1173)
* auth: Add unit tests for SecretToken implementation
* packit: Enable push-attestation tests
* resilient_client: Prevent authentication token leakage in logs
- Use tmpfiles.d for /var directories (PED-14736)
- Update to version 0.2.8+96:
* build(deps): bump wiremock from 0.6.4 to 0.6.5
* build(deps): bump actions/checkout from 5 to 6
* build(deps): bump chrono from 0.4.41 to 0.4.42
* packit: Get coverage from Fedora 43 runs
* Fix issues pointed out by clippy
* Replace mutex unwraps with proper error handling in TPM library
* Remove unused session request methods from StructureFiller
* Fix config panic on missing ek_handle in push model agent
* build(deps): bump tempfile from 3.21.0 to 3.23.0
* build(deps): bump actions/upload-artifact from 4 to 6 (#1163)
* Fix clippy warnings project-wide
* Add KEYLIME_DIR support for verifier TLS certificates in push model agent
* Thread privileged resources and use MeasurementList for IMA reading
* Add privileged resource initialization and privilege dropping to push model agent
* Fix privilege dropping order in run_as()
* add documentation on FQDN hostnames
* Remove confusing logs for push mode agent
* Set correct default Verifier port (8891->8881) (#1159)
* Add verifier_url to reference configuration file (#1158)
* Add TLS support for Registrar communication (#1139)
* Fix agent handling of 403 registration responses (#1154)
* Add minor README.md rephrasing (#1151)
* build(deps): bump actions/checkout from 5 to 6 (#1153)
* ci: update spec files for packit COPR build
* docs: improve challenge encoding and async TPM documentation
* refactor: improve middleware and error handling
* feat: add authentication client with middleware integration
* docker: Include keylime_push_model_agent binary
* Include attestation_interval configuration (#1146)
* Persist payload keys to avoid attestation failure on restart
* crypto: Implement the load or generate pattern for keys
* Use simple algorithm specifiers in certification_keys object (#1140)
* tests: Enable more tests in CI
* Fix RSA2048 algorithm reporting in keylime agent
* Remove disabled_signing_algorithms configuration
* rpm: Fix metadata patches to apply to current code
* workflows/rpm.yml: Use more strict patching
* build(deps): bump uuid from 1.17.0 to 1.18.1
* Fix ECC algorithm selection and reporting for keylime agent
* Improve logging consistency and coherency
* Implement minimal RFC compliance for Location header and URI parsing (#1125)
* Use separate keys for payload mechanism and mTLS
* docker: update rust to 1.81 for distroless Dockerfile
* Ensure UEFI log capabilities are set to false
* build(deps): bump http from 1.1.0 to 1.3.1
* build(deps): bump log from 0.4.27 to 0.4.28
* build(deps): bump cfg-if from 1.0.1 to 1.0.3
* build(deps): bump actix-rt from 2.10.0 to 2.11.0
* build(deps): bump async-trait from 0.1.88 to 0.1.89
* build(deps): bump trybuild from 1.0.105 to 1.0.110
* Accept evidence handling structures null entries
* workflows: Add test to check if RPM patches still apply
* CI: Enable test add-agent-with-malformed-ek-cert
* config: Fix singleton tests
* FSM: Remove needless lifetime annotations (#1105)
* rpm: Do not remove wiremock which is now available in Fedora
* Use latest Fedora httpdate version (1.0.3)
* Enhance coverage with parse_retry_after test
* Fix issues reported by CI regarding unwrap() calls
* Reuse max retries indicated to the ResilientClient
* Include limit of retries to 5 for Retry-After
* Add policy to handle Retry-After response headers
* build(deps): bump wiremock from 0.6.3 to 0.6.4
* build(deps): bump serde_json from 1.0.140 to 1.0.143
* build(deps): bump pest_derive from 2.8.0 to 2.8.1
* build(deps): bump syn from 2.0.90 to 2.0.106
* build(deps): bump tempfile from 3.20.0 to 3.21.0
* build(deps): bump thiserror from 2.0.12 to 2.0.16
* rpm: Fix patches to apply to current master code
* build(deps): bump anyhow from 1.0.98 to 1.0.99
* state_machine: Automatically clean config override during tests
* config: Implement singleton and factory pattern
* testing: Support overriding configuration during tests
* feat: implement standalone challenge-response authentication module
* structures: rename session structs for clarity and fix typos
* tpm: refactor certify_credential_with_iak() into a more generic function
* Add Push Model Agent Mermaid FSM chart (#1095)
* Add state to avoid exiting on wrong attestation (#1093)
* Add 6 alphanumeric lowercase X-Request-ID header
* Enhance Evidence Handling response parsing
* build(deps): bump quote from 1.0.35 to 1.0.40
* build(deps): bump libc from 0.2.172 to 0.2.175
* build(deps): bump glob from 0.3.2 to 0.3.3
* build(deps): bump actix-web from 4.10.2 to 4.11.0
ImportantSUSE bug 1257908CVE-2026-25727 at SUSECVE-2026-25727 at NVDcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
The following non security issues were fixed:
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1220137SUSE bug 1220144SUSE bug 1222323SUSE bug 1223007SUSE bug 1225049SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1252785SUSE bug 1253028SUSE bug 1253087SUSE bug 1253409SUSE bug 1253702SUSE bug 1254447SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254465SUSE bug 1254767SUSE bug 1254842SUSE bug 1255171SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255594SUSE bug 1255908SUSE bug 1256095SUSE bug 1256582SUSE bug 1256612SUSE bug 1256623SUSE bug 1256641SUSE bug 1256726SUSE bug 1256744SUSE bug 1256779SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52874 at SUSECVE-2023-52874 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2023-53714 at SUSECVE-2023-53714 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-68771 at SUSECVE-2025-68771 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm rebuilds it against the current GO security release.
Importantcpe:/o:suse:sle-micro:5.5Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-40257: mptcp: fix a race in mptcp_pm_del_add_timer() (bsc#1254842).
- CVE-2025-40300: Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483).
- CVE-2025-68183: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (bsc#1255251).
- CVE-2025-68284: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (bsc#1255377).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-68771: ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2025-71116: libceph: make decode_pool() more resilient against corrupted osdmaps (bsc#1256744).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
The following non security issues were fixed:
- Revert 'ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582)'.
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (bsc#1253087 bsc#1254447).
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- x86: make page fault handling disable interrupts properly (git-fixes).
ImportantSUSE bug 1220137SUSE bug 1220144SUSE bug 1222323SUSE bug 1223007SUSE bug 1225049SUSE bug 1233038SUSE bug 1235905SUSE bug 1236104SUSE bug 1236208SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1244758SUSE bug 1244904SUSE bug 1245110SUSE bug 1245210SUSE bug 1245723SUSE bug 1245751SUSE bug 1247177SUSE bug 1247483SUSE bug 1248306SUSE bug 1248377SUSE bug 1249156SUSE bug 1249158SUSE bug 1249827SUSE bug 1252785SUSE bug 1253028SUSE bug 1253087SUSE bug 1253409SUSE bug 1253702SUSE bug 1254447SUSE bug 1254462SUSE bug 1254463SUSE bug 1254464SUSE bug 1254465SUSE bug 1254767SUSE bug 1254842SUSE bug 1255171SUSE bug 1255251SUSE bug 1255377SUSE bug 1255401SUSE bug 1255594SUSE bug 1255908SUSE bug 1256095SUSE bug 1256582SUSE bug 1256612SUSE bug 1256623SUSE bug 1256641SUSE bug 1256726SUSE bug 1256744SUSE bug 1256779SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236SUSE bug 1257296SUSE bug 1257473CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50232 at SUSECVE-2022-50232 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52874 at SUSECVE-2023-52874 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53407 at SUSECVE-2023-53407 at NVDCVE-2023-53412 at SUSECVE-2023-53412 at NVDCVE-2023-53417 at SUSECVE-2023-53417 at NVDCVE-2023-53418 at SUSECVE-2023-53418 at NVDCVE-2023-53714 at SUSECVE-2023-53714 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-50143 at SUSECVE-2024-50143 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21658 at SUSECVE-2025-21658 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-38684 at SUSECVE-2025-38684 at NVDCVE-2025-40044 at SUSECVE-2025-40044 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-40257 at SUSECVE-2025-40257 at NVDCVE-2025-40300 at SUSECVE-2025-40300 at NVDCVE-2025-68183 at SUSECVE-2025-68183 at NVDCVE-2025-68284 at SUSECVE-2025-68284 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-68771 at SUSECVE-2025-68771 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2025-71116 at SUSECVE-2025-71116 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer
overflow (bsc#1257598).
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
ImportantSUSE bug 1243422SUSE bug 1256418SUSE bug 1257598CVE-2025-4476 at SUSECVE-2025-4476 at NVDCVE-2026-0716 at SUSECVE-2026-0716 at NVDCVE-2026-1761 at SUSECVE-2026-1761 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
ModerateSUSE bug 1255731SUSE bug 1255732SUSE bug 1255733SUSE bug 1255734SUSE bug 1256105CVE-2025-14017 at SUSECVE-2025-14017 at NVDCVE-2025-14524 at SUSECVE-2025-14524 at NVDCVE-2025-14819 at SUSECVE-2025-14819 at NVDCVE-2025-15079 at SUSECVE-2025-15079 at NVDCVE-2025-15224 at SUSECVE-2025-15224 at NVDcpe:/o:suse:sle-micro:5.5Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.5
This update for protobuf fixes the following issues:
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.5Security update for openCryptoki (Moderate)SUSE Linux Enterprise Micro 5.5
This update for openCryptoki fixes the following issues:
Security fixes:
- CVE-2026-23893: Fixed privilege escalation or data exposure via symlink following (bsc#1257116)
Other fixes:
- Fixed FIPS mode (bsc#1248002)
ModerateSUSE bug 1248002SUSE bug 1257116CVE-2026-23893 at SUSECVE-2026-23893 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
- CVE-2025-8732: Fixed an infinite recursion in catalog parsing functions when processing malformed SGML catalog files. (bsc#1247858)
ModerateSUSE bug 1247850SUSE bug 1247858SUSE bug 1250553SUSE bug 1256807SUSE bug 1256808SUSE bug 1256809SUSE bug 1256811SUSE bug 1256812SUSE bug 1257593SUSE bug 1257594SUSE bug 1257595CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2025-8732 at SUSECVE-2025-8732 at NVDCVE-2026-0990 at SUSECVE-2026-0990 at NVDCVE-2026-0992 at SUSECVE-2026-0992 at NVDCVE-2026-1757 at SUSECVE-2026-1757 at NVDcpe:/o:suse:sle-micro:5.5Security update for libpcap (Low)SUSE Linux Enterprise Micro 5.5
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
LowSUSE bug 1255765CVE-2025-11961 at SUSECVE-2025-11961 at NVDcpe:/o:suse:sle-micro:5.5Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.5
This update for avahi fixes the following issues:
- CVE-2025-68276: Fixed refuse to create wide-area record browsers when
wide-area is off (bsc#1256498)
- CVE-2025-68471: Fixed DoS bug by changing assert to return (bsc#1256500)
- CVE-2025-68468: Fixed DoS bug by removing incorrect assertion (bsc#1256499)
ModerateSUSE bug 1256498SUSE bug 1256499SUSE bug 1256500CVE-2025-68276 at SUSECVE-2025-68276 at NVDCVE-2025-68468 at SUSECVE-2025-68468 at NVDCVE-2025-68471 at SUSECVE-2025-68471 at NVDcpe:/o:suse:sle-micro:5.5Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.5
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
ImportantSUSE bug 1256525SUSE bug 1256526SUSE bug 1257364SUSE bug 1257365SUSE bug 1258020CVE-2025-28162 at SUSECVE-2025-28162 at NVDCVE-2025-28164 at SUSECVE-2025-28164 at NVDCVE-2026-22695 at SUSECVE-2026-22695 at NVDCVE-2026-22801 at SUSECVE-2026-22801 at NVDCVE-2026-25646 at SUSECVE-2026-25646 at NVDcpe:/o:suse:sle-micro:5.5Security update for capstone (Moderate)SUSE Linux Enterprise Micro 5.5
This update for capstone fixes the following issues:
Security issues fixed:
- CVE-2025-67873: missing bounds check on user-provided skipdata callback can lead to a heap buffer overflow
(bsc#1255309).
- CVE-2025-68114: unchecked `vsnprintf` return value can lead to a stack buffer overflow (bsc#1255310).
Other updates and bugfixes:
- Enable static library, and add `libcapstone-devel-static` subpackage.
ModerateSUSE bug 1255309SUSE bug 1255310CVE-2025-67873 at SUSECVE-2025-67873 at NVDCVE-2025-68114 at SUSECVE-2025-68114 at NVDcpe:/o:suse:sle-micro:5.5Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.5
This update for protobuf fixes the following issues:i
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:sle-micro:5.5Security update for python3 (Important)SUSE Linux Enterprise Micro 5.5
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
ImportantSUSE bug 1257029SUSE bug 1257031SUSE bug 1257041SUSE bug 1257042SUSE bug 1257044SUSE bug 1257046CVE-2025-11468 at SUSECVE-2025-11468 at NVDCVE-2025-15282 at SUSECVE-2025-15282 at NVDCVE-2025-15366 at SUSECVE-2025-15366 at NVDCVE-2025-15367 at SUSECVE-2025-15367 at NVDCVE-2026-0672 at SUSECVE-2026-0672 at NVDCVE-2026-0865 at SUSECVE-2026-0865 at NVDcpe:/o:suse:sle-micro:5.5Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.5
This update for docker fixes the following issues:
- CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904)
ModerateSUSE bug 1253904CVE-2025-58181 at SUSECVE-2025-58181 at NVDcpe:/o:suse:sle-micro:5.5Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for
some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
ImportantSUSE bug 1229129SUSE bug 1258046CVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2025-31648 at SUSECVE-2025-31648 at NVDcpe:/o:suse:sle-micro:5.5Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.5
This update for podman fixes the following issues:
- CVE-2025-47914: Fixed ssh-agent that could cause a panic due to an
out-of-bounds read with non validated message size (bsc#1253993)
ModerateSUSE bug 1253993CVE-2025-47914 at SUSECVE-2025-47914 at NVDcpe:/o:suse:sle-micro:5.5Security update for gpg2 (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
ModerateSUSE bug 1256389cpe:/o:suse:sle-micro:5.5Security update for shim (Moderate)SUSE Linux Enterprise Micro 5.5
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
ModerateSUSE bug 1240871SUSE bug 1247432CVE-2024-2312 at SUSECVE-2024-2312 at NVDcpe:/o:suse:sle-micro:5.5Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.5
This update for zlib fixes the following issue:
- CVE-2026-27171: Fixed infinite loop via the `crc32_combine64` and `crc32_combine_gen64` functions due to missing
checks for negative lengths (bsc#1258392).
ModerateSUSE bug 1258392CVE-2026-27171 at SUSECVE-2026-27171 at NVDcpe:/o:suse:sle-micro:5.5Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libvirt fixes the following issues:
Security fixes:
- CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
- CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)
Other fixes:
- libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)
ModerateSUSE bug 1251822SUSE bug 1253278SUSE bug 1253703CVE-2025-12748 at SUSECVE-2025-12748 at NVDCVE-2025-13193 at SUSECVE-2025-13193 at NVDcpe:/o:suse:sle-micro:5.5Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.5
This update for libxslt fixes the following issues:
- CVE-2025-10911: use-after-free will be fixed on libxml2 side instead (bsc#1250553).
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:sle-micro:5.5Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.5
This update for mozilla-nss fixes the following issues:
Update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
ModerateSUSE bug 1258568CVE-2026-2781 at SUSECVE-2026-2781 at NVDcpe:/o:suse:sle-micro:5.5Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.5
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
ModerateSUSE bug 1257144SUSE bug 1257496CVE-2026-24515 at SUSECVE-2026-24515 at NVDCVE-2026-25210 at SUSECVE-2026-25210 at NVDcpe:/o:suse:sle-micro:5.5Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.5
This update for libsoup2 fixes the following issues:
- CVE-2025-32049: denial of service attack to websocket server (bsc#1240751).
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
ImportantSUSE bug 1240751SUSE bug 1257398SUSE bug 1257441SUSE bug 1257597SUSE bug 1258120SUSE bug 1258170SUSE bug 1258508CVE-2025-32049 at SUSECVE-2025-32049 at NVDCVE-2026-1467 at SUSECVE-2026-1467 at NVDCVE-2026-1539 at SUSECVE-2026-1539 at NVDCVE-2026-1760 at SUSECVE-2026-1760 at NVDCVE-2026-2369 at SUSECVE-2026-2369 at NVDCVE-2026-2443 at SUSECVE-2026-2443 at NVDCVE-2026-2708 at SUSECVE-2026-2708 at NVDcpe:/o:suse:sle-micro:5.5Security update for python-tornado (Moderate)SUSE Linux Enterprise Micro 5.5
This update for python-tornado fixes the following issue:
- CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903).
ModerateSUSE bug 1254903CVE-2025-67724 at SUSECVE-2025-67724 at NVDcpe:/o:suse:sle-micro:5.5Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.5
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
ModerateSUSE bug 1258859CVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:sle-micro:5.5Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.5
This update for gnutls fixes the following issues:
- CVE-2025-14831: excessive resource consumption when verifying specially crafted malicious certificates containing
a large number of name constraints and subject alternative names (SANs) (bsc#1257960).
ModerateSUSE bug 1257960CVE-2025-14831 at SUSECVE-2025-14831 at NVDcpe:/o:suse:sle-micro:5.5Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.5
This update for qemu fixes the following issue:
- CVE-2025-14876: qemu-kvm: Unbounded allocation in virtio-crypto (bsc#1255400).
ModerateSUSE bug 1255400CVE-2025-14876 at SUSECVE-2025-14876 at NVDcpe:/o:suse:sle-micro:5.5Security update for glibc (Important)SUSE Linux Enterprise Micro 5.5
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
ImportantSUSE bug 1246965SUSE bug 1256766SUSE bug 1256822SUSE bug 1257005CVE-2025-15281 at SUSECVE-2025-15281 at NVDCVE-2025-8058 at SUSECVE-2025-8058 at NVDCVE-2026-0861 at SUSECVE-2026-0861 at NVDCVE-2026-0915 at SUSECVE-2026-0915 at NVDcpe:/o:suse:sle-micro:5.5Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.5
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: Fixed that a crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
- CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052)
- CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053)
- CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054)
- CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault
- CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056)
ModerateSUSE bug 1246602SUSE bug 1258229SUSE bug 1259051SUSE bug 1259052SUSE bug 1259053SUSE bug 1259054SUSE bug 1259055SUSE bug 1259056CVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2026-26269 at SUSECVE-2026-26269 at NVDCVE-2026-28417 at SUSECVE-2026-28417 at NVDCVE-2026-28418 at SUSECVE-2026-28418 at NVDCVE-2026-28419 at SUSECVE-2026-28419 at NVDCVE-2026-28420 at SUSECVE-2026-28420 at NVDCVE-2026-28421 at SUSECVE-2026-28421 at NVDCVE-2026-28422 at SUSECVE-2026-28422 at NVDcpe:/o:suse:sle-micro:5.5Security update for curl (Important)SUSE Linux Enterprise Micro 5.5
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
ImportantSUSE bug 1259362SUSE bug 1259363SUSE bug 1259364SUSE bug 1259365CVE-2026-1965 at SUSECVE-2026-1965 at NVDCVE-2026-3783 at SUSECVE-2026-3783 at NVDCVE-2026-3784 at SUSECVE-2026-3784 at NVDCVE-2026-3805 at SUSECVE-2026-3805 at NVDcpe:/o:suse:sle-micro:5.5Security update for jq (Low)SUSE Linux Enterprise Micro 5.5
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
LowSUSE bug 1248600CVE-2025-9403 at SUSECVE-2025-9403 at NVDcpe:/o:suse:sle-micro:5.5Security update for helm (Important)SUSE Linux Enterprise Micro 5.5
This update for helm rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.5Security update for runc (Important)SUSE Linux Enterprise Micro 5.5
This update for runc rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.5Security update for docker (Important)SUSE Linux Enterprise Micro 5.5
This update for docker rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:sle-micro:5.5Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.0
This update for curl fixes the following issues:
- CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934)
- CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933)
ModerateSUSE bug 1183933SUSE bug 1183934CVE-2021-22876 at SUSECVE-2021-22876 at NVDCVE-2021-22890 at SUSECVE-2021-22890 at NVDcpe:/o:suse:suse-microos:5.0Security update for MozillaFirefox (Important)SUSE Linux Enterprise Micro 5.0
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.9.0 ESR (MFSA 2021-11, bsc#1183942)
* CVE-2021-23981: Texture upload into an unbound backing buffer resulted in an out-of-bound read
* CVE-2021-23982: Internal network hosts could have been probed by a malicious webpage
* CVE-2021-23984: Malicious extensions could have spoofed popup information
* CVE-2021-23987: Memory safety bugs
ImportantSUSE bug 1183942CVE-2021-23981 at SUSECVE-2021-23981 at NVDCVE-2021-23982 at SUSECVE-2021-23982 at NVDCVE-2021-23984 at SUSECVE-2021-23984 at NVDCVE-2021-23987 at SUSECVE-2021-23987 at NVDcpe:/o:suse:suse-microos:5.0Security update for xen (Important)SUSE Linux Enterprise Micro 5.0
This update for xen fixes the following issues:
- CVE-2021-3308: VUL-0: xen: IRQ vector leak on x86 (bsc#1181254, XSA-360)
- CVE-2021-28687: HVM soft-reset crashes toolstack (bsc#1183072, XSA-368)
- L3: conring size for XEN HV's with huge memory to small. Inital Xen logs cut (bsc#1177204)
- L3: XEN domU crashed on resume when using the xl unpause command (bsc#1182576)
- L3: xen: no needsreboot flag set (bsc#1180690)
- kdump of HVM fails, soft-reset not handled by libxl (bsc#1179148)
- openQA job causes libvirtd to dump core when running kdump inside domain (bsc#1181989)
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1177204SUSE bug 1179148SUSE bug 1180690SUSE bug 1181254SUSE bug 1181989SUSE bug 1182576SUSE bug 1183072CVE-2021-28687 at SUSECVE-2021-28687 at NVDCVE-2021-3308 at SUSECVE-2021-3308 at NVDcpe:/o:suse:suse-microos:5.0Security update for wpa_supplicant (Moderate)SUSE Linux Enterprise Micro 5.0
This update for wpa_supplicant fixes the following issues:
- CVE-2021-30004: Fixed an issue where forging attacks might have occured because AlgorithmIdentifier
parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (bsc#1184348).
ModerateSUSE bug 1184348CVE-2021-30004 at SUSECVE-2021-30004 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).
- CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).
- CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
- CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
- CVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).
The following non-security bugs were fixed:
- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)).
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: aloop: Fix initialization of controls (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
- ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
- ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- appletalk: Fix skb allocation size in loopback case (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).
- ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
- ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- atl1c: fix error return code in atl1c_probe() (git-fixes).
- atl1e: fix error return code in atl1e_probe() (git-fixes).
- batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
- bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
- brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check pointer before freeing (bsc#1183534).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: New optype for session operations (bsc#1181507).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- clk: fix invalid usage of list cursor in register (git-fixes).
- clk: fix invalid usage of list cursor in unregister (git-fixes).
- clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530)
- dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485).
- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
- drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489)
- drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489)
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489)
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
- drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489)
- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489)
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489)
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489)
- drm/msm: Ratelimit invalid-fence message (git-fixes).
- drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489)
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472)
- drm/panfrost: Fix job timeout handling (bsc#1152472)
- drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489)
- drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489)
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472)
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- enetc: Fix reporting of h/w packet counters (git-fixes).
- epoll: check for events when removing a timed out thread from the wait queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: fix bad inode (bsc#1184211).
- fuse: fix live lock in fuse_iget() (bsc#1184211).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).
- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
- gianfar: Handle error code at MAC address change (git-fixes).
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).
- Goodix Fingerprint device is not a modem (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).
- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).
- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
- i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
- i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- iavf: use generic power management (git-fixes).
- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).
- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).
- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).
- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).
- ice: fix memory leak if register_netdev_fails (git-fixes).
- ice: fix memory leak in ice_vsi_setup (git-fixes).
- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
- ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
- ice: renegotiate link after FW DCB on (jsc#SLE-8464).
- ice: report correct max number of TCs (jsc#SLE-7926).
- ice: update the number of available RSS queues (jsc#SLE-7926).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
- iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).
- Input: applespi - do not wait for responses to commands indefinitely (git-fixes).
- Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).
- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).
- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
- iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).
- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).
- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).
- iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
- ionic: linearize tso skb with too many frags (bsc#1167773).
- kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).
- kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).
- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).
- kbuild: Fail if gold linker is detected (bcs#1181862).
- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).
- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).
- kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).
- kconfig: introduce m32-flag and m64-flag (bcs#1181862).
- KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).
- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
- KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445).
- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).
- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
- libbpf: Fix INSTALL flag order (bsc#1155518).
- libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
- lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
- locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).
- mac80211: choose first enabled channel for monitor (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- mac80211: fix TXQ AC confusion (git-fixes).
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).
- media: mceusb: Fix potential out-of-bounds shift (git-fixes).
- media: mceusb: sanity check for prescaler value (git-fixes).
- media: rc: compile rc-cec.c into rc-core (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
- media: v4l: vsp1: Fix bru null pointer access (git-fixes).
- media: v4l: vsp1: Fix uif null pointer access (git-fixes).
- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
- misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).
- misc/pvpanic: Export module FDT device table (git-fixes).
- misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).
- mISDN: fix crash in fritzpci (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).
- mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).
- mt76: dma: do not report truncated frames to mac80211 (git-fixes).
- mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
- net: b44: fix error return code in b44_init_one() (git-fixes).
- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
- netdevsim: init u64 stats for 32bit hardware (git-fixes).
- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).
- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).
- net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix reference count leak in fec series ops (git-fixes).
- net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).
- net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).
- net: gianfar: Add of_node_put() before goto statement (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
- net: hns3: Remove the left over redundant check & assignment (bsc#1154353).
- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
- net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
- net: mvneta: fix double free of txq->buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
- net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
- net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- net: wan/lmc: unregister device when no matching device is found (git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association (bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).
- objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved (git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).
- PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
- powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).
- powerpc/sstep: Fix darn emulation (bsc#1156395).
- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
- powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
- qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
- Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- rpm/check-for-config-changes: comment on the list To explain what it actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown (git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- samples/bpf: Fix possible hang in xdpsock with multiple threads (bsc#1155518).
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).
- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- stop_machine: mark helpers __always_inline (git-fixes).
- thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: downgrade message to debug (git-fixes).
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).
- USB: replace hardcode maximum usb string length by definition (git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).
- x86/ioapic: Ignore IRQ2 again (bsc#1152489).
- x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time (git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending (git-fixes).
- xen/events: fix setting irq affinity (bsc#1184583).
- xen/events: reset affinity of 2-level event when tearing it down (git-fixes).
- Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).
ImportantSUSE bug 1047233SUSE bug 1065729SUSE bug 1113295SUSE bug 1152472SUSE bug 1152489SUSE bug 1153274SUSE bug 1154353SUSE bug 1155518SUSE bug 1156256SUSE bug 1156395SUSE bug 1159280SUSE bug 1160634SUSE bug 1167574SUSE bug 1167773SUSE bug 1168777SUSE bug 1169514SUSE bug 1169709SUSE bug 1171295SUSE bug 1173485SUSE bug 1175995SUSE bug 1177326SUSE bug 1178163SUSE bug 1178181SUSE bug 1178330SUSE bug 1179454SUSE bug 1180197SUSE bug 1180980SUSE bug 1181383SUSE bug 1181507SUSE bug 1181674SUSE bug 1181862SUSE bug 1182011SUSE bug 1182077SUSE bug 1182485SUSE bug 1182552SUSE bug 1182574SUSE bug 1182591SUSE bug 1182595SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1182770SUSE bug 1182989SUSE bug 1183015SUSE bug 1183018SUSE bug 1183022SUSE bug 1183023SUSE bug 1183048SUSE bug 1183252SUSE bug 1183277SUSE bug 1183278SUSE bug 1183279SUSE bug 1183280SUSE bug 1183281SUSE bug 1183282SUSE bug 1183283SUSE bug 1183284SUSE bug 1183285SUSE bug 1183286SUSE bug 1183287SUSE bug 1183288SUSE bug 1183366SUSE bug 1183369SUSE bug 1183386SUSE bug 1183405SUSE bug 1183412SUSE bug 1183416SUSE bug 1183427SUSE bug 1183428SUSE bug 1183445SUSE bug 1183447SUSE bug 1183501SUSE bug 1183509SUSE bug 1183530SUSE bug 1183534SUSE bug 1183540SUSE bug 1183593SUSE bug 1183596SUSE bug 1183598SUSE bug 1183637SUSE bug 1183646SUSE bug 1183662SUSE bug 1183686SUSE bug 1183692SUSE bug 1183696SUSE bug 1183750SUSE bug 1183757SUSE bug 1183775SUSE bug 1183843SUSE bug 1183859SUSE bug 1183871SUSE bug 1184074SUSE bug 1184120SUSE bug 1184167SUSE bug 1184168SUSE bug 1184170SUSE bug 1184176SUSE bug 1184192SUSE bug 1184193SUSE bug 1184194SUSE bug 1184196SUSE bug 1184198SUSE bug 1184211SUSE bug 1184217SUSE bug 1184218SUSE bug 1184219SUSE bug 1184220SUSE bug 1184224SUSE bug 1184388SUSE bug 1184391SUSE bug 1184393SUSE bug 1184485SUSE bug 1184509SUSE bug 1184511SUSE bug 1184512SUSE bug 1184514SUSE bug 1184583SUSE bug 1184585SUSE bug 1184647CVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2020-36322 at SUSECVE-2020-36322 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Important)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
- CVE-2020-12829: Fix OOB access in sm501 device emulation (bsc#1172385)
- CVE-2020-25723: Fix use-after-free in usb xhci packet handling (bsc#1178934)
- CVE-2020-25084: Fix use-after-free in usb ehci packet handling (bsc#1176673)
- CVE-2020-25625: Fix infinite loop (DoS) in usb hcd-ohci emulation (bsc#1176684)
- CVE-2020-25624: Fix OOB access in usb hcd-ohci emulation (bsc#1176682)
- CVE-2020-27617: Fix guest triggerable assert in shared network handling code (bsc#1178174)
- CVE-2020-28916: Fix infinite loop (DoS) in e1000e device emulation (bsc#1179468)
- CVE-2020-29443: Fix OOB access in atapi emulation (bsc#1181108)
- CVE-2020-27821: Fix heap overflow in MSIx emulation (bsc#1179686)
- CVE-2020-15469: Fix null pointer deref. (DoS) in mmio ops (bsc#1173612)
- CVE-2021-20257: Fix infinite loop (DoS) in e1000 device emulation (bsc#1182577)
- CVE-2021-3416: Fix OOB access (stack overflow) in rtl8139 NIC emulation (bsc#1182968)
- CVE-2021-3416: Fix OOB access (stack overflow) in other NIC emulations (bsc#1182968)
- CVE-2020-27616: Fix OOB access in ati-vga emulation (bsc#1178400)
- CVE-2020-29129: Fix OOB access in SLIRP ARP/NCSI packet processing (bsc#1179466, CVE-2020-29130, bsc#1179467)
- Fix package scripts to not use hard coded paths for temporary working directories and log files (bsc#1182425)
- Add split-provides through forsplits/13 to cover updates of SLE15-SP2 to SLE15-SP3, and openSUSE equivalents (bsc#1184064)
- Added a few more usability improvements for our git packaging workflow
ImportantSUSE bug 1172385SUSE bug 1173612SUSE bug 1176673SUSE bug 1176682SUSE bug 1176684SUSE bug 1178174SUSE bug 1178400SUSE bug 1178934SUSE bug 1179466SUSE bug 1179467SUSE bug 1179468SUSE bug 1179686SUSE bug 1181108SUSE bug 1182425SUSE bug 1182577SUSE bug 1182968SUSE bug 1184064CVE-2020-12829 at SUSECVE-2020-12829 at NVDCVE-2020-15469 at SUSECVE-2020-15469 at NVDCVE-2020-25084 at SUSECVE-2020-25084 at NVDCVE-2020-25624 at SUSECVE-2020-25624 at NVDCVE-2020-25625 at SUSECVE-2020-25625 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-27616 at SUSECVE-2020-27616 at NVDCVE-2020-27617 at SUSECVE-2020-27617 at NVDCVE-2020-27821 at SUSECVE-2020-27821 at NVDCVE-2020-28916 at SUSECVE-2020-28916 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-29443 at SUSECVE-2020-29443 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3416 at SUSECVE-2021-3416 at NVDcpe:/o:suse:suse-microos:5.0Security update for sudo (Important)SUSE Linux Enterprise Micro 5.0
This update for sudo fixes the following issues:
- L3: Tenable Scan reports sudo is vulnerable to CVE-2021-3156 (bsc#1183936)
ImportantSUSE bug 1183936CVE-2021-3156 at SUSECVE-2021-3156 at NVDcpe:/o:suse:suse-microos:5.0Security update for ruby2.5 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for ruby2.5 fixes the following issues:
- Update to 2.5.9
- CVE-2021-28965: XML round-trip vulnerability in REXML (bsc#1184644)
ModerateSUSE bug 1184644CVE-2021-28965 at SUSECVE-2021-28965 at NVDcpe:/o:suse:suse-microos:5.0Security update for libnettle (Important)SUSE Linux Enterprise Micro 5.0
This update for libnettle fixes the following issues:
- CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).
ImportantSUSE bug 1184401CVE-2021-20305 at SUSECVE-2021-20305 at NVDcpe:/o:suse:suse-microos:5.0Security update for permissions (Important)SUSE Linux Enterprise Micro 5.0
This update for permissions fixes the following issues:
- etc/permissions: remove unnecessary entries (bsc#1182899)
ImportantSUSE bug 1182899cpe:/o:suse:suse-microos:5.0Recommended update for open-iscsi (Moderate)SUSE Linux Enterprise Micro 5.0
This update for open-iscsi fixes the following issues:
- Enabled asynchronous logins for iscsi.service (bsc#1183421)
- Fixed a login issue when target is delayed
ModerateSUSE bug 1179908SUSE bug 1183421CVE-2020-13987 at SUSECVE-2020-13987 at NVDCVE-2020-13988 at SUSECVE-2020-13988 at NVDCVE-2020-17437 at SUSECVE-2020-17437 at NVDCVE-2020-17438 at SUSECVE-2020-17438 at NVDcpe:/o:suse:suse-microos:5.0Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libxml2 fixes the following issues:
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
ModerateSUSE bug 1185408SUSE bug 1185409SUSE bug 1185410CVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDcpe:/o:suse:suse-microos:5.0Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for python3 fixes the following issues:
- CVE-2021-3426: Fixed an information disclosure via pydoc (bsc#1183374)
ModerateSUSE bug 1183374CVE-2021-3426 at SUSECVE-2021-3426 at NVDcpe:/o:suse:suse-microos:5.0Security update for shim (Important)SUSE Linux Enterprise Micro 5.0
This update for shim fixes the following issues:
- Update to the unified shim binary for SBAT support (bsc#1182057)
+ Merged EKU codesign check (bsc#1177315)
- shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464).
ImportantSUSE bug 1177315SUSE bug 1182057SUSE bug 1185464cpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942).
The following non-security bugs were fixed:
- ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
- ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes).
- ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes).
- ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes).
- ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes).
- ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes).
- ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes).
- ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes).
- ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes).
- ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes).
- ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes).
- ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes).
- ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes).
- ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes).
- ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes).
- ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
- ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes).
- ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
- ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes).
- ALSA: usb-audio: DJM-750: ensure format is set (git-fixes).
- ALSA: usb-audio: Explicitly set up the clock selector (git-fixes).
- ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes).
- ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes).
- ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes).
- arm: dts: add imx7d pcf2127 fix to blacklist
- ASoC: ak5558: correct reset polarity (git-fixes).
- ASoC: ak5558: Fix s/show/slow/ typo (git-fixes).
- ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes).
- ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes).
- ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes).
- ASoC: SOF: Intel: HDA: fix core status verification (git-fixes).
- ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes).
- ata: libahci_platform: fix IRQ check (git-fixes).
- ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes).
- ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes).
- backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
- blkcg: fix memleak for iolatency (git-fixes).
- block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838).
- block: recalculate segment count for multi-segment discards correctly (bsc#1184724).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes).
- bnxt_en: reverse order of TX disable and carrier off (git-fixes).
- bsg: free the request before return error code (git-fixes).
- btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549).
- btrfs: fix race between swap file activation and snapshot creation (bsc#1185587).
- btrfs: fix race between writes to swap files and scrub (bsc#1185586).
- btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549).
- bus: qcom: Put child node before return (git-fixes).
- cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
- clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes).
- clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes).
- clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes).
- clk: uniphier: Fix potential infinite loop (git-fixes).
- clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes).
- coresight: etm4x: Fix issues on trcseqevr access (git-fixes).
- coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes).
- coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes).
- cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes).
- cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes).
- cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes).
- cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes).
- cpufreq: Kconfig: fix documentation links (git-fixes).
- crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes).
- crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes).
- cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes).
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes).
- dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
- dm: eliminate potential source of excessive kernel log noise (git-fixes).
- dm era: Fix bitset memory leaks (git-fixes).
- dm era: only resize metadata in preresume (git-fixes).
- dm era: Recover committed writeset after crash (git-fixes).
- dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes).
- dm era: Use correct value size in equality function of writeset tree (git-fixes).
- dm era: Verify the data block size hasn't changed (git-fixes).
- dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes).
- dm integrity: fix error reporting in bitmap mode after creation (git-fixes).
- dm ioctl: fix error return code in target_message (git-fixes).
- dm mpath: fix racey management of PG initialization (git-fixes).
- dm raid: fix discard limits for raid1 (git-fixes).
- dm: remove invalid sparse __acquires and __releases annotations (git-fixes).
- dm writecache: fix the maximum number of arguments (git-fixes).
- dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes).
- dm writecache: remove BUG() and fail gracefully instead (git-fixes).
- dm zoned: select CONFIG_CRC32 (git-fixes).
- dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes).
- dpaa_eth: fix the RX headroom size alignment (git-fixes).
- dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes).
- dpaa_eth: Use random MAC address when none is given (bsc#1184811).
- drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes).
- drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
- drm/ast: Add 25MHz refclk support (bsc#1174416).
- drm/ast: Add support for 1152x864 mode (bsc#1174416).
- drm/ast: Add support for AIP200 (bsc#1174416).
- drm/ast: AST2500 fixups (bsc#1174416).
- drm/ast: Correct mode table for AST2500 precatch (bsc#1174416).
- drm/ast: Disable screen on register init (bsc#1174416).
- drm/ast: Disable VGA decoding while driver is active (bsc#1174416).
- drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416).
- drm/ast: Fix P2A config detection (bsc#1174416).
- drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416).
- drm/ast: Keep MISC fields when enabling VGA (bsc#1174416).
- drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
- drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
- drm/msm: Fix a5xx/a6xx timestamps (git-fixes).
- drm/omap: fix misleading indentation in pixinc() (git-fixes).
- drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes).
- drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes).
- e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
- e1000e: Fix duplicate include guard (git-fixes).
- e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
- enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes).
- enetc: Workaround for MDIO register access issue (git-fixes).
- ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes).
- ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730).
- ext4: find old entry again if failed to rename whiteout (bsc#1184742).
- ext4: fix potential error in ext4_do_update_inode (bsc#1184731).
- ext4: fix potential htree index checksum corruption (bsc#1184728).
- firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes).
- fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851).
- fotg210-udc: Complete OUT requests on short packets (git-fixes).
- fotg210-udc: Do not DMA more than the buffer can take (git-fixes).
- fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes).
- fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes).
- fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes).
- fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes).
- fs: direct-io: fix missing sdio->boundary (bsc#1184736).
- fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741).
- fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811).
- fsl/fman: tolerate missing MAC address in device tree (bsc#1184811).
- gpio: omap: Save and restore sysconfig (git-fixes).
- gpio: sysfs: Obey valid_mask (git-fixes).
- HID: alps: fix error return code in alps_input_configured() (git-fixes).
- HID: google: add don USB id (git-fixes).
- HID: plantronics: Workaround for double volume key presses (git-fixes).
- HID: wacom: Assign boolean values to a bool variable (git-fixes).
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes).
- i2c: cadence: add IRQ check (git-fixes).
- i2c: emev2: add IRQ check (git-fixes).
- i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: jz4780: add IRQ check (git-fixes).
- i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: sh7760: add IRQ check (git-fixes).
- i2c: sh7760: fix IRQ error path (git-fixes).
- i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i40e: Added Asym_Pause to supported link modes (git-fixes).
- i40e: Add zero-initialization of AQ command structures (git-fixes).
- i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes).
- i40e: Fix add TC filter for IPv6 (git-fixes).
- i40e: Fix display statistics for veb_tc (git-fixes).
- i40e: Fix endianness conversions (git-fixes).
- i40e: Fix flow for IPv6 next header (extension header) (git-fixes).
- i40e: Fix kernel oops when i40e driver removes VF's (git-fixes).
- i40e: Fix overwriting flow control settings during driver loading (git-fixes).
- i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
- i40e: Fix sparse warning: missing error code 'err' (git-fixes).
- i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
- ibmvnic: avoid calling napi_disable() twice (bsc#1065729).
- ibmvnic: clean up the remaining debugfs data structures (bsc#1065729).
- ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes).
- ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes).
- ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729).
- ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729).
- ice: Account for port VLAN in VF max packet size calculation (git-fixes).
- ice: Cleanup fltr list in case of allocation issues (git-fixes).
- ice: Fix for dereference of NULL pointer (git-fixes).
- ice: Increase control queue timeout (git-fixes).
- ice: prevent ice_open and ice_stop during reset (git-fixes).
- igb: check timestamp validity (git-fixes).
- igb: Fix duplicate include guard (git-fixes).
- igc: Fix Pause Frame Advertising (git-fixes).
- igc: Fix Supported Pause Frame Link Setting (git-fixes).
- igc: reinit_locked() should be called with rtnl_lock (git-fixes).
- iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes).
- ima: Free IMA measurement buffer after kexec syscall (git-fixes).
- Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
- Input: nspire-keypad - enable interrupts only when opened (git-fixes).
- Input: s6sy761 - fix coordinate read bit shift (git-fixes).
- interconnect: core: fix error return code of icc_link_destroy() (git-fixes).
- iopoll: introduce read_poll_timeout macro (git-fixes).
- ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes).
- irqchip: Add support for Layerscape external interrupt lines (bsc#1185233).
- irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233).
- irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233).
- isofs: release buffer head before return (bsc#1182613).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes).
- jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740).
- kABI: cover up change in struct kvm_arch (bsc#1184969).
- kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426).
- kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489).
- KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395).
- KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395).
- libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269).
- libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269).
- libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes).
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes).
- liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes).
- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041).
- mac80211: bail out if cipher schemes are invalid (git-fixes).
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
- macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
- media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
- media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes).
- media: mantis: remove orphan mantis_core.c (git-fixes).
- media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
- media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes).
- media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes).
- media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes).
- media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes).
- media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes).
- memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes).
- memory: pl353: fix mask of ECC page_size config register (git-fixes).
- mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes).
- mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
- misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes).
- mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
- mmc: cqhci: Add cqhci_deactivate() (git-fixes).
- mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
- mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes).
- mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes).
- mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes).
- mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes).
- mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
- mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).
- mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes).
- mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes).
- mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes).
- mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes).
- Move upstreamed i915 fix into sorted section
- mt7601u: fix always true expression (git-fixes).
- mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes).
- mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes).
- mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes).
- mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes).
- mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes).
- mtd: require write permissions for locking and badblock ioctls (git-fixes).
- mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes).
- mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260).
- mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260).
- nbd: fix a block_device refcount leak in nbd_release (git-fixes).
- net: atlantic: fix out of range usage of active_vlans array (git-fixes).
- net: atlantic: fix potential error handling (git-fixes).
- net: atlantic: fix use after free kasan warn (git-fixes).
- net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes).
- net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes).
- net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes).
- net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes).
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes).
- net: hns3: clear VF down state bit before request link status (git-fixes).
- net: hns3: fix bug when calculating the TCAM table info (git-fixes).
- net: hns3: fix query vlan mask value error for flow director (git-fixes).
- net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes).
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes).
- net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes).
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- net/mlx5: Do not request more than supported EQs (git-fixes).
- net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes).
- net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
- net/mlx5e: Fix ethtool indication of connector type (git-fixes).
- net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464).
- net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes).
- net: phy: intel-xway: enable integrated led functions (git-fixes).
- net: phy: marvell: fix m88e1011_set_downshift (git-fixes).
- net: phy: marvell: fix m88e1111_set_downshift (git-fixes).
- net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes).
- net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
- net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes).
- net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes).
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
- nfc: pn533: prevent potential memory corruption (git-fixes).
- nfp: flower: ignore duplicate merge hints from FW (git-fixes).
- node: fix device cleanups in error handling code (git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
- nvme-fabrics: reject I/O to offline device (bsc#1181161).
- nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
- ocfs2: fix a use after free on error (bsc#1184738).
- pata_arasan_cf: fix IRQ check (git-fixes).
- pata_ipx4xx_cf: fix IRQ check (git-fixes).
- PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426).
- PCI/AER: Add RCEC AER error injection support (bsc#1174426).
- PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426).
- PCI/AER: Specify the type of Port that was reset (bsc#1174426).
- PCI/AER: Use 'aer' variable for capability offset (bsc#1174426).
- PCI/AER: Write AER Capability only when we control it (bsc#1174426).
- PCI: designware-ep: Fix the Header Type check (git-fixes).
- PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426).
- PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426).
- PCI/ERR: Avoid negated conditional for clarity (bsc#1174426).
- PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426).
- PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426).
- PCI/ERR: Clear AER status only when we control AER (bsc#1174426).
- PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426).
- PCI/ERR: Clear status of the reporting device (bsc#1174426).
- PCI/ERR: Recover from RCEC AER errors (bsc#1174426).
- PCI/ERR: Recover from RCiEP AER errors (bsc#1174426).
- PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426).
- PCI/ERR: Retain status from error notification (bsc#1174426).
- PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426).
- PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426).
- PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426).
- PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426).
- PCI/portdrv: Report reset for frozen channel (bsc#1174426).
- PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes).
- PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes).
- phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes).
- pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
- pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes).
- platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes).
- PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes).
- powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957).
- powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes).
- powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729).
- powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395).
- powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729).
- powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637).
- powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969).
- powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969).
- powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729).
- powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729).
- powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
- powerpc/time: Enable sched clock for irqtime (bsc#1156395).
- regmap: set debugfs_name to NULL after it is freed (git-fixes).
- regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes).
- reintroduce cqhci_suspend for kABI (git-fixes).
- reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737).
- rpm/constraints.in: bump disk space to 45GB on riscv64
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- rsi: Use resume_noirq for SDIO (git-fixes).
- rsxx: remove extraneous 'const' qualifier (git-fixes).
- rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
- rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454).
- rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454).
- rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454).
- rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454).
- rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454).
- rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454).
- rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454).
- rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454).
- rtc: pcf2127: add alarm support (bsc#1185233).
- rtc: pcf2127: add pca2129 device id (bsc#1185233).
- rtc: pcf2127: add tamper detection support (bsc#1185233).
- rtc: pcf2127: add watchdog feature support (bsc#1185233).
- rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233).
- rtc: pcf2127: cleanup register and bit defines (bsc#1185233).
- rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233).
- rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233).
- rtc: pcf2127: fix alarm handling (bsc#1185233).
- rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233).
- rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233).
- rtc: pcf2127: let the core handle rtc range (bsc#1185233).
- rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233).
- rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233).
- rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233).
- rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233).
- rtc: pcf2127: set regmap max_register (bsc#1185233).
- rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233).
- rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
- rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes).
- sata_mv: add IRQ checks (git-fixes).
- scsi: block: Fix a race in the runtime power management code (git-fixes).
- scsi: core: add scsi_host_busy_iter() (bsc#1179851).
- scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851).
- scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472).
- scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472).
- scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472).
- scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472).
- scsi: lpfc: Fix a typo (bsc#1185472).
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472).
- scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365).
- scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472).
- scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472).
- scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472).
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203).
- scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472).
- scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472).
- scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472).
- scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472).
- scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472).
- scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472).
- scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472).
- scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472).
- scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472).
- scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472).
- scsi: lpfc: Fix some error codes in debugfs (bsc#1185472).
- scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472).
- scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472).
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472).
- scsi: lpfc: Standardize discovery object logging format (bsc#1185472).
- scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472).
- scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491).
- scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491).
- scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491).
- scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491).
- scsi: qla2xxx: Check kzalloc() return value (bsc#1185491).
- scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491).
- scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491).
- scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491).
- scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491).
- scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491).
- scsi: qla2xxx: Fix broken #endif placement (bsc#1185491).
- scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491).
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491).
- scsi: qla2xxx: Fix endianness annotations (bsc#1185491).
- scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491).
- scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491).
- scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491).
- scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491).
- scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491).
- scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491).
- scsi: qla2xxx: Fix some memory corruption (bsc#1185491).
- scsi: qla2xxx: Fix stuck session (bsc#1185491).
- scsi: qla2xxx: Fix use after free in bsg (bsc#1185491).
- scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491).
- scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491).
- scsi: qla2xxx: Remove redundant NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491).
- scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491).
- scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436).
- scsi: qla2xxx: Reuse existing error handling path (bsc#1185491).
- scsi: qla2xxx: Simplify if statement (bsc#1185491).
- scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491).
- scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491).
- scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491).
- scsi: qla2xxx: Update default AER debug mask (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491).
- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491).
- scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491).
- scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089).
- scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089).
- scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089).
- selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460).
- selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460).
- selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460).
- selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460).
- selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460).
- selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460).
- soc: aspeed: fix a ternary sign expansion bug (git-fixes).
- soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes).
- soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes).
- soundwire: bus: Fix device found flag correctly (git-fixes).
- soundwire: stream: fix memory leak in stream config error path (git-fixes).
- spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260).
- spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260).
- spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260).
- spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes).
- spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260).
- spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260).
- spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260).
- spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260).
- spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260).
- spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260).
- spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260).
- spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260).
- spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260).
- spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260).
- spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260).
- spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260).
- spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260).
- spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260).
- spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260).
- spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Fix code alignment (bsc#1167260).
- spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260).
- spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260).
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260).
- spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260).
- spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260).
- spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260).
- spi: spi-fsl-dspi: fix native data copy (bsc#1167260).
- spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260).
- spi: spi-fsl-dspi: Fix typos (bsc#1167260).
- spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260).
- spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260).
- spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260).
- spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260).
- spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260).
- spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260).
- spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260).
- spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260).
- spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260).
- spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260).
- spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260).
- spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260
- spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260).
- spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260).
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260).
- spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260).
- spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260).
- spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260).
- spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260).
- spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260).
- spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260).
- spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260).
- spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260).
- spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260).
- spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260).
- spi: spi-ti-qspi: Free DMA resources (git-fixes).
- staging: fwserial: fix TIOCGSERIAL implementation (git-fixes).
- staging: fwserial: fix TIOCSSERIAL implementation (git-fixes).
- staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes).
- staging: fwserial: fix TIOCSSERIAL permission check (git-fixes).
- staging: rtl8192u: Fix potential infinite loop (git-fixes).
- usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984).
- usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes).
- usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes).
- usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: dwc2: Fix hibernation between host and device modes (git-fixes).
- usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes).
- usb: dwc2: Fix session request interrupt handler (git-fixes).
- usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
- usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: Switch to use device_property_count_u32() (git-fixes).
- usb: gadget: aspeed: fix dma map failure (git-fixes).
- usb: gadget: Fix double free of device descriptor pointers (git-fixes).
- usb: gadget: pch_udc: Check for DMA mapping error (git-fixes).
- usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes).
- usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes).
- usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes).
- usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes).
- usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes).
- usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes).
- usb: Remove dev_err() usage after platform_get_irq() (git-fixes).
- usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: fix return value for unsupported ioctls (git-fixes).
- usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
- usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes).
- usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes).
- usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes).
- veth: Store queue_mapping independently of XDP prog presence (git-fixes).
- vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes).
- virt_wifi: Return micros for BSS TSF values (git-fixes).
- vxlan: move debug check after netdev unregister (git-fixes).
- workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893).
- x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489).
- x86/insn: Add some Intel instructions to the opcode map (bsc#1184760).
- x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760).
- x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489).
- x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489).
- x86/platform/uv: Set section block size for hubless architectures (bsc#1152489).
- x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489).
ImportantSUSE bug 1043990SUSE bug 1055117SUSE bug 1065729SUSE bug 1152457SUSE bug 1152489SUSE bug 1156395SUSE bug 1167260SUSE bug 1168838SUSE bug 1174416SUSE bug 1174426SUSE bug 1178089SUSE bug 1179243SUSE bug 1179851SUSE bug 1180846SUSE bug 1181161SUSE bug 1182613SUSE bug 1183063SUSE bug 1183203SUSE bug 1183289SUSE bug 1184208SUSE bug 1184209SUSE bug 1184436SUSE bug 1184514SUSE bug 1184650SUSE bug 1184724SUSE bug 1184728SUSE bug 1184730SUSE bug 1184731SUSE bug 1184736SUSE bug 1184737SUSE bug 1184738SUSE bug 1184740SUSE bug 1184741SUSE bug 1184742SUSE bug 1184760SUSE bug 1184811SUSE bug 1184893SUSE bug 1184934SUSE bug 1184942SUSE bug 1184957SUSE bug 1184969SUSE bug 1184984SUSE bug 1185041SUSE bug 1185113SUSE bug 1185233SUSE bug 1185244SUSE bug 1185269SUSE bug 1185365SUSE bug 1185454SUSE bug 1185472SUSE bug 1185491SUSE bug 1185549SUSE bug 1185586SUSE bug 1185587CVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDcpe:/o:suse:suse-microos:5.0Security update for dtc (Low)SUSE Linux Enterprise Micro 5.0
This update for dtc fixes the following issues:
- make all packaged binaries PIE-executables (bsc#1184122).
LowSUSE bug 1184122cpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).
- CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).
- CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).
- CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).
- CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).
The following non-security bugs were fixed:
- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch: (bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch: (bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes (block drivers)).
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: aloop: Fix initialization of controls (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).
- ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).
- ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- appletalk: Fix skb allocation size in loopback case (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).
- ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).
- ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- atl1c: fix error return code in atl1c_probe() (git-fixes).
- atl1e: fix error return code in atl1e_probe() (git-fixes).
- batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch: (bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch: (bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch: (bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch: (bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data (git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into __bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).
- brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- certs: Fix blacklist flag type confusion (git-fixes).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check pointer before freeing (bsc#1183534).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: New optype for session operations (bsc#1181507).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- clk: fix invalid usage of list cursor in register (git-fixes).
- clk: fix invalid usage of list cursor in unregister (git-fixes).
- clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch (bsc#1183530)
- drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
- drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes
- drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489)
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).
- drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489)
- drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489)
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489)
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489)
- drm/msm: Ratelimit invalid-fence message (git-fixes).
- drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489)
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472)
- drm/panfrost: Fix job timeout handling (bsc#1152472)
- drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489)
- drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489)
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472)
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- enetc: Fix reporting of h/w packet counters (git-fixes).
- epoll: check for events when removing a timed out thread from the wait queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: fix bad inode (bsc#1184211).
- fuse: fix live lock in fuse_iget() (bsc#1184211).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).
- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
- gianfar: Handle error code at MAC address change (git-fixes).
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).
- Goodix Fingerprint device is not a modem (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).
- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).
- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
- i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
- i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- iavf: use generic power management (git-fixes).
- ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).
- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).
- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).
- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).
- ice: fix memory leak if register_netdev_fails (git-fixes).
- ice: fix memory leak in ice_vsi_setup (git-fixes).
- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
- ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
- ice: renegotiate link after FW DCB on (jsc#SLE-8464).
- ice: report correct max number of TCs (jsc#SLE-7926).
- ice: update the number of available RSS queues (jsc#SLE-7926).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).
- iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).
- Input: applespi - do not wait for responses to commands indefinitely (git-fixes).
- Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).
- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).
- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
- iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).
- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).
- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).
- ionic: linearize tso skb with too many frags (bsc#1167773).
- kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).
- kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).
- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).
- kbuild: Fail if gold linker is detected (bcs#1181862).
- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).
- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).
- kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).
- kconfig: introduce m32-flag and m64-flag (bcs#1181862).
- KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).
- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
- KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445).
- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm: tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).
- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).
- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
- libbpf: Fix INSTALL flag order (bsc#1155518).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
- lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).
- locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).
- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch: (bsc#1171295).
- mac80211: choose first enabled channel for monitor (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- mac80211: fix TXQ AC confusion (git-fixes).
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).
- media: mceusb: Fix potential out-of-bounds shift (git-fixes).
- media: mceusb: sanity check for prescaler value (git-fixes).
- media: rc: compile rc-cec.c into rc-core (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
- media: v4l: vsp1: Fix bru null pointer access (git-fixes).
- media: v4l: vsp1: Fix uif null pointer access (git-fixes).
- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).
- misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).
- misc/pvpanic: Export module FDT device table (git-fixes).
- misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).
- mISDN: fix crash in fritzpci (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).
- mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).
- mt76: dma: do not report truncated frames to mac80211 (git-fixes).
- mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
- net: b44: fix error return code in b44_init_one() (git-fixes).
- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
- netdevsim: init u64 stats for 32bit hardware (git-fixes).
- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).
- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).
- net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix reference count leak in fec series ops (git-fixes).
- net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).
- net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).
- net: gianfar: Add of_node_put() before goto statement (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).
- net: hns3: Remove the left over redundant check & assignment (bsc#1154353).
- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
- net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
- net: mvneta: fix double free of txq->buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
- net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).
- net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- net: wan/lmc: unregister device when no matching device is found (git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association (bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).
- objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved (git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).
- PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).
- powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
- powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).
- powerpc/sstep: Fix darn emulation (bsc#1156395).
- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
- powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).
- qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)
- regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
- Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- rpm/check-for-config-changes: comment on the list To explain what it actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown (git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).
- scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference (bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- stop_machine: mark helpers __always_inline (git-fixes).
- thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: downgrade message to debug (git-fixes).
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).
- USB: replace hardcode maximum usb string length by definition (git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).
- x86/ioapic: Ignore IRQ2 again (bsc#1152489).
- x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc() (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time (git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending (git-fixes).
- xen/events: fix setting irq affinity (bsc#1184583).
- xen/events: reset affinity of 2-level event when tearing it down (git-fixes).
- xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).
ImportantSUSE bug 1047233SUSE bug 1065729SUSE bug 1113295SUSE bug 1152472SUSE bug 1152489SUSE bug 1153274SUSE bug 1154353SUSE bug 1155518SUSE bug 1156256SUSE bug 1156395SUSE bug 1159280SUSE bug 1160634SUSE bug 1167773SUSE bug 1168777SUSE bug 1169514SUSE bug 1169709SUSE bug 1171295SUSE bug 1173485SUSE bug 1177326SUSE bug 1178163SUSE bug 1178181SUSE bug 1178330SUSE bug 1179454SUSE bug 1180197SUSE bug 1180980SUSE bug 1181383SUSE bug 1181507SUSE bug 1181674SUSE bug 1181862SUSE bug 1182011SUSE bug 1182077SUSE bug 1182485SUSE bug 1182552SUSE bug 1182574SUSE bug 1182591SUSE bug 1182595SUSE bug 1182712SUSE bug 1182713SUSE bug 1182715SUSE bug 1182716SUSE bug 1182717SUSE bug 1182770SUSE bug 1182989SUSE bug 1183015SUSE bug 1183018SUSE bug 1183022SUSE bug 1183023SUSE bug 1183048SUSE bug 1183252SUSE bug 1183277SUSE bug 1183278SUSE bug 1183279SUSE bug 1183280SUSE bug 1183281SUSE bug 1183282SUSE bug 1183283SUSE bug 1183284SUSE bug 1183285SUSE bug 1183286SUSE bug 1183287SUSE bug 1183288SUSE bug 1183366SUSE bug 1183369SUSE bug 1183386SUSE bug 1183405SUSE bug 1183412SUSE bug 1183416SUSE bug 1183427SUSE bug 1183428SUSE bug 1183445SUSE bug 1183447SUSE bug 1183501SUSE bug 1183509SUSE bug 1183530SUSE bug 1183534SUSE bug 1183540SUSE bug 1183593SUSE bug 1183596SUSE bug 1183598SUSE bug 1183637SUSE bug 1183646SUSE bug 1183662SUSE bug 1183686SUSE bug 1183692SUSE bug 1183696SUSE bug 1183750SUSE bug 1183757SUSE bug 1183775SUSE bug 1183843SUSE bug 1183859SUSE bug 1183871SUSE bug 1184074SUSE bug 1184120SUSE bug 1184167SUSE bug 1184168SUSE bug 1184170SUSE bug 1184176SUSE bug 1184192SUSE bug 1184193SUSE bug 1184194SUSE bug 1184196SUSE bug 1184198SUSE bug 1184211SUSE bug 1184217SUSE bug 1184218SUSE bug 1184219SUSE bug 1184220SUSE bug 1184224SUSE bug 1184388SUSE bug 1184391SUSE bug 1184393SUSE bug 1184509SUSE bug 1184511SUSE bug 1184512SUSE bug 1184514SUSE bug 1184583SUSE bug 1184647CVE-2019-18814 at SUSECVE-2019-18814 at NVDCVE-2019-19769 at SUSECVE-2019-19769 at NVDCVE-2020-25670 at SUSECVE-2020-25670 at NVDCVE-2020-25671 at SUSECVE-2020-25671 at NVDCVE-2020-25672 at SUSECVE-2020-25672 at NVDCVE-2020-25673 at SUSECVE-2020-25673 at NVDCVE-2020-27170 at SUSECVE-2020-27170 at NVDCVE-2020-27171 at SUSECVE-2020-27171 at NVDCVE-2020-27815 at SUSECVE-2020-27815 at NVDCVE-2020-35519 at SUSECVE-2020-35519 at NVDCVE-2020-36310 at SUSECVE-2020-36310 at NVDCVE-2020-36311 at SUSECVE-2020-36311 at NVDCVE-2020-36312 at SUSECVE-2020-36312 at NVDCVE-2021-27363 at SUSECVE-2021-27363 at NVDCVE-2021-27364 at SUSECVE-2021-27364 at NVDCVE-2021-27365 at SUSECVE-2021-27365 at NVDCVE-2021-28038 at SUSECVE-2021-28038 at NVDCVE-2021-28375 at SUSECVE-2021-28375 at NVDCVE-2021-28660 at SUSECVE-2021-28660 at NVDCVE-2021-28688 at SUSECVE-2021-28688 at NVDCVE-2021-28950 at SUSECVE-2021-28950 at NVDCVE-2021-28964 at SUSECVE-2021-28964 at NVDCVE-2021-28971 at SUSECVE-2021-28971 at NVDCVE-2021-28972 at SUSECVE-2021-28972 at NVDCVE-2021-29154 at SUSECVE-2021-29154 at NVDCVE-2021-29264 at SUSECVE-2021-29264 at NVDCVE-2021-29265 at SUSECVE-2021-29265 at NVDCVE-2021-29647 at SUSECVE-2021-29647 at NVDCVE-2021-30002 at SUSECVE-2021-30002 at NVDCVE-2021-3428 at SUSECVE-2021-3428 at NVDCVE-2021-3444 at SUSECVE-2021-3444 at NVDCVE-2021-3483 at SUSECVE-2021-3483 at NVDcpe:/o:suse:suse-microos:5.0Recommended update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for grub2 fixes the following issues:
- Fixed error with the shim_lock protocol that is not found on aarch64 (bsc#1185580).
ModerateSUSE bug 1185580cpe:/o:suse:suse-microos:5.0Security update for lz4 (Important)SUSE Linux Enterprise Micro 5.0
This update for lz4 fixes the following issues:
- CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438).
ImportantSUSE bug 1185438CVE-2021-3520 at SUSECVE-2021-3520 at NVDcpe:/o:suse:suse-microos:5.0Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.0
This update for libxml2 fixes the following issues:
- CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
ImportantSUSE bug 1185408SUSE bug 1185409SUSE bug 1185410SUSE bug 1185698CVE-2021-3516 at SUSECVE-2021-3516 at NVDCVE-2021-3517 at SUSECVE-2021-3517 at NVDCVE-2021-3518 at SUSECVE-2021-3518 at NVDCVE-2021-3537 at SUSECVE-2021-3537 at NVDcpe:/o:suse:suse-microos:5.0Security update for fribidi (Important)SUSE Linux Enterprise Micro 5.0
This update for fribidi fixes the following issues:
Security issues fixed:
- CVE-2019-18397: Avoid buffer overflow. (bsc#1156260)
ImportantSUSE bug 1156260CVE-2019-18397 at SUSECVE-2019-18397 at NVDcpe:/o:suse:suse-microos:5.0Security update for hivex (Moderate)SUSE Linux Enterprise Micro 5.0
This update for hivex fixes the following issues:
- CVE-2021-3504: hivex: missing bounds check within hivex_open() (bsc#1185013)
ModerateSUSE bug 1185013CVE-2021-3504 at SUSECVE-2021-3504 at NVDcpe:/o:suse:suse-microos:5.0Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.0
This update for curl fixes the following issues:
- CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114).
- Allow partial chain verification [jsc#SLE-17956]
* Have intermediate certificates in the trust store be treated
as trust-anchors, in the same way as self-signed root CA
certificates are. This allows users to verify servers using
the intermediate cert only, instead of needing the whole chain.
* Set FLAG_TRUSTED_FIRST unconditionally.
* Do not check partial chains with CRL check.
ModerateSUSE bug 1186114CVE-2021-22898 at SUSECVE-2021-22898 at NVDcpe:/o:suse:suse-microos:5.0Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libX11 fixes the following issues:
- CVE-2021-31535: Fixed missing request length checks in libX11 (bsc#1182506).
ModerateSUSE bug 1182506CVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:suse-microos:5.0Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)SUSE Linux Enterprise Micro 5.0
This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues:
gstreamer was updated to version 1.16.3 (bsc#1181255):
- delay creation of threadpools
- bin: Fix `deep-element-removed` log message
- buffer: fix meta sequence number fallback on rpi
- bufferlist: foreach: always remove as parent if buffer is changed
- bus: Make setting/replacing/clearing the sync handler thread-safe
- elementfactory: Fix missing features in case a feature moves to another filename
- element: When removing a ghost pad also unset its target
- meta: intern registered impl string
- registry: Use a toolchain-specific registry file on Windows
- systemclock: Invalid internal time calculation causes non-increasing clock time on Windows
- value: don't write to `const char *`
- value: Fix segfault comparing empty GValueArrays
- Revert floating enforcing
- aggregator: fix iteration direction in skip_buffers
- sparsefile: fix possible crash when seeking
- baseparse: cache fix
- baseparse: fix memory leak when subclass skips whole input buffer
- baseparse: Set the private duration before posting a duration-changed message
- basetransform: allow not passthrough if generate_output is implemented
- identity: Fix a minor leak using meta_str
- queue: protect against lost wakeups for iterm_del condition
- queue2: Avoid races when posting buffering messages
- queue2: Fix missing/dropped buffering messages at startup
- identity: Unblock condition variable on FLUSH_START
- check: Use `g_thread_yield()` instead of `g_usleep(1)`
- tests: use cpu_family for arch checks
- gst-launch: Follow up to missing `s/g_print/gst_print/g`
- gst-inspect: Add define guard for `g_log_writer_supports_color()`
- gst-launch: go back down to `GST_STATE_NULL` in one step.
- device-monitor: list hidden providers before listing devices
- autotools build fixes for GNU make 4.3
gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255):
- deinterlace: on-the-fly renegotiation
- flacenc: Pass audio info from set_format() to query_total_samples() explicitly
- flacparse: fix broken reordering of flac metadata
- jack: Use jack_free(3) to release ports
- jpegdec: check buffer size before dereferencing
- pulse: fix discovery of newly added devices
- qtdemux fuzzing fixes
- qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now
- qtdemux: Specify REDIRECT information in error message
- rtpbin: fix shutdown crash in rtpbin
- rtpsession: rename RTCP thread
- rtpvp8pay, rtpvp9pay: fix caps leak in set_caps()
- rtpjpegdepay: outputs framed jpeg
- rtpjitterbuffer: Properly free internal packets queue in finalize()
- rtspsrc: Don't return TRUE for unhandled query
- rtspsrc: Avoid stack overflow recursing waiting for response
- rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff property
- rtspsrc: Error out when failling to receive message response
- rtspsrc: Fix for segmentation fault when handling set/get_parameter requests
- speex: Fix crash on Windows caused by cross-CRT issue
- speexdec: Crash when stopping the pipeline
- splitmuxsrc: Properly stop the loop if no part reader is present
- use gst_element_class_set_metadata when passing dynamic strings
- v4l2videodec: Increase internal bitstream pool size
- v4l2: fix crash when handling unsupported video format
- videocrop: allow properties to be animated by GstController
- videomixer: Don't leak peer caps
- vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD
- wavenc: Fix writing of the channel mask with >2 channels
gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255):
- amcvideodec: fix sync meta copying not taking a reference
- audiobuffersplit: Perform discont tracking on running time
- audiobuffersplit: Specify in the template caps that only interleaved audio is supported
- audiobuffersplit: Unset DISCONT flag if not discontinuous
- autoconvert: Fix lock-less exchange or free condition
- autoconvert: fix compiler warnings with g_atomic on recent GLib versions
- avfvideosrc: element requests camera permissions even with capture-screen property is true
- codecparsers: h264parser: guard against ref_pic_markings overflow
- dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated
- dtls/connection: fix EOF handling with openssl 1.1.1e
- fdkaacdec: add support for mpegversion=2
- hls: Check nettle version to ensure AES128 support
- ipcpipeline: Rework compiler checks
- interlace: Increment phase_index before checking if we're at the end of the phase
- lv2: Make it build with -fno-common
- h264parser: Do not allocate too large size of memory for registered user data SEI
- ladspa: fix unbounded integer properties
- modplug: avoid division by zero
- msdkdec: Fix GstMsdkContext leak
- msdkenc: fix leaks on windows
- musepackdec: Don't fail all queries if no sample rate is known yet
- openslessink: Allow openslessink to handle 48kHz streams.
- opencv: allow compilation against 4.2.x
- proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc
- vulkan: Drop use of VK_RESULT_BEGIN_RANGE
- wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset
- wasapi: Fix possible deadlock while downwards state change
- waylandsink: Clear window when pipeline is stopped
- webrtc: Support non-trickle ICE candidates in the SDP
- webrtc: Unmap all non-binary buffers received via the datachannel
- meson: build with neon 0.31
- Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch
- h264parser: guard against ref_pic_markings overflow
(bsc#1181255 CVE-2021-3185)
- Disable the kate/libtiger plugin. Kate streams for karaoke are not
used anymore, and the source tarball for libtiger is no longer
available upstream. (jsc#SLE-13843)
gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255):
+ x264enc: corrected em_data value in CEA-708 CC SEI message
gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255):
- audioaggregator: Check all downstream allowed caps structures if they support the upstream rate
- audioaggregator: Fix negotiation with downstream if there is no peer yet
- audioencoder: fix segment event leak
- discoverer: Fix caps handling in `pad-added` signal handler
- discoverer: Start discovering next URI from right thread
- fft: Update our kiss fft version, fixes thread-safety and concurrency issues and misc other things
- gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify)
- gl/display/egl: ensure debug category is initialized
- gstglwindow_x11: fix resize
- pbutils: Add latest H.264 level values
- rtpbuffer: fix header extension length validation
- video: Fix NV12_64Z32 number of component
- video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5
- video: fix top/bottom field flags
- videodecoder: don't copy interlace-mode from reference state
- appsrc/appsink: Make setting/replacing callbacks thread-safe
- compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU
- decodebin3: only force streams-selected seqnum after a select-streams
- glupload: Fix fallback from direct dmabuf to dmabuf upload method
- glvideomixer: perform `_get_highest_precision()` on the GL thread
- libvisual: use `gst_element_class_set_metadata()` when passing dynamic strings
- oggstream: Workaround for broken PAR in VP8 BOS
- subparse: accept WebVTT timestamps without an hour component
- playbin: Handle error message with redirection indication
- textrender: Fix AYUV output.
- typefind: Consider MPEG-PS PSM to be a PES type
- uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise it could potentially cause big memory allocations over time
- videoaggregator: Don't configure NULL chroma-site/colorimetry
- videorate/videoscale/audioresample: Ensure that the caps returned from...
- build: Replace bashisms in configure for Wayland and GLES3
ImportantSUSE bug 1181255CVE-2021-3185 at SUSECVE-2021-3185 at NVDcpe:/o:suse:suse-microos:5.0Security update for ceph (Important)SUSE Linux Enterprise Micro 5.0
This update for ceph fixes the following issues:
- Update to 15.2.12-83-g528da226523:
- (CVE-2021-3509) fix cookie injection issue (bsc#1186021)
- (CVE-2021-3531) RGWSwiftWebsiteHandler::is_web_dir checks empty subdir_name (bsc#1186020)
- (CVE-2021-3524) sanitize \r in s3 CORSConfiguration’s ExposeHeader (bsc#1185619)
ImportantSUSE bug 1185619SUSE bug 1186020SUSE bug 1186021CVE-2021-3509 at SUSECVE-2021-3509 at NVDCVE-2021-3524 at SUSECVE-2021-3524 at NVDCVE-2021-3531 at SUSECVE-2021-3531 at NVDcpe:/o:suse:suse-microos:5.0Security update for polkit (Important)SUSE Linux Enterprise Micro 5.0
This update for polkit fixes the following issues:
- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).
ImportantSUSE bug 1186497CVE-2021-3560 at SUSECVE-2021-3560 at NVDcpe:/o:suse:suse-microos:5.0Security update for python-py (Moderate)SUSE Linux Enterprise Micro 5.0
This update for python-py fixes the following issues:
- CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505).
ModerateSUSE bug 1179805SUSE bug 1184505CVE-2020-29651 at SUSECVE-2020-29651 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861)
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes).
- ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
- ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes).
- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes).
- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes).
- ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes).
- ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes).
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).
- ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes).
- ALSA: hdsp: do not disable if not enabled (git-fixes).
- ALSA: hdspm: do not disable if not enabled (git-fixes).
- ALSA: intel8x0: Do not update period unless prepared (git-fixes).
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: rme9652: do not disable if not enabled (git-fixes).
- ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
- ALSA: usb-audio: fix control-request direction (git-fixes).
- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
- ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes).
- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes).
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes).
- ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
- Bluetooth: check for zapped sk before connecting (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
- Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
- Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).
- Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).
- KVM: s390: fix guarded storage control register handling (bsc#1133021).
- Move upstreamed media fixes into sorted section
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
- PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
- PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
- PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
- PCI: thunder: Fix compile testing (git-fixes).
- PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes).
- RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
- RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
- RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
- Revert 'arm64: vdso: Fix compilation with clang older than 8' (git-fixes).
- Revert 'gdrom: fix a memory leak bug' (git-fixes).
- Revert 'i3c master: fix missing destroy_workqueue() on error in i3c_master_register' (git-fixes).
- Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes).
- Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes).
- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
- USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- amdgpu: avoid incorrect %hu format string (git-fixes).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes).
- arm64: avoid -Woverride-init warning (git-fixes).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
- arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes).
- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
- arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes).
- arm64: vdso32: make vdso32 install conditional (git-fixes).
- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
- blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
- block/genhd: use atomic_t for disk_event->block (bsc#1185497).
- block: Fix three kernel-doc warnings (git-fixes).
- block: fix get_max_io_size() (git-fixes).
- bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518).
- bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
- btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).
- btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).
- cdc-wdm: untangle a circular dependency between callback and softint (git-fixes).
- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes).
- cdrom: gdrom: initialize global variable at init time (git-fixes).
- ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
- ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
- ceph: fix up error handling with snapdirs (bsc#1186501).
- ceph: only check pool permissions for regular files (bsc#1186501).
- cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).
- crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
- crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).
- crypto: qat - Fix a double free in adf_create_ring (git-fixes).
- crypto: qat - do not release uninitialized resources (git-fixes).
- crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
- crypto: qat - fix unmap invalid dma address (git-fixes).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
- cxgb4: Fix unintentional sign extension issues (git-fixes).
- dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
- dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
- docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
- docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
- drivers: hv: Fix whitespace errors (bsc#1185725).
- drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes).
- drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
- drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
- drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes).
- drm/amd/display: fix dml prefetch validation (git-fixes).
- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes).
- drm/i915: Avoid div-by-zero on gen2 (git-fixes).
- drm/meson: fix shutdown crash when component not probed (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
- drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).
- drm/radeon: Avoid power table parsing memory leaks (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
- drm/vkms: fix misuse of WARN_ON (git-fixes).
- drm: Added orientation quirk for OneGX1 Pro (git-fixes).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes).
- extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).
- extcon: arizona: Fix various races on driver unbind (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
- fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
- ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
- futex: Change utime parameter to be 'const ... *' (git-fixes).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648).
- futex: Get rid of the val2 conditional dance (git-fixes).
- futex: Make syscall entry points less convoluted (git-fixes).
- genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).
- hrtimer: Update softirq_expires_next correctly after (git-fixes)
- hwmon: (occ) Fix poll rate limiting (git-fixes).
- i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
- i2c: bail out early when RDWR parameters are wrong (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
- i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
- i40e: fix broken XDP support (git-fixes).
- i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).
- ics932s401: fix broken handling of errors when word reading fails (git-fixes).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes).
- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes).
- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
- iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988).
- ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855).
- kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).
- lpfc: Decouple port_template and vport_template (bsc#185032).
- mac80211: clear the beacon's CRC after channel switch (git-fixes).
- md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- md: do not flush workqueue unconditionally in md_open (bsc#1184081).
- md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
- md: md_open returns -EBUSY when entering racing area (bsc#1184081).
- md: split mddev_find (bsc#1184081).
- media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
- media: em28xx: fix memory leak (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).
- media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes).
- media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).
- media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
- media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes).
- mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes).
- mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
- mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).
- mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes).
- mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
- net: enetc: fix link error again (git-fixes).
- net: hns3: Fix for geneve tx checksum bug (git-fixes).
- net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes).
- net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
- net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
- net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
- net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes).
- net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
- net: thunderx: Fix unintentional sign extension issue (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- nvme-core: add cancel tagset helpers (bsc#1183976).
- nvme-fabrics: decode host pathing error for connect (bsc#1179827).
- nvme-fc: check sgl supported by target (bsc#1179827).
- nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259).
- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259).
- nvme-fc: short-circuit reconnect retries (bsc#1179827).
- nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259).
- nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999).
- nvme-pci: Remove tag from process cq (git-fixes).
- nvme-pci: Remove two-pass completions (git-fixes).
- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
- nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
- nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes).
- nvme-pci: dma read memory barrier for completions (git-fixes).
- nvme-pci: fix 'slimmer CQ head update' (git-fixes).
- nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
- nvme-pci: remove last_sq_tail (git-fixes).
- nvme-pci: remove volatile cqes (git-fixes).
- nvme-pci: slimmer CQ head update (git-fixes).
- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
- nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
- nvme-tcp: add clean action for failed reconnection (bsc#1183976).
- nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
- nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
- nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
- nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
- nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
- nvme: add 'kato' sysfs attribute (bsc#1179825).
- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
- nvme: define constants for identification values (git-fixes).
- nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
- nvme: do not intialize hwmon for discovery controllers (git-fixes).
- nvme: document nvme controller states (git-fixes).
- nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
- nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
- nvme: fix controller instance leak (git-fixes).
- nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes).
- nvme: fix possible deadlock when I/O is blocked (git-fixes).
- nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
- nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
- nvme: sanitize KATO setting (bsc#1179825).
- nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
- nvmet: fix a memory leak (git-fixes).
- nvmet: seset ns->file when open fails (bsc#1183873).
- nvmet: use new ana_log_size instead the old one (bsc#1184259).
- nxp-i2c: restore includes for kABI (bsc#1185589).
- nxp-nci: add NXP1002 id (bsc#1185589).
- phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).
- pinctrl: ingenic: Improve unreachable code generation (git-fixes).
- pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
- platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
- posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
- power: supply: Use IRQF_ONESHOT (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).
- power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).
- powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
- qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes).
- rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
- s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
- sched/eas: Do not update misfit status if the task is pinned (git-fixes)
- sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- scripts/git_sort/git_sort.py: add bpf git repo
- scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
- scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).
- scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451).
- scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
- scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451).
- scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451).
- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451).
- scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451).
- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
- scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451).
- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451).
- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
- sctp: delay auto_asconf init until binding the first addr (<cover.1620748346.git.mkubecek@suse.cz>).
- serial: core: fix suspicious security_locked_down() call (git-fixes).
- serial: core: return early on unsupported ioctls (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- serial: stm32: fix tx_empty condition (git-fixes).
- serial: tegra: Fix a mask operation that is always true (git-fixes).
- smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
- spi: ath79: always call chipselect function (git-fixes).
- spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
- tcp: fix to update snd_wl1 in bulk receiver fast path (<cover.1620748346.git.mkubecek@suse.cz>).
- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).
- tracing: Map all PIDs to command lines (git-fixes).
- tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
- tty: fix memory leak in vc_deallocate (git-fixes).
- tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
- tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
- uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
- uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).
- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
- usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
- usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
- usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
- usb: dwc3: gadget: Enable suspend events (git-fixes).
- usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes).
- usb: dwc3: omap: improve extcon initialization (git-fixes).
- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes).
- usb: fotg210-hcd: Fix an error message (git-fixes).
- usb: gadget/function/f_fs string table fix for multiple languages (git-fixes).
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
- usb: gadget: f_uac1: validate input parameters (git-fixes).
- usb: gadget: f_uac2: validate input parameters (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes).
- usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
- usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
- usb: sl811-hcd: improve misleading indentation (git-fixes).
- usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
- usb: xhci: Fix port minor revision (git-fixes).
- usb: xhci: Increase timeout for HC halt (git-fixes).
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
- vrf: fix a comment about loopback device (git-fixes).
- watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982).
- watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
- watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982).
- watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982).
- whitespace cleanup
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
- workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911).
- workqueue: more destroy_workqueue() fixes (bsc#1185911).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489).
- xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
- xhci: check control context is valid before dereferencing it (git-fixes).
- xhci: fix potential array out of bounds with several interrupters (git-fixes).
- xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes).
ImportantSUSE bug 1087082SUSE bug 1133021SUSE bug 1152457SUSE bug 1152489SUSE bug 1155518SUSE bug 1156395SUSE bug 1164648SUSE bug 1177666SUSE bug 1178378SUSE bug 1178418SUSE bug 1178612SUSE bug 1179519SUSE bug 1179825SUSE bug 1179827SUSE bug 1179851SUSE bug 1182257SUSE bug 1182378SUSE bug 1182999SUSE bug 1183346SUSE bug 1183868SUSE bug 1183873SUSE bug 1183932SUSE bug 1183947SUSE bug 1183976SUSE bug 1184081SUSE bug 1184082SUSE bug 1184259SUSE bug 1184611SUSE bug 1184855SUSE bug 1185428SUSE bug 1185495SUSE bug 1185497SUSE bug 1185589SUSE bug 1185606SUSE bug 1185642SUSE bug 1185645SUSE bug 1185677SUSE bug 1185680SUSE bug 1185703SUSE bug 1185725SUSE bug 1185758SUSE bug 1185859SUSE bug 1185860SUSE bug 1185861SUSE bug 1185862SUSE bug 1185863SUSE bug 1185898SUSE bug 1185899SUSE bug 1185911SUSE bug 1185938SUSE bug 1185950SUSE bug 1185982SUSE bug 1185987SUSE bug 1185988SUSE bug 1186060SUSE bug 1186061SUSE bug 1186062SUSE bug 1186111SUSE bug 1186285SUSE bug 1186320SUSE bug 1186390SUSE bug 1186416SUSE bug 1186439SUSE bug 1186441SUSE bug 1186451SUSE bug 1186460SUSE bug 1186479SUSE bug 1186484SUSE bug 1186498SUSE bug 1186501SUSE bug 1186573SUSE bug 1186681CVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Important)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block SDMA (bsc#1176681)
- CVE-2020-10756: Fix out-of-bounds read information disclosure in icmp6_send_echoreply(bsc#1172380)
- Fix issue where s390 guest fails to find zipl boot menu index (bsc#1183979)
- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
- Host CPU microcode revision will be visible inside VMs when the proper CPU-model is used (jsc#SLE-17785):
- For the record, these issues are fixed in this package already.
Most are alternate references to previously mentioned issues:
(CVE-2019-15890, bsc#1149813, CVE-2020-8608, bsc#1163019,
CVE-2020-14364, bsc#1175534, CVE-2020-25707, bsc#1178683,
CVE-2020-25723, bsc#1178935, CVE-2020-29130, bsc#1179477,
CVE-2020-29129, bsc#1179484, CVE-2021-20257, bsc#1182846,
CVE-2021-3419, bsc#1182975)
ImportantSUSE bug 1149813SUSE bug 1163019SUSE bug 1172380SUSE bug 1175534SUSE bug 1176681SUSE bug 1178683SUSE bug 1178935SUSE bug 1179477SUSE bug 1179484SUSE bug 1182846SUSE bug 1182975SUSE bug 1183979SUSE bug 1186290CVE-2019-15890 at SUSECVE-2019-15890 at NVDCVE-2020-10756 at SUSECVE-2020-10756 at NVDCVE-2020-14364 at SUSECVE-2020-14364 at NVDCVE-2020-25085 at SUSECVE-2020-25085 at NVDCVE-2020-25707 at SUSECVE-2020-25707 at NVDCVE-2020-25723 at SUSECVE-2020-25723 at NVDCVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDCVE-2020-8608 at SUSECVE-2020-8608 at NVDCVE-2021-20257 at SUSECVE-2021-20257 at NVDCVE-2021-3419 at SUSECVE-2021-3419 at NVDcpe:/o:suse:suse-microos:5.0Security update for libX11 (Important)SUSE Linux Enterprise Micro 5.0
This update for libX11 fixes the following issues:
- Regression in the fix for CVE-2021-31535, causing segfaults for xforms applications like fdesign (bsc#1186643)
ImportantSUSE bug 1186643CVE-2021-31535 at SUSECVE-2021-31535 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-29650: Fixed an issue with the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).
- CVE-2021-29155: Fixed an issue that was discovered in kernel/bpf/verifier.c that performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation was not correctly accounted for when restricting subsequent operations (bnc#1184942).
The following non-security bugs were fixed:
- ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
- ALSA: core: remove redundant spin_lock pair in snd_card_disconnect (git-fixes).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes).
- ALSA: hda/cirrus: Add error handling into CS8409 I2C functions (git-fixes).
- ALSA: hda/cirrus: Add Headphone and Headset MIC Volume Control (git-fixes).
- ALSA: hda/cirrus: Add jack detect interrupt support from CS42L42 companion codec (git-fixes).
- ALSA: hda/cirrus: Add support for CS8409 HDA bridge and CS42L42 companion codec (git-fixes).
- ALSA: hda/cirrus: Cleanup patch_cirrus.c code (git-fixes).
- ALSA: hda/cirrus: Fix CS42L42 Headset Mic volume control name (git-fixes).
- ALSA: hda/cirrus: Make CS8409 driver more generic by using fixups (git-fixes).
- ALSA: hda/cirrus: Set Initial DMIC volume for Bullseye to -26 dB (git-fixes).
- ALSA: hda/cirrus: Use CS8409 filter to fix abnormal sounds on Bullseye (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel Clevo PCx0Dx (git-fixes).
- ALSA: hda/realtek: fix mic boost on Intel NUC 8 (git-fixes).
- ALSA: hda/realtek: fix static noise on ALC285 Lenovo laptops (git-fixes).
- ALSA: hda/realtek: GA503 use same quirks as GA401 (git-fixes).
- ALSA: hda/realtek - Headset Mic issue on HP platform (git-fixes).
- ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 ASUS quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Dell quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 HP quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC662 quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Clevo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order remaining ALC269 quirk table entries (git-fixes).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
- ALSA: usb-audio: Add DJM450 to Pioneer format quirk (git-fixes).
- ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls (git-fixes).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
- ALSA: usb-audio: Configure Pioneer DJM-850 samplerate (git-fixes).
- ALSA: usb-audio: DJM-750: ensure format is set (git-fixes).
- ALSA: usb-audio: Explicitly set up the clock selector (git-fixes).
- ALSA: usb-audio: Fix implicit sync clearance at stopping stream (git-fixes).
- ALSA: usb-audio: Fix Pioneer DJM devices URB_CONTROL request direction to set samplerate (git-fixes).
- ALSA: usb: midi: do not return -ENOMEM when usb_urb_ep_type_check fails (git-fixes).
- arm: dts: add imx7d pcf2127 fix to blacklist
- ASoC: ak5558: correct reset polarity (git-fixes).
- ASoC: ak5558: Fix s/show/slow/ typo (git-fixes).
- ASoC: Intel: kbl_da7219_max98927: Fix kabylake_ssp_fixup function (git-fixes).
- ASoC: samsung: tm2_wm5110: check of of_parse return value (git-fixes).
- ASoC: simple-card: fix possible uninitialized single_cpu local variable (git-fixes).
- ASoC: SOF: Intel: HDA: fix core status verification (git-fixes).
- ASoC: SOF: Intel: hda: remove unnecessary parentheses (git-fixes).
- ata: libahci_platform: fix IRQ check (git-fixes).
- ath10k: Fix ath10k_wmi_tlv_op_pull_peer_stats_info() unlock without lock (git-fixes).
- ath9k: Fix error check in ath9k_hw_read_revisions() for PCI devices (git-fixes).
- backlight: journada720: Fix Wmisleading-indentation warning (git-fixes).
- blkcg: fix memleak for iolatency (git-fixes).
- block, bfq: set next_rq to waker_bfqq->next_rq in waker injection (bsc#1168838).
- block: recalculate segment count for multi-segment discards correctly (bsc#1184724).
- block: rsxx: select CONFIG_CRC32 (git-fixes).
- bluetooth: eliminate the potential race condition when removing the HCI controller (git-fixes).
- bnxt_en: reverse order of TX disable and carrier off (git-fixes).
- bpf: Fix verifier jsgt branch analysis on max bound (bsc#1155518).
- bpf, libbpf: Only create rx and tx XDP rings when necessary (bsc#1155518).
- bpf, samples: Fix possible hang in xdpsock with multiple threads (bsc#1155518).
- bpf, sockmap: Fix sk->prot unhash op reset (bsc#1155518).
- bsg: free the request before return error code (git-fixes).
- btrfs: fix qgroup data rsv leak caused by falloc failure (bsc#1185549).
- btrfs: fix race between swap file activation and snapshot creation (bsc#1185587).
- btrfs: fix race between writes to swap files and scrub (bsc#1185586).
- btrfs: track qgroup released data in own variable in insert_prealloc_file_extent (bsc#1185549).
- bus: qcom: Put child node before return (git-fixes).
- cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
- clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix switching CPU freq from 250 Mhz to 1 GHz (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix workaround for switching from L1 to L0 (git-fixes).
- clk: mvebu: armada-37xx-periph: remove .set_parent method for CPU PM clock (git-fixes).
- clk: qcom: a53-pll: Add missing MODULE_DEVICE_TABLE (git-fixes).
- clk: uniphier: Fix potential infinite loop (git-fixes).
- clk: zynqmp: move zynqmp_pll_set_mode out of round_rate callback (git-fixes).
- coresight: etm4x: Fix issues on trcseqevr access (git-fixes).
- coresight: etm4x: Fix save and restore of TRCVMIDCCTLR1 register (git-fixes).
- coresight: tmc-etr: Fix barrier packet insertion for perf buffer (git-fixes).
- cpufreq: armada-37xx: Fix determining base CPU frequency (git-fixes).
- cpufreq: armada-37xx: Fix driver cleanup when registration failed (git-fixes).
- cpufreq: armada-37xx: Fix setting TBG parent for load levels (git-fixes).
- cpufreq: armada-37xx: Fix the AVS value for load L1 (git-fixes).
- cpufreq: Kconfig: fix documentation links (git-fixes).
- crypto: arm/curve25519 - Move '.fpu' after '.arch' (git-fixes).
- crypto: rng - fix crypto_rng_reset() refcounting when !CRYPTO_STATS (git-fixes).
- cxgb4: avoid collecting SGE_QBASE regs during traffic (git-fixes).
- cxgb4/chtls/cxgbit: Keeping the max ofld immediate data size same in cxgb4 and ulds (git-fixes).
- dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
- dm: eliminate potential source of excessive kernel log noise (git-fixes).
- dm era: Fix bitset memory leaks (git-fixes).
- dm era: only resize metadata in preresume (git-fixes).
- dm era: Recover committed writeset after crash (git-fixes).
- dm era: Reinitialize bitset cache before digesting a new writeset (git-fixes).
- dm era: Use correct value size in equality function of writeset tree (git-fixes).
- dm era: Verify the data block size hasn't changed (git-fixes).
- dm: fix bug with RCU locking in dm_blk_report_zones (git-fixes).
- dm integrity: fix error reporting in bitmap mode after creation (git-fixes).
- dm ioctl: fix error return code in target_message (git-fixes).
- dm mpath: fix racey management of PG initialization (git-fixes).
- dm mpath: switch paths in dm_blk_ioctl() code path (bsc#1167574, bsc#1175995, bsc#1184485).
- dm raid: fix discard limits for raid1 (git-fixes).
- dm: remove invalid sparse __acquires and __releases annotations (git-fixes).
- dm writecache: fix the maximum number of arguments (git-fixes).
- dm writecache: handle DAX to partitions on persistent memory correctly (git-fixes).
- dm writecache: remove BUG() and fail gracefully instead (git-fixes).
- dm zoned: select CONFIG_CRC32 (git-fixes).
- dpaa_eth: copy timestamp fields to new skb in A-050385 workaround (git-fixes).
- dpaa_eth: fix the RX headroom size alignment (git-fixes).
- dpaa_eth: Remove unnecessary boolean expression in dpaa_get_headroom (git-fixes).
- dpaa_eth: Use random MAC address when none is given (bsc#1184811).
- drivers: net: xgene: Fix the order of the arguments of 'alloc_etherdev_mqs()' (git-fixes).
- drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
- drm/ast: Add 25MHz refclk support (bsc#1174416).
- drm/ast: Add support for 1152x864 mode (bsc#1174416).
- drm/ast: Add support for AIP200 (bsc#1174416).
- drm/ast: AST2500 fixups (bsc#1174416).
- drm/ast: Correct mode table for AST2500 precatch (bsc#1174416).
- drm/ast: Disable screen on register init (bsc#1174416).
- drm/ast: Disable VGA decoding while driver is active (bsc#1174416).
- drm/ast: drm/ast: Fix boot address for AST2500 (bsc#1174416).
- drm/ast: Fix P2A config detection (bsc#1174416).
- drm/ast: Fix register access in non-P2A mode for DP501 (bsc#1174416).
- drm/ast: Keep MISC fields when enabling VGA (bsc#1174416).
- drm/i915/gvt: Fix error code in intel_gvt_init_device() (git-fixes).
- drm/imx: imx-ldb: fix out of bounds array access warning (git-fixes).
- drm/msm: Fix a5xx/a6xx timestamps (git-fixes).
- drm/omap: fix misleading indentation in pixinc() (git-fixes).
- drm/radeon: fix copy of uninitialized variable back to userspace (git-fixes).
- drm/tegra: dc: Do not set PLL clock to 0Hz (git-fixes).
- e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
- e1000e: Fix duplicate include guard (git-fixes).
- e1000e: Fix error handling in e1000_set_d0_lplu_state_82571 (git-fixes).
- enetc: Let the hardware auto-advance the taprio base-time of 0 (git-fixes).
- enetc: Workaround for MDIO register access issue (git-fixes).
- ethernet/netronome/nfp: Fix a use after free in nfp_bpf_ctrl_msg_rx (git-fixes).
- ext4: do not try to set xattr into ea_inode if value is empty (bsc#1184730).
- ext4: find old entry again if failed to rename whiteout (bsc#1184742).
- ext4: fix potential error in ext4_do_update_inode (bsc#1184731).
- ext4: fix potential htree index checksum corruption (bsc#1184728).
- firmware: qcom-scm: Fix QCOM_SCM configuration (git-fixes).
- fnic: use scsi_host_busy_iter() to traverse commands (bsc#1179851).
- fotg210-udc: Complete OUT requests on short packets (git-fixes).
- fotg210-udc: Do not DMA more than the buffer can take (git-fixes).
- fotg210-udc: Fix DMA on EP0 for length > max packet size (git-fixes).
- fotg210-udc: Fix EP0 IN requests bigger than two packets (git-fixes).
- fotg210-udc: Mask GRP2 interrupts we do not handle (git-fixes).
- fotg210-udc: Remove a dubious condition leading to fotg210_done (git-fixes).
- fs: direct-io: fix missing sdio->boundary (bsc#1184736).
- fs/jfs: fix potential integer overflow on shift of a int (bsc#1184741).
- fsl/fman: reuse set_mac_address() in dtsec init() (bsc#1184811).
- fsl/fman: tolerate missing MAC address in device tree (bsc#1184811).
- gpio: omap: Save and restore sysconfig (git-fixes).
- gpio: sysfs: Obey valid_mask (git-fixes).
- HID: alps: fix error return code in alps_input_configured() (git-fixes).
- HID: google: add don USB id (git-fixes).
- HID: plantronics: Workaround for double volume key presses (git-fixes).
- HID: wacom: Assign boolean values to a bool variable (git-fixes).
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC type of devices (git-fixes).
- i2c: cadence: add IRQ check (git-fixes).
- i2c: emev2: add IRQ check (git-fixes).
- i2c: img-scb: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: imx-lpi2c: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: jz4780: add IRQ check (git-fixes).
- i2c: omap: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: sh7760: add IRQ check (git-fixes).
- i2c: sh7760: fix IRQ error path (git-fixes).
- i2c: sprd: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i40e: Added Asym_Pause to supported link modes (git-fixes).
- i40e: Add zero-initialization of AQ command structures (git-fixes).
- i40e: Fix addition of RX filters after enabling FW LLDP agent (git-fixes).
- i40e: Fix add TC filter for IPv6 (git-fixes).
- i40e: Fix display statistics for veb_tc (git-fixes).
- i40e: Fix endianness conversions (git-fixes).
- i40e: Fix flow for IPv6 next header (extension header) (git-fixes).
- i40e: Fix kernel oops when i40e driver removes VF's (git-fixes).
- i40e: Fix overwriting flow control settings during driver loading (git-fixes).
- i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
- i40e: Fix sparse warning: missing error code 'err' (git-fixes).
- i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
- ibmvnic: avoid calling napi_disable() twice (bsc#1065729).
- ibmvnic: clean up the remaining debugfs data structures (bsc#1065729).
- ibmvnic: correctly use dev_consume/free_skb_irq (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 git-fixes).
- ibmvnic: improve failover sysfs entry (bsc#1043990 ltc#155681 git-fixes).
- ibmvnic: print adapter state as a string (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: print reset reason as a string (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: queue reset work in system_long_wq (bsc#1152457 ltc#174432 git-fixes).
- ibmvnic: remove duplicate napi_schedule call in do_reset function (bsc#1065729).
- ibmvnic: remove duplicate napi_schedule call in open function (bsc#1065729).
- ice: Account for port VLAN in VF max packet size calculation (git-fixes).
- ice: Cleanup fltr list in case of allocation issues (git-fixes).
- ice: Fix for dereference of NULL pointer (git-fixes).
- ice: Increase control queue timeout (git-fixes).
- ice: prevent ice_open and ice_stop during reset (git-fixes).
- igb: check timestamp validity (git-fixes).
- igb: Fix duplicate include guard (git-fixes).
- igc: Fix Pause Frame Advertising (git-fixes).
- igc: Fix Supported Pause Frame Link Setting (git-fixes).
- igc: reinit_locked() should be called with rtnl_lock (git-fixes).
- iio:accel:adis16201: Fix wrong axis assignment that prevents loading (git-fixes).
- ima: Free IMA measurement buffer after kexec syscall (git-fixes).
- Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
- Input: nspire-keypad - enable interrupts only when opened (git-fixes).
- Input: s6sy761 - fix coordinate read bit shift (git-fixes).
- interconnect: core: fix error return code of icc_link_destroy() (git-fixes).
- iopoll: introduce read_poll_timeout macro (git-fixes).
- iommu/vt-d: Use device numa domain if RHSA is missing (bsc#1184585).
- ipw2x00: potential buffer overflow in libipw_wx_set_encodeext() (git-fixes).
- irqchip: Add support for Layerscape external interrupt lines (bsc#1185233).
- irqchip/ls-extirq: add IRQCHIP_SKIP_SET_WAKE to the irqchip flags (bsc#1185233).
- irqchip/ls-extirq: Add LS1043A, LS1088A external interrupt support (bsc#1185233).
- isofs: release buffer head before return (bsc#1182613).
- ixgbe: fail to create xfrm offload of IPsec tunnel mode SA (git-fixes).
- jffs2: fix use after free in jffs2_sum_write_data() (bsc#1184740).
- kABI: cover up change in struct kvm_arch (bsc#1184969).
- kABI: Fix kABI caused by fixes for bsc#1174426 (bsc#1174426).
- kABI: powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
- kernel/smp: make csdlock timeout depend on boot parameter (bsc#1180846).
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (bsc#1152489).
- KVM: PPC: Book3S HV P9: Restore host CTRL SPR after guest exit (bsc#1156395).
- KVM: PPC: Make the VMX instruction emulation routines static (bsc#1156395).
- libnvdimm/label: Return -ENXIO for no slot in __blk_label_update (bsc#1185269).
- libnvdimm/namespace: Fix reaping of invalidated block-window-namespace labels (bsc#1185269).
- libnvdimm/region: Fix nvdimm_has_flush() to handle ND_REGION_ASYNC (bsc#1184969 git-fixes).
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (git-fixes).
- liquidio: Fix unintented sign extension of a left shift of a u16 (git-fixes).
- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (bsc#1185041).
- mac80211: bail out if cipher schemes are invalid (git-fixes).
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN (git-fixes).
- macvlan: macvlan_count_rx() needs to be aware of preemption (git-fixes).
- media: dvbdev: Fix memory leak in dvb_media_device_free() (git-fixes).
- media: m88rs6000t: avoid potential out-of-bounds reads on arrays (git-fixes).
- media: mantis: remove orphan mantis_core.c (git-fixes).
- media: omap4iss: return error code when omap4iss_get() failed (git-fixes).
- media: platform: sunxi: sun6i-csi: fix error return code of sun6i_video_start_streaming() (git-fixes).
- media: staging/intel-ipu3: Fix memory leak in imu_fmt (git-fixes).
- media: staging/intel-ipu3: Fix race condition during set_fmt (git-fixes).
- media: staging/intel-ipu3: Fix set_fmt error handling (git-fixes).
- media: v4l2-ctrls.c: fix race condition in hdl->requests list (git-fixes).
- memory: gpmc: fix out of bounds read and dereference on gpmc_cs[] (git-fixes).
- memory: pl353: fix mask of ECC page_size config register (git-fixes).
- mfd: lpc_sch: Partially revert 'Add support for Intel Quark X1000' (git-fixes).
- mfd: stm32-timers: Avoid clearing auto reload register (git-fixes).
- misc: lis3lv02d: Fix false-positive WARN on various HP models (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_datagram payload (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg struct (git-fixes).
- mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
- mmc: cqhci: Add cqhci_deactivate() (git-fixes).
- mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
- mmc: sdhci-of-arasan: Add missed checks for devm_clk_register() (git-fixes).
- mmc: sdhci-of-dwcmshc: fix rpmb access (git-fixes).
- mmc: sdhci-of-dwcmshc: implement specific set_uhs_signaling (git-fixes).
- mmc: sdhci-of-esdhc: make sure delay chain locked for HS400 (git-fixes).
- mmc: sdhci-of-esdhc: set timeout to max before tuning (git-fixes).
- mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based controllers (git-fixes).
- mmc: sdhci: Use Auto CMD Auto Select only when v4_mode is true (git-fixes).
- mmc: uniphier-sd: Fix an error handling path in uniphier_sd_probe() (git-fixes).
- mmc: uniphier-sd: Fix a resource leak in the remove function (git-fixes).
- mm/rmap: fix potential pte_unmap on an not mapped pte (git-fixes).
- Move upstreamed i915 fix into sorted section
- mt7601u: fix always true expression (git-fixes).
- mtd: Handle possible -EPROBE_DEFER from parse_mtd_partitions() (git-fixes).
- mtd: rawnand: brcmnand: fix OOB R/W with Hamming ECC (git-fixes).
- mtd: rawnand: fsmc: Fix error code in fsmc_nand_probe() (git-fixes).
- mtd: rawnand: gpmi: Fix a double free in gpmi_nand_init (git-fixes).
- mtd: rawnand: qcom: Return actual error code instead of -ENODEV (git-fixes).
- mtd: require write permissions for locking and badblock ioctls (git-fixes).
- mtd: spinand: core: add missing MODULE_DEVICE_TABLE() (git-fixes).
- mtd: spi-nor: Rename 'n25q512a' to 'mt25qu512a (n25q512a)' (bsc#1167260).
- mtd: spi-nor: Split mt25qu512a (n25q512a) entry into two (bsc#1167260).
- nbd: fix a block_device refcount leak in nbd_release (git-fixes).
- net: atlantic: fix out of range usage of active_vlans array (git-fixes).
- net: atlantic: fix potential error handling (git-fixes).
- net: atlantic: fix use after free kasan warn (git-fixes).
- net: dsa: felix: implement port flushing on .phylink_mac_link_down (git-fixes).
- net: enetc: remove bogus write to SIRXIDR from enetc_setup_rxbdr (git-fixes).
- net: enetc: take the MDIO lock only once per NAPI poll cycle (git-fixes).
- net: geneve: check skb is large enough for IPv4/IPv6 header (git-fixes).
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (git-fixes).
- net: hns3: clear VF down state bit before request link status (git-fixes).
- net: hns3: fix bug when calculating the TCAM table info (git-fixes).
- net: hns3: fix query vlan mask value error for flow director (git-fixes).
- net: hns3: Remove un-necessary 'else-if' in the hclge_reset_event() (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls (git-fixes).
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure (git-fixes).
- net: ll_temac: Handle DMA halt condition caused by buffer underrun (git-fixes).
- net/mlx4_core: Add missed mlx4_free_cmd_mailbox() (git-fixes).
- net/mlx5: Do not request more than supported EQs (git-fixes).
- net/mlx5e: Do not match on Geneve options in case option masks are all zero (git-fixes).
- net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
- net/mlx5e: Fix ethtool indication of connector type (git-fixes).
- net/mlx5e: fix ingress_ifindex check in mlx5e_flower_parse_meta (jsc#SLE-8464).
- net:nfc:digital: Fix a double free in digital_tg_recv_dep_req (git-fixes).
- net: phy: intel-xway: enable integrated led functions (git-fixes).
- net: phy: marvell: fix m88e1011_set_downshift (git-fixes).
- net: phy: marvell: fix m88e1111_set_downshift (git-fixes).
- net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template (git-fixes).
- net: smc911x: Adjust indentation in smc911x_phy_configure (git-fixes).
- net: stmmac: fix missing IFF_MULTICAST check in dwmac4_set_filter (git-fixes).
- net: stmmac: xgmac: fix missing IFF_MULTICAST checki in dwxgmac2_set_filter (git-fixes).
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module (git-fixes).
- nfc: pn533: prevent potential memory corruption (git-fixes).
- nfp: flower: ignore duplicate merge hints from FW (git-fixes).
- node: fix device cleanups in error handling code (git-fixes).
- null_blk: fix passing of REQ_FUA flag in null_handle_rq (git-fixes).
- nvme-fabrics: reject I/O to offline device (bsc#1181161).
- nvme-tcp: fix possible hang when failing to set io queues (bsc#1181161).
- ocfs2: fix a use after free on error (bsc#1184738).
- pata_arasan_cf: fix IRQ check (git-fixes).
- pata_ipx4xx_cf: fix IRQ check (git-fixes).
- PCI/AER: Add pcie_walk_rcec() to RCEC AER handling (bsc#1174426).
- PCI/AER: Add RCEC AER error injection support (bsc#1174426).
- PCI/AER: Clear AER status from Root Port when resetting Downstream Port (bsc#1174426).
- PCI/AER: Specify the type of Port that was reset (bsc#1174426).
- PCI/AER: Use 'aer' variable for capability offset (bsc#1174426).
- PCI/AER: Write AER Capability only when we control it (bsc#1174426).
- PCI: designware-ep: Fix the Header Type check (git-fixes).
- PCI/ERR: Add pcie_link_rcec() to associate RCiEPs (bsc#1174426).
- PCI/ERR: Add pci_walk_bridge() to pcie_do_recovery() (bsc#1174426).
- PCI/ERR: Avoid negated conditional for clarity (bsc#1174426).
- PCI/ERR: Bind RCEC devices to the Root Port driver (bsc#1174426).
- PCI/ERR: Cache RCEC EA Capability offset in pci_init_capabilities() (bsc#1174426).
- PCI/ERR: Clear AER status only when we control AER (bsc#1174426).
- PCI/ERR: Clear PCIe Device Status errors only if OS owns AER (bsc#1174426).
- PCI/ERR: Clear status of the reporting device (bsc#1174426).
- PCI/ERR: Recover from RCEC AER errors (bsc#1174426).
- PCI/ERR: Recover from RCiEP AER errors (bsc#1174426).
- PCI/ERR: Rename reset_link() to reset_subordinates() (bsc#1174426).
- PCI/ERR: Retain status from error notification (bsc#1174426).
- PCI/ERR: Simplify by computing pci_pcie_type() once (bsc#1174426).
- PCI/ERR: Simplify by using pci_upstream_bridge() (bsc#1174426).
- PCI/ERR: Use 'bridge' for clarity in pcie_do_recovery() (bsc#1174426).
- PCI/PME: Add pcie_walk_rcec() to RCEC PME handling (bsc#1174426).
- PCI/portdrv: Report reset for frozen channel (bsc#1174426).
- PCI: tegra: Fix ASPM-L1SS advertisement disable code (git-fixes).
- PCI: tegra: Move 'dbi' accesses to post common DWC initialization (git-fixes).
- phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y, unconditionally (git-fixes).
- pinctrl: core: Fix kernel doc string for pin_get_name() (git-fixes).
- pinctrl: Ingenic: Add missing pins to the JZ4770 MAC MII group (git-fixes).
- platform/x86: pmc_atom: Match all Beckhoff Automation baytrail boards with critclk_systems DMI table (git-fixes).
- PM: runtime: Add documentation for pm_runtime_resume_and_get() (git-fixes).
- powerepc/book3s64/hash: Align start/end address correctly with bolt mapping (bsc#1184957).
- powerpc/64s: Fix pte update for kernel memory on radix (bsc#1055117 git-fixes).
- powerpc/asm-offsets: GPR14 is not needed either (bsc#1065729).
- powerpc/eeh: Fix EEH handling for hugepages in ioremap space (bsc#1156395).
- powerpc/fadump: Mark fadump_calculate_reserve_size as __init (bsc#1065729).
- powerpc/mm: Add cond_resched() while removing hpte mappings (bsc#1183289 ltc#191637).
- powerpc/papr_scm: Fix build error due to wrong printf specifier (bsc#1184969).
- powerpc/papr_scm: Implement support for H_SCM_FLUSH hcall (bsc#1184969).
- powerpc/perf: Fix PMU constraint check for EBB events (bsc#1065729).
- powerpc/prom: Mark identical_pvr_fixup as __init (bsc#1065729).
- powerpc/pseries: Add shutdown() to vio_driver and vio_bus (bsc#1184209 ltc#190917).
- powerpc/time: Enable sched clock for irqtime (bsc#1156395).
- regmap: set debugfs_name to NULL after it is freed (git-fixes).
- regulator: Avoid a double 'of_node_get' in 'regulator_of_get_init_node()' (git-fixes).
- reintroduce cqhci_suspend for kABI (git-fixes).
- reiserfs: update reiserfs_xattrs_initialized() condition (bsc#1184737).
- rpm/constraints.in: bump disk space to 45GB on riscv64
- rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063).
- rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244)
- rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650)
- rsi: Use resume_noirq for SDIO (git-fixes).
- rsxx: remove extraneous 'const' qualifier (git-fixes).
- rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
- rtc: fsl-ftm-alarm: add MODULE_TABLE() (bsc#1185454).
- rtc: fsl-ftm-alarm: avoid struct rtc_time conversions (bsc#1185454).
- rtc: fsl-ftm-alarm: enable acpi support (bsc#1185454).
- rtc: fsl-ftm-alarm: fix freeze(s2idle) failed to wake (bsc#1185454).
- rtc: fsl-ftm-alarm: report alarm to core (bsc#1185454).
- rtc: fsl-ftm-alarm: switch to ktime_get_real_seconds (bsc#1185454).
- rtc: fsl-ftm-alarm: switch to rtc_time64_to_tm/rtc_tm_to_time64 (bsc#1185454).
- rtc: fsl-ftm-alarm: update acpi device id (bsc#1185454).
- rtc: pcf2127: add alarm support (bsc#1185233).
- rtc: pcf2127: add pca2129 device id (bsc#1185233).
- rtc: pcf2127: add tamper detection support (bsc#1185233).
- rtc: pcf2127: add watchdog feature support (bsc#1185233).
- rtc: pcf2127: bugfix: watchdog build dependency (bsc#1185233).
- rtc: pcf2127: cleanup register and bit defines (bsc#1185233).
- rtc: pcf2127: convert to devm_rtc_allocate_device (bsc#1185233).
- rtc: pcf2127: fix a bug when not specify interrupts property (bsc#1185233).
- rtc: pcf2127: fix alarm handling (bsc#1185233).
- rtc: pcf2127: fix pcf2127_nvmem_read/write() returns (bsc#1185233).
- rtc: pcf2127: handle boot-enabled watchdog feature (bsc#1185233).
- rtc: pcf2127: let the core handle rtc range (bsc#1185233).
- rtc: pcf2127: move watchdog initialisation to a separate function (bsc#1185233).
- rtc: pcf2127: only use watchdog when explicitly available (bsc#1185233).
- rtc: pcf2127: properly set flag WD_CD for rtc chips(pcf2129, pca2129) (bsc#1185233).
- rtc: pcf2127: remove unnecessary #ifdef (bsc#1185233).
- rtc: pcf2127: set regmap max_register (bsc#1185233).
- rtc: pcf2127: watchdog: handle nowayout feature (bsc#1185233).
- rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
- rtw88: Fix array overrun in rtw_get_tx_power_params() (git-fixes).
- sata_mv: add IRQ checks (git-fixes).
- scsi: block: Fix a race in the runtime power management code (git-fixes).
- scsi: core: add scsi_host_busy_iter() (bsc#1179851).
- scsi: core: Only return started requests from scsi_host_find_tag() (bsc#1179851).
- scsi: lpfc: Copyright updates for 12.8.0.9 patches (bsc#1185472).
- scsi: lpfc: Eliminate use of LPFC_DRIVER_NAME in lpfc_attr.c (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc issues (bsc#1185472).
- scsi: lpfc: Fix a bunch of kernel-doc misdemeanours (bsc#1185472).
- scsi: lpfc: Fix a bunch of misnamed functions (bsc#1185472).
- scsi: lpfc: Fix a few incorrectly named functions (bsc#1185472).
- scsi: lpfc: Fix a typo (bsc#1185472).
- scsi: lpfc: Fix crash when a REG_RPI mailbox fails triggering a LOGO response (bsc#1185472).
- scsi: lpfc: Fix DMA virtual address ptr assignment in bsg (bsc#1185365).
- scsi: lpfc: Fix error handling for mailboxes completed in MBX_POLL mode (bsc#1185472).
- scsi: lpfc: Fix formatting and misspelling issues (bsc#1185472).
- scsi: lpfc: Fix gcc -Wstringop-overread warning (bsc#1185472).
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (bsc#1183203).
- scsi: lpfc: Fix incorrectly documented function lpfc_debugfs_commonxripools_data() (bsc#1185472).
- scsi: lpfc: Fix incorrect naming of __lpfc_update_fcf_record() (bsc#1185472).
- scsi: lpfc: Fix kernel-doc formatting issue (bsc#1185472).
- scsi: lpfc: Fix lack of device removal on port swaps with PRLIs (bsc#1185472).
- scsi: lpfc: Fix lpfc_hdw_queue attribute being ignored (bsc#1185472).
- scsi: lpfc: Fix missing FDMI registrations after Mgmt Svc login (bsc#1185472).
- scsi: lpfc: Fix NMI crash during rmmod due to circular hbalock dependency (bsc#1185472).
- scsi: lpfc: Fix reference counting errors in lpfc_cmpl_els_rsp() (bsc#1185472).
- scsi: lpfc: Fix rmmod crash due to bad ring pointers to abort_iotag (bsc#1185472).
- scsi: lpfc: Fix silent memory allocation failure in lpfc_sli4_bsg_link_diag_test() (bsc#1185472).
- scsi: lpfc: Fix some error codes in debugfs (bsc#1185472).
- scsi: lpfc: Fix use-after-free on unused nodes after port swap (bsc#1185472).
- scsi: lpfc: Fix various trivial errors in comments and log messages (bsc#1185472).
- scsi: lpfc: Remove unsupported mbox PORT_CAPABILITIES logic (bsc#1185472).
- scsi: lpfc: Standardize discovery object logging format (bsc#1185472).
- scsi: lpfc: Update lpfc version to 12.8.0.9 (bsc#1185472).
- scsi: qla2xxx: Add error counters to debugfs node (bsc#1185491).
- scsi: qla2xxx: Add H:C:T info in the log message for fc ports (bsc#1185491).
- scsi: qla2xxx: Always check the return value of qla24xx_get_isp_stats() (bsc#1185491).
- scsi: qla2xxx: Assign boolean values to a bool variable (bsc#1185491).
- scsi: qla2xxx: Check kzalloc() return value (bsc#1185491).
- scsi: qla2xxx: Consolidate zio threshold setting for both FCP NVMe (bsc#1185491).
- scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (bsc#1185491).
- scsi: qla2xxx: Do logout even if fabric scan retries got exhausted (bsc#1185491).
- scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (bsc#1185491).
- scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misdocumented functions (bsc#1185491).
- scsi: qla2xxx: Fix a couple of misnamed functions (bsc#1185491).
- scsi: qla2xxx: Fix broken #endif placement (bsc#1185491).
- scsi: qla2xxx: Fix crash in PCIe error handling (bsc#1185491).
- scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (bsc#1185491).
- scsi: qla2xxx: Fix endianness annotations (bsc#1185491).
- scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (bsc#1185491).
- scsi: qla2xxx: Fix IOPS drop seen in some adapters (bsc#1185491).
- scsi: qla2xxx: Fix mailbox Ch erroneous error (bsc#1185491).
- scsi: qla2xxx: Fix mailbox recovery during PCIe error (bsc#1185491).
- scsi: qla2xxx: Fix RISC RESET completion polling (bsc#1185491).
- scsi: qla2xxx: Fix some incorrect formatting/spelling issues (bsc#1185491).
- scsi: qla2xxx: Fix some memory corruption (bsc#1185491).
- scsi: qla2xxx: Fix stuck session (bsc#1185491).
- scsi: qla2xxx: Fix use after free in bsg (bsc#1185491).
- scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (bsc#1185491).
- scsi: qla2xxx: Move some messages from debug to normal log level (bsc#1185491).
- scsi: qla2xxx: Remove redundant NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unnecessary NULL check (bsc#1185491).
- scsi: qla2xxx: Remove unneeded if-null-free check (bsc#1185491).
- scsi: qla2xxx: Replace __qla2x00_marker()'s missing underscores (bsc#1185491).
- scsi: qla2xxx: Reserve extra IRQ vectors (bsc#1184436).
- scsi: qla2xxx: Reuse existing error handling path (bsc#1185491).
- scsi: qla2xxx: Simplify if statement (bsc#1185491).
- scsi: qla2xxx: Simplify qla8044_minidump_process_control() (bsc#1185491).
- scsi: qla2xxx: Simplify the calculation of variables (bsc#1185491).
- scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (bsc#1185491).
- scsi: qla2xxx: Update default AER debug mask (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.105-k (bsc#1185491).
- scsi: qla2xxx: Update version to 10.02.00.106-k (bsc#1185491).
- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1185491).
- scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (bsc#1185491).
- scsi: smartpqi: Correct driver removal with HBA disks (bsc#1178089).
- scsi: smartpqi: Correct pqi_sas_smp_handler busy condition (bsc#1178089).
- scsi: smartpqi: Update version to 1.2.16-012 (bsc#1178089).
- selftests/powerpc: Add pkey helpers for rights (bsc#1184934 ltc#191460).
- selftests/powerpc: Add test for execute-disabled pkeys (bsc#1184934 ltc#191460).
- selftests/powerpc: Add test for pkey siginfo verification (bsc#1184934 ltc#191460).
- selftests/powerpc: Add wrapper for gettid (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix exit status of pkey tests (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix L1D flushing tests for Power10 (bsc#1184934 ltc#191460).
- selftests/powerpc: Fix pkey syscall redefinitions (bsc#1184934 ltc#191460).
- selftests/powerpc: Move pkey helpers to headers (bsc#1184934 ltc#191460).
- selftests/powerpc: refactor entry and rfi_flush tests (bsc#1184934 ltc#191460).
- soc: aspeed: fix a ternary sign expansion bug (git-fixes).
- soc: qcom: mdt_loader: Detect truncated read of segments (git-fixes).
- soc: qcom: mdt_loader: Validate that p_filesz p_memsz (git-fixes).
- soundwire: bus: Fix device found flag correctly (git-fixes).
- soundwire: stream: fix memory leak in stream config error path (git-fixes).
- spi: fsl-dspi: fix NULL pointer dereference (bsc#1167260).
- spi: fsl-dspi: fix use-after-free in remove path (bsc#1167260).
- spi: fsl-dspi: fix wrong pointer in suspend/resume (bsc#1167260).
- spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() (git-fixes).
- spi: Introduce dspi_slave_abort() function for NXP's dspi SPI driver (bsc#1167260).
- spi: spi-fsl-dspi: Accelerate transfers using larger word size if possible (bsc#1167260).
- spi: spi-fsl-dspi: Add comments around dspi_pop_tx and dspi_push_rx functions (bsc#1167260).
- spi: spi-fsl-dspi: Adding shutdown hook (bsc#1167260).
- spi: spi-fsl-dspi: Add support for LS1028A (bsc#1167260).
- spi: spi-fsl-dspi: Always use the TCFQ devices in poll mode (bsc#1167260).
- spi: spi-fsl-dspi: Avoid NULL pointer in dspi_slave_abort for non-DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Avoid reading more data than written in EOQ mode (bsc#1167260).
- spi: spi-fsl-dspi: Change usage pattern of SPI_MCR_* and SPI_CTAR_* macros (bsc#1167260).
- spi: spi-fsl-dspi: Convert TCFQ users to XSPI FIFO mode (bsc#1167260).
- spi: spi-fsl-dspi: Convert the instantiations that support it to DMA (bsc#1167260).
- spi: spi-fsl-dspi: delete EOQ transfer mode (bsc#1167260).
- spi: spi-fsl-dspi: Demistify magic value in SPI_SR_CLEAR (bsc#1167260).
- spi: spi-fsl-dspi: Do not access reserved fields in SPI_MCR (bsc#1167260).
- spi: spi-fsl-dspi: Do not mask off undefined bits (bsc#1167260).
- spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1167260).
- spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Fix bits-per-word acceleration in DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Fix code alignment (bsc#1167260).
- spi: spi-fsl-dspi: fix DMA mapping (bsc#1167260).
- spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths (bsc#1167260).
- spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path (bsc#1167260).
- spi: spi-fsl-dspi: Fix little endian access to PUSHR CMD and TXDATA (bsc#1167260).
- spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer (bsc#1167260).
- spi: spi-fsl-dspi: Fix lockup if device is shutdown during SPI transfer (bsc#1167260).
- spi: spi-fsl-dspi: fix native data copy (bsc#1167260).
- spi: spi-fsl-dspi: Fix race condition in TCFQ/EOQ interrupt (bsc#1167260).
- spi: spi-fsl-dspi: Fix typos (bsc#1167260).
- spi: spi-fsl-dspi: Free DMA memory with matching function (bsc#1167260).
- spi: spi-fsl-dspi: Implement .max_message_size method for EOQ mode (bsc#1167260).
- spi: spi-fsl-dspi: Initialize completion before possible interrupt (bsc#1167260).
- spi: spi-fsl-dspi: LS2080A and LX2160A support XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Make bus-num property optional (bsc#1167260).
- spi: spi-fsl-dspi: Move dspi_interrupt above dspi_transfer_one_message (bsc#1167260).
- spi: spi-fsl-dspi: Move invariant configs out of dspi_transfer_one_message (bsc#1167260).
- spi: spi-fsl-dspi: Optimize dspi_setup_accel for lowest interrupt count (bsc#1167260).
- spi: spi-fsl-dspi: Parameterize the FIFO size and DMA buffer size (bsc#1167260).
- spi: spi-fsl-dspi: Protect against races on dspi->words_in_flight (bsc#1167260).
- spi: spi-fsl-dspi: Reduce indentation in dspi_release_dma() (bsc#1167260).
- spi: spi-fsl-dspi: Reduce indentation level in dspi_interrupt (bsc#1167260).
- spi: spi-fsl-dspi: remove git-fixes Remove git-fixes. Prepare to update the driver. References: bsc#1167260
- spi: spi-fsl-dspi: Remove impossible to reach error check (bsc#1167260).
- spi: spi-fsl-dspi: Remove pointless assignment of master->transfer to NULL (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused chip->void_write_data (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused defines and includes (bsc#1167260).
- spi: spi-fsl-dspi: Remove unused initialization of 'ret' in dspi_probe (bsc#1167260).
- spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write (bsc#1167260).
- spi: spi-fsl-dspi: Replace interruptible wait queue with a simple completion (bsc#1167260).
- spi: spi-fsl-dspi: Replace legacy spi_master names with spi_controller (bsc#1167260).
- spi: spi-fsl-dspi: set ColdFire to DMA mode (bsc#1167260).
- spi: spi-fsl-dspi: Simplify bytes_per_word gymnastics (bsc#1167260).
- spi: spi-fsl-dspi: Take software timestamp in dspi_fifo_write (bsc#1167260).
- spi: spi-fsl-dspi: Use BIT() and GENMASK() macros (bsc#1167260).
- spi: spi-fsl-dspi: Use dma_request_chan() instead dma_request_slave_channel() (bsc#1167260).
- spi: spi-fsl-dspi: Use EOQ for last word in buffer even for XSPI mode (bsc#1167260).
- spi: spi-fsl-dspi: Use poll mode in case the platform IRQ is missing (bsc#1167260).
- spi: spi-fsl-dspi: Use reverse Christmas tree declaration order (bsc#1167260).
- spi: spi-fsl-dspi: Use specific compatible strings for all SoC instantiations (bsc#1167260).
- spi: spi-fsl-dspi: use XSPI mode instead of DMA for DPAA2 SoCs (bsc#1167260).
- spi: spi-ti-qspi: Free DMA resources (git-fixes).
- staging: fwserial: fix TIOCGSERIAL implementation (git-fixes).
- staging: fwserial: fix TIOCSSERIAL implementation (git-fixes).
- staging: fwserial: fix TIOCSSERIAL jiffies conversions (git-fixes).
- staging: fwserial: fix TIOCSSERIAL permission check (git-fixes).
- staging: rtl8192u: Fix potential infinite loop (git-fixes).
- usb: CDC-ACM: fix poison/unpoison imbalance (bsc#1184984).
- usb: CDC-ACM: fix poison/unpoison imbalance (git-fixes).
- usb: cdc-acm: fix TIOCGSERIAL implementation (git-fixes).
- usb: cdc-acm: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: dwc2: Fix hibernation between host and device modes (git-fixes).
- usb: dwc2: Fix host mode hibernation exit with remote wakeup flow (git-fixes).
- usb: dwc2: Fix session request interrupt handler (git-fixes).
- usb: dwc3: gadget: Fix START_TRANSFER link state check (git-fixes).
- usb: dwc3: keystone: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: meson-g12a: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: Switch to use device_property_count_u32() (git-fixes).
- usb: gadget: aspeed: fix dma map failure (git-fixes).
- usb: gadget: Fix double free of device descriptor pointers (git-fixes).
- usb: gadget: pch_udc: Check for DMA mapping error (git-fixes).
- usb: gadget: pch_udc: Check if driver is present before calling ->setup() (git-fixes).
- usb: gadget: pch_udc: Move pch_udc_init() to satisfy kernel doc (git-fixes).
- usb: gadget: pch_udc: Replace cpu_to_le32() by lower_32_bits() (git-fixes).
- usb: gadget: pch_udc: Revert d3cb25a12138 completely (git-fixes).
- usb: gadget: r8a66597: Add missing null check on return from platform_get_resource (git-fixes).
- usb: gadget: udc: fix wrong pointer passed to IS_ERR() and PTR_ERR() (git-fixes).
- usb: Remove dev_err() usage after platform_get_irq() (git-fixes).
- usb: serial: ark3116: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: f81232: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: f81534: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: fix return value for unsupported ioctls (git-fixes).
- usb: serial: mos7720: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: opticon: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: quatech2: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: ssu100: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: usb_wwan: fix TIOCGSERIAL implementation (git-fixes).
- usb: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
- usb: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: typec: tcpci: Check ROLE_CONTROL while interpreting CC_STATUS (git-fixes).
- usb: typec: tcpm: Address incorrect values of tcpm psy for fixed supply (git-fixes).
- usb: typec: tcpm: Honour pSnkStdby requirement during negotiation (git-fixes).
- veth: Store queue_mapping independently of XDP prog presence (git-fixes).
- vfio/pci: Add missing range check in vfio_pci_mmap (git-fixes).
- virt_wifi: Return micros for BSS TSF values (git-fixes).
- vxlan: move debug check after netdev unregister (git-fixes).
- workqueue: Move the position of debug_work_activate() in __queue_work() (bsc#1184893).
- x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access (bsc#1152489).
- x86/insn: Add some Intel instructions to the opcode map (bsc#1184760).
- x86/insn: Add some more Intel instructions to the opcode map (bsc#1184760).
- x86/microcode: Check for offline CPUs before requesting new microcode (bsc#1152489).
- x86/mm: Fix NX bit clearing issue in kernel_map_pages_in_pgd (bsc#1152489).
- x86/platform/uv: Set section block size for hubless architectures (bsc#1152489).
- x86/reboot: Force all cpus to exit VMX root if VMX is supported (bsc#1152489).
ImportantSUSE bug 1043990SUSE bug 1055117SUSE bug 1065729SUSE bug 1152457SUSE bug 1152489SUSE bug 1155518SUSE bug 1156395SUSE bug 1167260SUSE bug 1167574SUSE bug 1168838SUSE bug 1174416SUSE bug 1174426SUSE bug 1175995SUSE bug 1178089SUSE bug 1179243SUSE bug 1179851SUSE bug 1180846SUSE bug 1181161SUSE bug 1182613SUSE bug 1183063SUSE bug 1183203SUSE bug 1183289SUSE bug 1184208SUSE bug 1184209SUSE bug 1184436SUSE bug 1184485SUSE bug 1184514SUSE bug 1184585SUSE bug 1184650SUSE bug 1184724SUSE bug 1184728SUSE bug 1184730SUSE bug 1184731SUSE bug 1184736SUSE bug 1184737SUSE bug 1184738SUSE bug 1184740SUSE bug 1184741SUSE bug 1184742SUSE bug 1184760SUSE bug 1184811SUSE bug 1184893SUSE bug 1184934SUSE bug 1184942SUSE bug 1184957SUSE bug 1184969SUSE bug 1184984SUSE bug 1185041SUSE bug 1185113SUSE bug 1185233SUSE bug 1185244SUSE bug 1185269SUSE bug 1185365SUSE bug 1185454SUSE bug 1185472SUSE bug 1185491SUSE bug 1185549SUSE bug 1185586SUSE bug 1185587CVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDcpe:/o:suse:suse-microos:5.0Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libxml2 fixes the following issues:
- CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015)
ModerateSUSE bug 1186015CVE-2021-3541 at SUSECVE-2021-3541 at NVDcpe:/o:suse:suse-microos:5.0Security update for spice (Important)SUSE Linux Enterprise Micro 5.0
This update for spice fixes the following issues:
- CVE-2021-20201: client initiated renegotiation causing denial of service (bsc#1181686)
ImportantSUSE bug 1181686CVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:suse-microos:5.0Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.0
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20210608 release.
- CVE-2020-24513: A domain bypass transient execution vulnerability was discovered on some Intel Atom processors that use a micro-architectural incident channel. (INTEL-SA-00465 bsc#1179833)
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html
- CVE-2020-24511: The IBRS feature to mitigate Spectre variant 2 transient execution side channel vulnerabilities may not fully prevent non-root (guest) branches from controlling the branch predictions of the root (host) (INTEL-SA-00464 bsc#1179836)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24512: Fixed trivial data value cache-lines such as all-zero value cache-lines may lead to changes in cache-allocation or write-back behavior for such cache-lines (bsc#1179837 INTEL-SA-00464)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html)
- CVE-2020-24489: Fixed Intel VT-d device pass through potential local privilege escalation (INTEL-SA-00442 bsc#1179839)
See also https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html
Other fixes:
- Update for functional issues. Refer to [Third Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780)for details.
- Update for functional issues. Refer to [Second Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details.
- Update for functional issues. Refer to [Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/613537) for details.
- Update for functional issues. Refer to [Intel Xeon Processor D-1500, D-1500 NS and D-1600 NS Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-d-1500-specification-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E7-8800 and E7-4800 v3 Processor Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e7-v3-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon Processor E5 v3 Product Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e5-v3-spec-update.html?wapkw=processor+spec+update+e5) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/10th-gen-core-families-specification-update.html) for details.
- Update for functional issues. Refer to [8th and 9th Gen Intel Core Processor Family Spec Update](https://www.intel.com/content/www/us/en/products/docs/processors/core/8th-gen-core-spec-update.html) for details.
- Update for functional issues. Refer to [7th Gen and 8th Gen (U Quad-Core) Intel Processor Families Specification Update](https://www.intel.com/content/www/us/en/processors/core/7th-gen-core-family-spec-update.html) for details.
- Update for functional issues. Refer to [6th Gen Intel Processor Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/332689) for details.
- Update for functional issues. Refer to [Intel Xeon E3-1200 v6 Processor Family Specification Update](https://www.intel.com/content/www/us/en/processors/xeon/xeon-e3-1200v6-spec-update.html) for details.
- Update for functional issues. Refer to [Intel Xeon E-2100 and E-2200 Processor Family Specification Update](https://www.intel.com/content/www/us/en/products/docs/processors/xeon/xeon-e-2100-specification-update.html) for details.
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CLX-SP | A0 | 06-55-05/b7 | | 03000010 | Xeon Scalable Gen2
| ICX-SP | C0 | 06-6a-05/87 | | 0c0002f0 | Xeon Scalable Gen3
| ICX-SP | D0 | 06-6a-06/87 | | 0d0002a0 | Xeon Scalable Gen3
| SNR | B0 | 06-86-04/01 | | 0b00000f | Atom P59xxB
| SNR | B1 | 06-86-05/01 | | 0b00000f | Atom P59xxB
| TGL | B1 | 06-8c-01/80 | | 00000088 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | | 00000016 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | | 0000002c | Core Gen11 Mobile
| EHL | B1 | 06-96-01/01 | | 00000011 | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| JSL | A0/A1 | 06-9c-00/01 | | 0000001d | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| RKL-S | B0 | 06-a7-01/02 | | 00000040 | Core Gen11
- Updated platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| HSX-E/EP | Cx/M1 | 06-3f-02/6f | 00000044 | 00000046 | Core Gen4 X series; Xeon E5 v3
| HSX-EX | E0 | 06-3f-04/80 | 00000016 | 00000019 | Xeon E7 v3
| SKL-U/Y | D0 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| SKL-U23e | K1 | 06-4e-03/c0 | 000000e2 | 000000ea | Core Gen6 Mobile
| BDX-ML | B0/M0/R0 | 06-4f-01/ef | 0b000038 | 0b00003e | Xeon E5/E7 v4; Core i7-69xx/68xx
| SKX-SP | B1 | 06-55-03/97 | 01000159 | 0100015b | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006a0a | 02006b06 | Xeon D-21xx
| CLX-SP | B0 | 06-55-06/bf | 04003006 | 04003102 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003006 | 05003102 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 0700001e | 07002302 | Xeon Scalable Gen3
| BDX-DE | V2/V3 | 06-56-03/10 | 07000019 | 0700001b | Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
| BDX-DE | Y0 | 06-56-04/10 | 0f000017 | 0f000019 | Xeon D-1557/59/67/71/77/81/87
| BDX-NS | A0 | 06-56-05/10 | 0e00000f | 0e000012 | Xeon D-1513N/23/33/43/53
| APL | D0 | 06-5c-09/03 | 00000040 | 00000044 | Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
| APL | E0 | 06-5c-0a/03 | 0000001e | 00000020 | Atom x5-E39xx
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000e2 | 000000ea | Core Gen6; Xeon E3 v5
| DNV | B0 | 06-5f-01/01 | 0000002e | 00000034 | Atom C Series
| GLK | B0 | 06-7a-01/01 | 00000034 | 00000036 | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GKL-R | R0 | 06-7a-08/01 | 00000018 | 0000001a | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000a0 | 000000a6 | Core Gen10 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000028 | 0000002a | Core w/Hybrid Technology
| AML-Y22 | H0 | 06-8e-09/10 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000de | 000000ea | Core Gen7 Mobile
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000e0 | 000000ea | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000de | 000000ea | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen10 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000de | 000000ea | Core Gen8 Mobile
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000de | 000000ea | Core Gen7; Xeon E3 v6
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000de | 000000ea | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000de | 000000ea | Core Gen8
| CFL-H/S | P0 | 06-9e-0c/22 | 000000de | 000000ea | Core Gen9
| CFL-H | R0 | 06-9e-0d/22 | 000000de | 000000ea | Core Gen9 Mobile
| CML-H | R1 | 06-a5-02/20 | 000000e0 | 000000ea | Core Gen10 Mobile
| CML-S62 | G1 | 06-a5-03/22 | 000000e0 | 000000ea | Core Gen10
| CML-S102 | Q0 | 06-a5-05/22 | 000000e0 | 000000ec | Core Gen10
| CML-U62 | A0 | 06-a6-00/80 | 000000e0 | 000000e8 | Core Gen10 Mobile
| CML-U62 V2 | K0 | 06-a6-01/80 | 000000e0 | 000000ea | Core Gen10 Mobile
ImportantSUSE bug 1179833SUSE bug 1179836SUSE bug 1179837SUSE bug 1179839CVE-2020-24489 at SUSECVE-2020-24489 at NVDCVE-2020-24511 at SUSECVE-2020-24511 at NVDCVE-2020-24512 at SUSECVE-2020-24512 at NVDCVE-2020-24513 at SUSECVE-2020-24513 at NVDcpe:/o:suse:suse-microos:5.0Security update for containerd, docker, runc (Important)SUSE Linux Enterprise Micro 5.0
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)
* Switch version to use -ce suffix rather than _ce to avoid confusing other
tools (bsc#1182476).
* CVE-2021-21284: Fixed a potential privilege escalation when the root user in
the remapped namespace has access to the host filesystem (bsc#1181732)
* CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest
crashes the dockerd daemon (bsc#1181730).
* btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)
runc was updated to v1.0.0~rc93 (bsc#1182451, bsc#1175821 bsc#1184962).
* Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
* Fixed /dev/null is not available (bsc#1168481).
* CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).
containerd was updated to v1.4.4
* CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
* Handle a requirement from docker (bsc#1181594).
ImportantSUSE bug 1168481SUSE bug 1175081SUSE bug 1175821SUSE bug 1181594SUSE bug 1181641SUSE bug 1181677SUSE bug 1181730SUSE bug 1181732SUSE bug 1181749SUSE bug 1182451SUSE bug 1182476SUSE bug 1182947SUSE bug 1183024SUSE bug 1183855SUSE bug 1184768SUSE bug 1184962SUSE bug 1185405CVE-2021-21284 at SUSECVE-2021-21284 at NVDCVE-2021-21285 at SUSECVE-2021-21285 at NVDCVE-2021-21334 at SUSECVE-2021-21334 at NVDCVE-2021-30465 at SUSECVE-2021-30465 at NVDcpe:/o:suse:suse-microos:5.0Security update for libjpeg-turbo (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libjpeg-turbo fixes the following issues:
- CVE-2020-17541: Fixed a stack-based buffer overflow in the 'transform' component (bsc#1186764).
ModerateSUSE bug 1186764CVE-2020-17541 at SUSECVE-2020-17541 at NVDcpe:/o:suse:suse-microos:5.0Security update for salt (Critical)SUSE Linux Enterprise Micro 5.0
This update for salt fixes the following issues:
Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#SLE-18028)
- Check if dpkgnotify is executable (bsc#1186674)
- Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
- virt module updates
* network: handle missing ipv4 netmask attribute
* more network support
* PCI/USB host devices passthrough support
- Set distro requirement to oldest supported version in requirements/base.txt
- Bring missing part of async batch implementation back (CVE-2021-25315, bsc#1182382)
- Always require `python3-distro` (bsc#1182293)
- Remove deprecated warning that breaks minion execution when 'server_id_use_crc' opts is missing
- Fix pkg states when DEB package has 'all' arch
- Do not force beacons configuration to be a list.
- Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
- msgpack support for version >= 1.0.0 (bsc#1171257)
- Fix issue parsing errors in ansiblegate state module
- Prevent command injection in the snapper module (bsc#1185281, CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18033)
- Improvements on 'ansiblegate' module (bsc#1185092):
* New methods: ansible.targets / ansible.discover_playbooks
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Update target fix for salt-ssh and avoiding race condition on salt-ssh event processing (bsc#1179831, bsc#1182281)
- Add notify beacon for Debian/Ubuntu systems
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
CriticalSUSE bug 1171257SUSE bug 1176293SUSE bug 1179831SUSE bug 1181368SUSE bug 1182281SUSE bug 1182293SUSE bug 1182382SUSE bug 1185092SUSE bug 1185281SUSE bug 1186674CVE-2018-15750 at SUSECVE-2018-15750 at NVDCVE-2018-15751 at SUSECVE-2018-15751 at NVDCVE-2020-11651 at SUSECVE-2020-11651 at NVDCVE-2020-11652 at SUSECVE-2020-11652 at NVDCVE-2020-25592 at SUSECVE-2020-25592 at NVDCVE-2021-25315 at SUSECVE-2021-25315 at NVDCVE-2021-31607 at SUSECVE-2021-31607 at NVDcpe:/o:suse:suse-microos:5.0Security update for libnettle (Important)SUSE Linux Enterprise Micro 5.0
This update for libnettle fixes the following issues:
- CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).
ImportantSUSE bug 1187060CVE-2021-3580 at SUSECVE-2021-3580 at NVDcpe:/o:suse:suse-microos:5.0Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.0
This update for ovmf fixes the following issues:
- Fixed a possible buffer overflow in IScsiDxe (bsc#1186151)
ImportantSUSE bug 1186151cpe:/o:suse:suse-microos:5.0Security update for libgcrypt (Important)SUSE Linux Enterprise Micro 5.0
This update for libgcrypt fixes the following issues:
- CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).
ImportantSUSE bug 1187212CVE-2021-33560 at SUSECVE-2021-33560 at NVDcpe:/o:suse:suse-microos:5.0Security update for lua53 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for lua53 fixes the following issues:
Update to version 5.3.6:
- CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
- CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
- Long brackets with a huge number of '=' overflow some internal buffer arithmetic.
ModerateSUSE bug 1175448SUSE bug 1175449CVE-2020-24370 at SUSECVE-2020-24370 at NVDCVE-2020-24371 at SUSECVE-2020-24371 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes in kernel memory (bsc#1186484).
- CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to writing an arbitrary values. (bsc#1186111)
- CVE-2020-26139: Fixed a denial-of-service when an Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. (bnc#1186062)
- CVE-2021-23134: A Use After Free vulnerability in nfc sockets allowed local attackers to elevate their privileges. (bnc#1186060)
- CVE-2021-3491: Fixed a potential heap overflow in mem_rw(). This vulnerability is related to the PROVIDE_BUFFERS operation, which allowed the MAX_RW_COUNT limit to be bypassed (bsc#1185642).
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611).
- CVE-2020-24586: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances this can be abused to inject arbitrary network packets and/or exfiltrate user data (bnc#1185859).
- CVE-2020-24587: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed (bnc#1185859 bnc#1185862).
- CVE-2020-26147: The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments, even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used (bnc#1185859).
- CVE-2020-24588: The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (bnc#1185861)
- CVE-2020-26145: An issue was discovered with Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (bnc#1185860)
- CVE-2020-26141: An issue was discovered in the ALFA driver for AWUS036H, where the Message Integrity Check (authenticity) of fragmented TKIP frames was not verified. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol. (bnc#1185987)
The following non-security bugs were fixed:
- ACPI / hotplug / PCI: Fix reference count leak in enable_slot() (git-fixes).
- ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
- ALSA: bebob: enable to deliver MIDI messages for multiple ports (git-fixes).
- ALSA: dice: fix stream format at middle sampling rate for Alesis iO 26 (git-fixes).
- ALSA: dice: fix stream format for TC Electronic Konnekt Live at high sampling transfer frequency (git-fixes).
- ALSA: firewire-lib: fix calculation for size of IR context payload (git-fixes).
- ALSA: firewire-lib: fix check for the size of isochronous packet payload (git-fixes).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable (git-fixes).
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
- ALSA: hda/realtek: Headphone volume is controlled by Front mixer (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).
- ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP (git-fixes).
- ALSA: hdsp: do not disable if not enabled (git-fixes).
- ALSA: hdspm: do not disable if not enabled (git-fixes).
- ALSA: intel8x0: Do not update period unless prepared (git-fixes).
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: rme9652: do not disable if not enabled (git-fixes).
- ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
- ALSA: usb-audio: fix control-request direction (git-fixes).
- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci (git-fixes).
- ALSA: usb-audio: scarlett2: Improve driver startup messages (git-fixes).
- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create() can be static (git-fixes).
- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus T100TAF (git-fixes).
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- ASoC: rsnd: call rsnd_ssi_master_clk_start() from rsnd_ssi_init() (git-fixes).
- ASoC: rsnd: core: Check convert rate in rsnd_hw_params (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
- Bluetooth: check for zapped sk before connecting (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
- Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM (git-fixes).
- Drivers: hv: vmbus: Increase wait time for VMbus unload (bsc#1185725).
- Drivers: hv: vmbus: Initialize unload_event statically (bsc#1185725).
- Drivers: hv: vmbus: Use after free in __vmbus_open() (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).
- Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).
- KVM: s390: fix guarded storage control register handling (bsc#1133021).
- Move upstreamed media fixes into sorted section
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
- PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
- PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
- PCI: Release OF node in pci_scan_device()'s error path (git-fixes).
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc() (git-fixes).
- PCI: thunder: Fix compile testing (git-fixes).
- PM / devfreq: Use more accurate returned new_freq as resume_freq (git-fixes).
- RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/hns: Delete redundant abnormal interrupt status (git-fixes).
- RDMA/hns: Delete redundant condition judgment related to eq (git-fixes).
- RDMA/qedr: Fix error return code in qedr_iw_connect() (jsc#SLE-8215).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv() (git-fixes).
- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
- USB: serial: pl2303: fix line-speed handling on newer chips (bsc#1186320).
- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- amdgpu: avoid incorrect %hu format string (git-fixes).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes).
- arm64: avoid -Woverride-init warning (git-fixes).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
- arm64: kexec_file: fix memory leakage in create_dtb() when fdt_open_into() fails (git-fixes).
- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
- arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter() (git-fixes).
- arm64: vdso32: make vdso32 install conditional (git-fixes).
- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
- blk-iocost: ioc_pd_free() shouldn't assume irq disabled (git-fixes).
- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
- block/genhd: use atomic_t for disk_event->block (bsc#1185497).
- block: Fix three kernel-doc warnings (git-fixes).
- block: fix get_max_io_size() (git-fixes).
- bnxt_en: Fix RX consumer index logic in the error path (git-fixes).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp() (git-fixes).
- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1155518).
- bpf: Fix masking negation logic upon negative dst register (bsc#1155518).
- btrfs: fix race between transaction aborts and fsyncs leading to use-after-free (bsc#1186441).
- btrfs: fix race when picking most recent mod log operation for an old root (bsc#1186439).
- cdc-wdm: untangle a circular dependency between callback and softint (git-fixes).
- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom (git-fixes).
- cdrom: gdrom: initialize global variable at init time (git-fixes).
- ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
- ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
- ceph: fix up error handling with snapdirs (bsc#1186501).
- ceph: only check pool permissions for regular files (bsc#1186501).
- cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error return (git-fixes).
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (bsc#1185758).
- crypto: api - check for ERR pointers in crypto_destroy_tfm() (git-fixes).
- crypto: mips/poly1305 - enable for all MIPS processors (git-fixes).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init (git-fixes).
- crypto: qat - Fix a double free in adf_create_ring (git-fixes).
- crypto: qat - do not release uninitialized resources (git-fixes).
- crypto: qat - fix error path in adf_isr_resource_alloc() (git-fixes).
- crypto: qat - fix unmap invalid dma address (git-fixes).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c (git-fixes).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c (git-fixes).
- cxgb4: Fix unintentional sign extension issues (git-fixes).
- dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
- dmaengine: dw-edma: Fix crash on loading/unloading driver (git-fixes).
- docs: kernel-parameters: Add gpio_mockup_named_lines (git-fixes).
- docs: kernel-parameters: Move gpio-mockup for alphabetic order (git-fixes).
- drivers: hv: Fix whitespace errors (bsc#1185725).
- drm/amd/display: Fix UBSAN warning for not a valid value for type '_Bool' (git-fixes).
- drm/amd/display: Fix two cursor duplication when using overlay (git-fixes).
- drm/amd/display: Force vsync flip when reconfiguring MPCC (git-fixes).
- drm/amd/display: Reject non-zero src_y and src_x for video planes (git-fixes).
- drm/amd/display: fix dml prefetch validation (git-fixes).
- drm/amd/display: fixed divide by zero kernel crash during dsc enablement (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute hang (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/amdgpu: mask the xgmi number of hops reported from psp to kfd (git-fixes).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash bug (git-fixes).
- drm/i915: Avoid div-by-zero on gen2 (git-fixes).
- drm/meson: fix shutdown crash when component not probed (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
- drm/msm/mdp5: Do not multiply vclk line count by 100 (git-fixes).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).
- drm/radeon: Avoid power table parsing memory leaks (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
- drm/vkms: fix misuse of WARN_ON (git-fixes).
- drm: Added orientation quirk for OneGX1 Pro (git-fixes).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit (git-fixes).
- extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).
- extcon: arizona: Fix various races on driver unbind (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- firmware: arm_scpi: Prevent the ternary sign expansion bug (git-fixes).
- fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
- ftrace: Handle commands when closing set_ftrace_filter file (git-fixes).
- futex: Change utime parameter to be 'const ... *' (git-fixes).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI (bsc#1164648).
- futex: Get rid of the val2 conditional dance (git-fixes).
- futex: Make syscall entry points less convoluted (git-fixes).
- genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703 ltc#192641).
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).
- hrtimer: Update softirq_expires_next correctly after (git-fixes)
- hwmon: (occ) Fix poll rate limiting (git-fixes).
- i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
- i2c: bail out early when RDWR parameters are wrong (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E (git-fixes).
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters (git-fixes).
- i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
- i40e: fix broken XDP support (git-fixes).
- i40e: fix the restart auto-negotiation after FEC modified (git-fixes).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938 ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvnic: remove default label from to_string switch (bsc#1152457 ltc#174432 git-fixes).
- ics932s401: fix broken handling of errors when word reading fails (git-fixes).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error (git-fixes).
- iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers (git-fixes).
- iio: adc: ad7768-1: Fix too small buffer passed to iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
- iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past its expiry (bsc#1185988).
- ipmi/watchdog: Stop watchdog timer when the current action is 'none' (bsc#1184855).
- kernel-docs.spec.in: Build using an utf-8 locale. Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).
- locking/seqlock: Tweak DEFINE_SEQLOCK() kernel doc (bsc#1176564 bsc#1162702).
- lpfc: Decouple port_template and vport_template (bsc#185032).
- mac80211: clear the beacon's CRC after channel switch (git-fixes).
- md-cluster: fix use-after-free issue when removing rdev (bsc#1184082).
- md/raid1: properly indicate failure when ending a failed write request (bsc#1185680).
- md: do not flush workqueue unconditionally in md_open (bsc#1184081).
- md: factor out a mddev_find_locked helper from mddev_find (bsc#1184081).
- md: md_open returns -EBUSY when entering racing area (bsc#1184081).
- md: split mddev_find (bsc#1184081).
- media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency on GPIOLIB (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
- media: em28xx: fix memory leak (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: i2c: adv7511-v4l2: fix possible use-after-free in adv7511_remove() (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).
- media: i2c: tda1997: Fix possible use-after-free in tda1997x_remove() (git-fixes).
- media: imx: capture: Return -EPIPE from __capture_legacy_try_fmt() (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).
- media: platform: sti: Fix runtime PM imbalance in regs_show (git-fixes).
- media: tc358743: fix possible use-after-free in tc358743_remove() (git-fixes).
- mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- mlxsw: spectrum_mr: Update egress RIF list before route's action (git-fixes).
- mm: memcontrol: fix cpuhotplug statistics flushing (bsc#1185606).
- mmc: block: Update ext_csd.cache_ctrl if it was written (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).
- mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel BYT-based controllers (git-fixes).
- mmc: sdhci: Check for reset prior to DMA address unmap (git-fixes).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC (git-fixes).
- net: enetc: fix link error again (git-fixes).
- net: hns3: Fix for geneve tx checksum bug (git-fixes).
- net: hns3: add check for HNS3_NIC_STATE_INITED in hns3_reset_notify_up_enet() (git-fixes).
- net: hns3: clear unnecessary reset request in hclge_reset_rebuild (git-fixes).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy (git-fixes).
- net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
- net: hns3: fix incorrect configuration for igu_egu_hw_err (git-fixes).
- net: hns3: initialize the message content in hclge_get_link_mode() (git-fixes).
- net: hns3: use netif_tx_disable to stop the transmit queue (git-fixes).
- net: thunderx: Fix unintentional sign extension issue (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- net: xfrm: Localize sequence counter per network namespace (bsc#1185696).
- net: xfrm: Use sequence counter with associated spinlock (bsc#1185696).
- netdevice: Add missing IFF_PHONY_HEADROOM self-definition (git-fixes).
- netfilter: conntrack: add new sysctl to disable RST check (bsc#1183947 bsc#1185950).
- netfilter: conntrack: avoid misleading 'invalid' in log message (bsc#1183947 bsc#1185950).
- netfilter: conntrack: improve RST handling when tuple is re-used (bsc#1183947 bsc#1185950).
- nvme-core: add cancel tagset helpers (bsc#1183976).
- nvme-fabrics: decode host pathing error for connect (bsc#1179827).
- nvme-fc: check sgl supported by target (bsc#1179827).
- nvme-fc: clear q_live at beginning of association teardown (bsc#1186479).
- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted (bsc#1184259).
- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange() (bsc#1184259).
- nvme-fc: short-circuit reconnect retries (bsc#1179827).
- nvme-multipath: fix double initialization of ANA state (bsc#1178612, bsc#1184259).
- nvme-multipath: reset bdev to ns head when failover (bsc#178378 bsc#1182999).
- nvme-pci: Remove tag from process cq (git-fixes).
- nvme-pci: Remove two-pass completions (git-fixes).
- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
- nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
- nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll() (git-fixes).
- nvme-pci: dma read memory barrier for completions (git-fixes).
- nvme-pci: fix 'slimmer CQ head update' (git-fixes).
- nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
- nvme-pci: remove last_sq_tail (git-fixes).
- nvme-pci: remove volatile cqes (git-fixes).
- nvme-pci: slimmer CQ head update (git-fixes).
- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
- nvme-tcp: Fix possible race of io_work and direct send (git-fixes).
- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
- nvme-tcp: add clean action for failed reconnection (bsc#1183976).
- nvme-tcp: fix kconfig dependency warning when !CRYPTO (git-fixes).
- nvme-tcp: fix misuse of __smp_processor_id with preemption (git-fixes).
- nvme-tcp: fix possible hang waiting for icresp response (bsc#1179519).
- nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
- nvme: Fix NULL dereference for pci nvme controllers (bsc#1182378).
- nvme: add 'kato' sysfs attribute (bsc#1179825).
- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request() (bsc#1184259).
- nvme: define constants for identification values (git-fixes).
- nvme: do not intialize hwmon for discovery controllers (bsc#1184259).
- nvme: do not intialize hwmon for discovery controllers (git-fixes).
- nvme: document nvme controller states (git-fixes).
- nvme: explicitly update mpath disk capacity on revalidation (git-fixes).
- nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs (bsc#1182378).
- nvme: fix controller instance leak (git-fixes).
- nvme: fix deadlock in disconnect during scan_work and/or ana_work (git-fixes).
- nvme: fix possible deadlock when I/O is blocked (git-fixes).
- nvme: remove superfluous else in nvme_ctrl_loss_tmo_store (bsc#1182378).
- nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
- nvme: sanitize KATO setting (bsc#1179825).
- nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
- nvmet: fix a memory leak (git-fixes).
- nvmet: seset ns->file when open fails (bsc#1183873).
- nvmet: use new ana_log_size instead the old one (bsc#1184259).
- nxp-i2c: restore includes for kABI (bsc#1185589).
- nxp-nci: add NXP1002 id (bsc#1185589).
- phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).
- pinctrl: ingenic: Improve unreachable code generation (git-fixes).
- pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
- platform/x86: intel_pmc_core: Do not use global pmcdev in quirks (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
- posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
- power: supply: Use IRQF_ONESHOT (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).
- power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).
- powerpc/64s: Fix crashes when toggling entry flush barrier (bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
- qtnfmac: Fix possible buffer overflow in qtnf_event_handle_external_auth (git-fixes).
- rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
- s390/dasd: fix hanging DASD driver unbind (bsc#1183932 LTC#192153).
- s390/entry: save the caller of psw_idle (bsc#1185677).
- s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
- sched/eas: Do not update misfit status if the task is pinned (git-fixes)
- sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- scripts/git_sort/git_sort.py: add bpf git repo
- scsi: core: Run queue in case of I/O resource contention failure (bsc#1186416).
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io() (bsc#1179851).
- scsi: libfc: Avoid invoking response handler twice if ep is already completed (bsc#1186573).
- scsi: lpfc: Add a option to enable interlocked ABTS before job completion (bsc#1186451).
- scsi: lpfc: Add ndlp kref accounting for resume RPI path (bsc#1186451).
- scsi: lpfc: Fix 'Unexpected timeout' error in direct attach topology (bsc#1186451).
- scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs (bsc#1186451).
- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox command (bsc#1186451).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to initialize the SGLs (bsc#1186451).
- scsi: lpfc: Fix node handling for Fabric Controller and Domain Controller (bsc#1186451).
- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created (bsc#1186451).
- scsi: lpfc: Ignore GID-FT response that may be received after a link flip (bsc#1186451).
- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from fabric controller (bsc#1186451).
- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
- sctp: delay auto_asconf init until binding the first addr
- seqlock,lockdep: Fix seqcount_latch_init() (bsc#1176564 bsc#1162702).
- serial: core: fix suspicious security_locked_down() call (git-fixes).
- serial: core: return early on unsupported ioctls (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- serial: stm32: fix tx_empty condition (git-fixes).
- serial: tegra: Fix a mask operation that is always true (git-fixes).
- smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
- spi: ath79: always call chipselect function (git-fixes).
- spi: ath79: remove spi-master setup and cleanup assignment (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
- tcp: fix to update snd_wl1 in bulk receiver fast path
- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable 'val' (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).
- tracing: Map all PIDs to command lines (git-fixes).
- tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
- tty: fix memory leak in vc_deallocate (git-fixes).
- tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
- tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc (git-fixes).
- uio_hv_generic: Fix a memory leak in error handling paths (git-fixes).
- uio_hv_generic: Fix another memory leak in error handling paths (git-fixes).
- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
- usb: core: hub: Fix PM reference leak in usb_port_resume() (git-fixes).
- usb: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
- usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
- usb: dwc3: gadget: Enable suspend events (git-fixes).
- usb: dwc3: gadget: Return success always for kick transfer in ep queue (git-fixes).
- usb: dwc3: omap: improve extcon initialization (git-fixes).
- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel Merrifield (git-fixes).
- usb: fotg210-hcd: Fix an error message (git-fixes).
- usb: gadget/function/f_fs string table fix for multiple languages (git-fixes).
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
- usb: gadget: f_uac1: validate input parameters (git-fixes).
- usb: gadget: f_uac2: validate input parameters (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (git-fixes).
- usb: gadget: uvc: add bInterval checking for HS mode (git-fixes).
- usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
- usb: sl811-hcd: improve misleading indentation (git-fixes).
- usb: webcam: Invalid size of Processing Unit Descriptor (git-fixes).
- usb: xhci: Fix port minor revision (git-fixes).
- usb: xhci: Increase timeout for HC halt (git-fixes).
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
- vrf: fix a comment about loopback device (git-fixes).
- watchdog/softlockup: Remove obsolete check of last reported task (bsc#1185982).
- watchdog/softlockup: report the overall time of softlockups (bsc#1185982).
- watchdog: explicitly update timestamp when reporting softlockup (bsc#1185982).
- watchdog: rename __touch_watchdog() to a better descriptive name (bsc#1185982).
- whitespace cleanup
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
- workqueue: Minor follow-ups to the rescuer destruction change (bsc#1185911).
- workqueue: more destroy_workqueue() fixes (bsc#1185911).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1152489).
- xhci: Do not use GFP_KERNEL in (potentially) atomic context (git-fixes).
- xhci: check control context is valid before dereferencing it (git-fixes).
- xhci: fix potential array out of bounds with several interrupters (git-fixes).
- xsk: Respect device's headroom and tailroom on generic xmit path (git-fixes).
ImportantSUSE bug 1087082SUSE bug 1133021SUSE bug 1152457SUSE bug 1152489SUSE bug 1155518SUSE bug 1156395SUSE bug 1162702SUSE bug 1164648SUSE bug 1176564SUSE bug 1177666SUSE bug 1178418SUSE bug 1178612SUSE bug 1179827SUSE bug 1179851SUSE bug 1182378SUSE bug 1182999SUSE bug 1183346SUSE bug 1183868SUSE bug 1183873SUSE bug 1183932SUSE bug 1183947SUSE bug 1184081SUSE bug 1184082SUSE bug 1184611SUSE bug 1184855SUSE bug 1185428SUSE bug 1185497SUSE bug 1185589SUSE bug 1185606SUSE bug 1185645SUSE bug 1185677SUSE bug 1185680SUSE bug 1185696SUSE bug 1185703SUSE bug 1185725SUSE bug 1185758SUSE bug 1185859SUSE bug 1185861SUSE bug 1185863SUSE bug 1185898SUSE bug 1185899SUSE bug 1185911SUSE bug 1185938SUSE bug 1185987SUSE bug 1185988SUSE bug 1186061SUSE bug 1186285SUSE bug 1186320SUSE bug 1186439SUSE bug 1186441SUSE bug 1186460SUSE bug 1186498SUSE bug 1186501SUSE bug 1186573CVE-2020-24586 at SUSECVE-2020-24586 at NVDCVE-2020-24587 at SUSECVE-2020-24587 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26139 at SUSECVE-2020-26139 at NVDCVE-2020-26141 at SUSECVE-2020-26141 at NVDCVE-2020-26145 at SUSECVE-2020-26145 at NVDCVE-2020-26147 at SUSECVE-2020-26147 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-33034 at SUSECVE-2021-33034 at NVDCVE-2021-33200 at SUSECVE-2021-33200 at NVDCVE-2021-3491 at SUSECVE-2021-3491 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981)
- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010)
- CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990)
Non-security issues fixed:
- Fix testsuite error (bsc#1184574)
- Fix qemu crash with iothread when block commit after snapshot (bsc#1187013)
- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)
- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)
ModerateSUSE bug 1184574SUSE bug 1185591SUSE bug 1185981SUSE bug 1185990SUSE bug 1186010SUSE bug 1187013CVE-2021-3544 at SUSECVE-2021-3544 at NVDCVE-2021-3545 at SUSECVE-2021-3545 at NVDCVE-2021-3546 at SUSECVE-2021-3546 at NVDcpe:/o:suse:suse-microos:5.0Security update for dbus-1 (Important)SUSE Linux Enterprise Micro 5.0
This update for dbus-1 fixes the following issues:
- CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)
ImportantSUSE bug 1187105CVE-2020-35512 at SUSECVE-2020-35512 at NVDcpe:/o:suse:suse-microos:5.0Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.0
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener
optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in
isAuxiliaryVtabOperator (bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer
dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference
(bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with
a shadow table name (bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated
columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views
in conjunction with ALTER TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column,
which allows attackers to cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a
sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)
ImportantSUSE bug 1157818SUSE bug 1158812SUSE bug 1158958SUSE bug 1158959SUSE bug 1158960SUSE bug 1159491SUSE bug 1159715SUSE bug 1159847SUSE bug 1159850SUSE bug 1160309SUSE bug 1160438SUSE bug 1160439SUSE bug 1164719SUSE bug 1172091SUSE bug 1172115SUSE bug 1172234SUSE bug 1172236SUSE bug 1172240SUSE bug 1173641SUSE bug 928700SUSE bug 928701CVE-2015-3414 at SUSECVE-2015-3414 at NVDCVE-2015-3415 at SUSECVE-2015-3415 at NVDCVE-2019-19244 at SUSECVE-2019-19244 at NVDCVE-2019-19317 at SUSECVE-2019-19317 at NVDCVE-2019-19603 at SUSECVE-2019-19603 at NVDCVE-2019-19645 at SUSECVE-2019-19645 at NVDCVE-2019-19646 at SUSECVE-2019-19646 at NVDCVE-2019-19880 at SUSECVE-2019-19880 at NVDCVE-2019-19923 at SUSECVE-2019-19923 at NVDCVE-2019-19924 at SUSECVE-2019-19924 at NVDCVE-2019-19925 at SUSECVE-2019-19925 at NVDCVE-2019-19926 at SUSECVE-2019-19926 at NVDCVE-2019-19959 at SUSECVE-2019-19959 at NVDCVE-2019-20218 at SUSECVE-2019-20218 at NVDCVE-2020-13434 at SUSECVE-2020-13434 at NVDCVE-2020-13435 at SUSECVE-2020-13435 at NVDCVE-2020-13630 at SUSECVE-2020-13630 at NVDCVE-2020-13631 at SUSECVE-2020-13631 at NVDCVE-2020-13632 at SUSECVE-2020-13632 at NVDCVE-2020-15358 at SUSECVE-2020-15358 at NVDCVE-2020-9327 at SUSECVE-2020-9327 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666)
- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)
- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)
- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)
- CVE-2021-0129: Fixed improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463).
- CVE-2020-36385: Fixed a use-after-free via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050).
- CVE-2020-26558: Fixed Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 (bnc#1179610, bnc#1186463).
- CVE-2020-36386: Fixed an out-of-bounds read issue in hci_extended_inquiry_result_evt (bnc#1187038).
The following non-security bugs were fixed:
- acpica: Clean up context mutex during object deletion (git-fixes).
- alsa: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes).
- alsa: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
- alsa: timer: Fix master timer notification (git-fixes).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- arch: Add arch-dependent support markers in supported.conf (bsc#1186672)
- arch: Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195).
- block: Discard page cache of zone reset target range (bsc#1187402).
- block: return the correct bvec when checking for gaps (bsc#1187143).
- block: return the correct bvec when checking for gaps (bsc#1187144).
- bluetooth: fix the erroneous flush_work() order (git-fixes).
- bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274).
- bpfilter: Specify the log level for the kmsg message (bsc#1155518).
- brcmfmac: properly check for bus register errors (git-fixes).
- btrfs: open device without device_list_mutex (bsc#1176771).
- bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes).
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927).
- cfg80211: avoid double free of PMSR request (git-fixes).
- cfg80211: make certificate generation more robust (git-fixes).
- cgroup1: do not allow '\n' in renaming (bsc#1187972).
- char: hpet: add checks after calling ioremap (git-fixes).
- CPU: Startup failed when SNC (sub-numa cluster) is enabled with 3 NIC add-on cards installed (bsc#1187263).
- cxgb4: avoid accessing registers when clearing filters (git-fixes).
- cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389).
- cxgb4: fix wrong shift (git-fixes).
- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).
- dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).
- drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes).
- drm/amd/amdgpu: fix refcount leak (git-fixes).
- drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
- drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
- drm/amdgpu: Fix a use-after-free (git-fixes).
- drm/amdgpu: make sure we unpin the UVD BO (git-fixes).
- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
- efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408).
- ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
- fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
- fs: fix reporting supported extra file attributes for statx() (bsc#1187410).
- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
- fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
- gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes).
- gpu: Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691)
- gve: Add NULL pointer checks when freeing irqs (git-fixes).
- gve: Correct SKB queue index validation (git-fixes).
- gve: Upgrade memory barrier in poll routine (git-fixes).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: hid-input: add mapping for emoji picker key (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).
- HID: i2c-hid: fix format string mismatch (git-fixes).
- HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes).
- HID: magicmouse: fix NULL-deref on disconnect (git-fixes).
- HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes).
- HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).
- hwmon: (dell-smm-hwmon) Fix index values (git-fixes).
- hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes).
- ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
- ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926).
- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes).
- isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes).
- ixgbe: fix large MTU request from VF (git-fixes).
- kABI workaround for struct lis3lv02d change (git-fixes).
- kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does.
- kernel-binary.spec.in: build-id check requires elfutils.
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script
- kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes).
- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867).
- kthread_worker: split code for canceling the delayed work timer (bsc#1187867).
- kyber: fix out of bounds access when preempted (bsc#1187403).
- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
- libertas: register sysfs groups properly (git-fixes).
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes).
- md: Fix missing unused status line of /proc/mdstat (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- media: mtk-mdp: Check return value of of_clk_get (git-fixes).
- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
- media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).
- mei: request autosuspend after sending rx flow control (git-fixes).
- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
- module: limit enabling module.sig_enforce (git-fixes).
- net/mlx4: Fix EEPROM dump support (git-fixes).
- net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
- net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464).
- net/mlx5: Fix PBMC register mapping (git-fixes).
- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
- net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).
- net/mlx5e: Fix multipath lag activation (git-fixes).
- net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes).
- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
- net/x25: Return the correct errno code (git-fixes).
- net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
- net: fix iteration for sctp transport seq_files (git-fixes).
- net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes).
- net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353).
- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes).
- NFC: SUSE specific brutal fix for runtime PM (bsc#1185589).
- NFS: Deal correctly with attribute generation counter overflow (git-fixes).
- NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes).
- NFS: Do not discard pNFS layout segments that are marked for return (git-fixes).
- NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes).
- NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes).
- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
- NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
- nfsd: register pernet ops last, unregister first (git-fixes).
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
- NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
- NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes).
- NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes).
- NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes).
- NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes).
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes).
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- PCI/LINK: Remove bandwidth notification (bsc#1183712).
- PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685).
- pid: take a reference when initializing `cad_pid` (bsc#1152489).
- platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes).
- platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes).
- PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
- qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes).
- regulator: core: resolve supply for boot-on/always-on regulators (git-fixes).
- regulator: max77620: Use device_set_of_node_from_dev() (git-fixes).
- Revert 'ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()' (git-fixes).
- Revert 'brcmfmac: add a check for the status of usb_register' (git-fixes).
- Revert 'char: hpet: fix a missing check of ioremap' (git-fixes).
- Revert 'char: hpet: fix a missing check of ioremap' (git-fixes).
- Revert 'dmaengine: qcom_hidma: Check for driver register failure' (git-fixes).
- Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413).
- Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041).
- Revert 'isdn: mISDN: Fix potential NULL pointer dereference of kzalloc' (git-fixes).
- Revert 'isdn: mISDNinfineon: fix potential NULL pointer dereference' (git-fixes).
- Revert 'libertas: add checks for the return value of sysfs_create_group' (git-fixes).
- Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes).
- Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes).
- Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes).
- Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes).
- Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes).
- Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes).
- Revert 'media: usb: gspca: add a missed check for goto_low_power' (git-fixes).
- Revert 'net: liquidio: fix a NULL pointer dereference' (git-fixes).
- Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes).
- Revert 'qlcnic: Avoid potential NULL pointer dereference' (git-fixes).
- Revert 'scsi: core: run queue if SCSI device queue isn't ready and queue is idle' (bsc#1186949).
- Revert 'serial: max310x: pass return value of spi_register_driver' (git-fixes).
- Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes).
- Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489)
- rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796)
- rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
- rpm/split-modules: Avoid errors even if Module.* are not present
- s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).
- sched/debug: Fix cgroup_path[] serialization (git-fixes)
- sched/fair: Keep load_avg and load_sum synced (git-fixes)
- scsi: aacraid: Fix an oops in error handling (bsc#1187072).
- scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950).
- scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951).
- scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952).
- scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953).
- scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067).
- scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954).
- scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186955).
- scsi: bnx2i: Requires MMU (bsc#1186956).
- scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883).
- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957).
- scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958).
- scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959).
- scsi: cxgb4i: Fix TLS dependency (bsc#1186960).
- scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962).
- scsi: hisi_sas: Fix IRQ checks (bsc#1186963).
- scsi: hisi_sas: Remove preemptible() (bsc#1186964).
- scsi: jazz_esp: Add IRQ check (bsc#1186965).
- scsi: libfc: Fix enum-conversion warning (bsc#1186966).
- scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967).
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068).
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968).
- scsi: lpfc: Fix ancient double free (bsc#1186969).
- scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1186970).
- scsi: megaraid_sas: Clear affinity hint (bsc#1186971).
- scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973).
- scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974).
- scsi: mesh: Fix panic after host or bus reset (bsc#1186976).
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978).
- scsi: mpt3sas: Fix ioctl timeout (bsc#1186979).
- scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980).
- scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981).
- scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982).
- scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984).
- scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985).
- scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
- scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986).
- scsi: qla4xxx: Remove in_interrupt() (bsc#1186987).
- scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
- scsi: sd: Fix Opal support (bsc#1186989).
- scsi: sni_53c710: Add IRQ check (bsc#1186990).
- scsi: sun3x_esp: Add IRQ check (bsc#1186991).
- scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002).
- scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992).
- scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993).
- scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994).
- scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995).
- scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996).
- scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997).
- scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).
- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
- scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998).
- scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000).
- scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069).
- scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001).
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003).
- scsi: ufshcd: use an enum for quirks (bsc#1186999).
- serial: max310x: unregister uart driver in case of failure and abort (git-fixes).
- serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes).
- spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes).
- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes).
- staging: rtl8723bs: Fix uninitialized variables (git-fixes).
- sunrpc: fix refcount leak for rpc auth modules (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- SUNRPC: Move fault injection call sites (git-fixes).
- SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes).
- svcrdma: disable timeouts on rdma backchannel (git-fixes).
- thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
- tracing: Correct the length check which causes memory corruption (git-fixes).
- tracing: Do no increment trace_clock_global() by one (git-fixes).
- tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
- tracing: Do not stop recording comms if the trace file is being read (git-fixes).
- tracing: Restructure trace_clock_global() to never block (git-fixes).
- ttyprintk: Add TTY hangup callback (git-fixes).
- usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
- usb: core: reduce power-on-good delay time of root hub (git-fixes).
- usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
- usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
- usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
- usb: dwc3: ep0: fix NULL pointer exception (git-fixes).
- USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes).
- usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
- usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
- usb: fix various gadget panics on 10gbps cabling (git-fixes).
- usb: fix various gadget panics on 10gbps cabling (git-fixes).
- usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes).
- usb: gadget: eem: fix wrong eem header operation (git-fixes).
- usb: gadget: eem: fix wrong eem header operation (git-fixes).
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
- USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes).
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes).
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
- USB: serial: quatech2: fix control-request directions (git-fixes).
- USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
- usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes).
- usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes).
- usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes).
- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes).
- usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes).
- USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes).
- vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
- vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
- vfio/platform: fix module_put call in error flow (git-fixes).
- video: hgafb: correctly handle card detect failure during probe (git-fixes).
- video: hgafb: fix potential NULL pointer dereference (git-fixes).
- vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes).
- vrf: fix maximum MTU (git-fixes).
- vsock/vmci: log once the failed queue pair allocation (git-fixes).
- wireguard: allowedips: initialize list head in selftest (git-fixes).
- wireguard: do not use -O3 (git-fixes).
- wireguard: peer: allocate in kmem_cache (git-fixes).
- wireguard: peer: put frequently used members above cache lines (git-fixes).
- wireguard: queueing: get rid of per-peer ring buffers (git-fixes).
- wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes).
- wireguard: selftests: remove old conntrack kconfig value (git-fixes).
- wireguard: use synchronize_net rather than synchronize_rcu (git-fixes).
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489).
- x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489).
- x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489).
- x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).
- x86: fix seq_file iteration for pat.c (git-fixes).
- xen-blkback: fix compatibility bug with single page rings (git-fixes).
- xen-pciback: reconfigure also from backend watch handler (git-fixes).
- xen-pciback: redo VF placement in the virtual topology (git-fixes).
- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675).
- xprtrdma: Avoid Receive Queue wrapping (git-fixes).
- xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes).
ImportantSUSE bug 1152489SUSE bug 1153274SUSE bug 1154353SUSE bug 1155518SUSE bug 1164648SUSE bug 1174978SUSE bug 1176771SUSE bug 1179610SUSE bug 1182470SUSE bug 1183712SUSE bug 1184212SUSE bug 1184685SUSE bug 1185195SUSE bug 1185486SUSE bug 1185589SUSE bug 1185675SUSE bug 1185677SUSE bug 1185701SUSE bug 1186206SUSE bug 1186463SUSE bug 1186666SUSE bug 1186672SUSE bug 1186752SUSE bug 1186949SUSE bug 1186950SUSE bug 1186951SUSE bug 1186952SUSE bug 1186953SUSE bug 1186954SUSE bug 1186955SUSE bug 1186956SUSE bug 1186957SUSE bug 1186958SUSE bug 1186959SUSE bug 1186960SUSE bug 1186961SUSE bug 1186962SUSE bug 1186963SUSE bug 1186964SUSE bug 1186965SUSE bug 1186966SUSE bug 1186967SUSE bug 1186968SUSE bug 1186969SUSE bug 1186970SUSE bug 1186971SUSE bug 1186972SUSE bug 1186973SUSE bug 1186974SUSE bug 1186976SUSE bug 1186977SUSE bug 1186978SUSE bug 1186979SUSE bug 1186980SUSE bug 1186981SUSE bug 1186982SUSE bug 1186983SUSE bug 1186984SUSE bug 1186985SUSE bug 1186986SUSE bug 1186987SUSE bug 1186988SUSE bug 1186989SUSE bug 1186990SUSE bug 1186991SUSE bug 1186992SUSE bug 1186993SUSE bug 1186994SUSE bug 1186995SUSE bug 1186996SUSE bug 1186997SUSE bug 1186998SUSE bug 1186999SUSE bug 1187000SUSE bug 1187001SUSE bug 1187002SUSE bug 1187003SUSE bug 1187038SUSE bug 1187050SUSE bug 1187067SUSE bug 1187068SUSE bug 1187069SUSE bug 1187072SUSE bug 1187143SUSE bug 1187144SUSE bug 1187171SUSE bug 1187263SUSE bug 1187356SUSE bug 1187402SUSE bug 1187403SUSE bug 1187404SUSE bug 1187407SUSE bug 1187408SUSE bug 1187409SUSE bug 1187410SUSE bug 1187411SUSE bug 1187412SUSE bug 1187413SUSE bug 1187452SUSE bug 1187554SUSE bug 1187595SUSE bug 1187601SUSE bug 1187795SUSE bug 1187867SUSE bug 1187883SUSE bug 1187886SUSE bug 1187927SUSE bug 1187972SUSE bug 1187980CVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-36385 at SUSECVE-2020-36385 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDCVE-2021-3573 at SUSECVE-2021-3573 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)
- CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM subsystem, related to an xfrm_state_fini panic. (bsc#1187049)
- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)
- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)
- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing. (bsc#1179610)
- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)
- CVE-2021-0129: Fixed an improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access. (bsc#1186463)
- CVE-2020-36386: Fixed an out-of-bounds read in hci_extended_inquiry_result_evt. (bsc#1187038)
- CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets. (bsc#1185861)
The following non-security bugs were fixed:
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue (git-fixes).
- ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer (git-fixes).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
- ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287 (git-fixes).
- ALSA: hdsp: do not disable if not enabled (git-fixes).
- ALSA: hdspm: do not disable if not enabled (git-fixes).
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: rme9652: do not disable if not enabled (git-fixes).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
- ALSA: timer: Fix master timer notification (git-fixes).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453).
- blk-wbt: Fix missed wakeup (bsc#1186627).
- block: Discard page cache of zone reset target range (bsc#1187402).
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are identical (git-fixes).
- Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
- bnxt_en: Fix PCI AER error recovery flow (git-fixes).
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- btrfs: add missing error handling after doing leaf/node binary search (bsc#1187833).
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- btrfs: change insert_dirty_subvol to return errors (bsc#1187833).
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- btrfs: check record_root_in_trans related failures in select_reloc_root (bsc#1187833).
- btrfs: check return value of btrfs_commit_transaction in relocation (bsc#1187833).
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- btrfs: cleanup error handling in prepare_to_merge (bsc#1187833).
- btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833).
- btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#1187833).
- btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#1187833).
- btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#1187833).
- btrfs: do async reclaim for data reservations (bsc#1135481).
- btrfs: do not force commit if we are data (bsc#1135481).
- btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833).
- btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481).
- btrfs: do not panic in __add_reloc_root (bsc#1187833).
- btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833).
- btrfs: do proper error handling in create_reloc_inode (bsc#1187833).
- btrfs: do proper error handling in create_reloc_root (bsc#1187833).
- btrfs: do proper error handling in merge_reloc_roots (bsc#1187833).
- btrfs: do proper error handling in record_reloc_root_in_trans (bsc#1187833).
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#1187833).
- btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833).
- btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees (bsc#1187833).
- btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#1187833).
- btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange (bsc#1187833).
- btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#1187833).
- btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block (bsc#1187833).
- btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#1187833).
- btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833).
- btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#1187833).
- btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#1187833).
- btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#1187833).
- btrfs: handle errors from select_reloc_root() (bsc#1187833).
- btrfs: handle errors in reference count manipulation in replace_path (bsc#1187833).
- btrfs: handle extent corruption with select_one_root properly (bsc#1187833).
- btrfs: handle extent reference errors in do_relocation (bsc#1187833).
- btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans (bsc#1187833).
- btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#1187833).
- btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#1187833).
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833).
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1187833).
- btrfs: remove err variable from do_relocation (bsc#1187833).
- btrfs: remove nr_async_bios (bsc#1135481).
- btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481). Preparation for ticketed data space flushing in btrfs.
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- btrfs: remove the extent item sanity checks in relocate_block_group (bsc#1187833).
- btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833).
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1187833).
- btrfs: unset reloc control if we fail to recover (bsc#1187833).
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- btrfs: use customized batch size for total_bytes_pinned (bsc#1135481). Turns out using the batched percpu api had an effect on timing w.r.t metadata/data reclaim. So backport this patch as well, side effect is it's also bringing the code closer to upstream so future backports shall be made easier.
- btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481). Preparation for introducing ticketed space handling for data space. Due to the sequence of patches, the main patch has embedded in it changes from other patches which remove some unused arguments. This is done to ease backporting itself and shouldn't have any repercussions on functionality.
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- btrfs: use ticketing for data space reservations (bsc#1135481).
- btrfs: validate root::reloc_root after recording root in trans (bsc#1187833).
- can: flexcan: disable completely the ECC mechanism (git-fixes).
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- can: xilinx_can: xcan_chip_start(): fix failure with invalid bus (git-fixes).
- cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
- cgroup1: do not allow '\n' in renaming (bsc#1187972).
- char: hpet: add checks after calling ioremap (git-fixes).
- cpufreq: Add NULL checks to show() and store() methods of cpufreq (bsc#1184040).
- cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bsc#1184040).
- crypto: ccp - Fix a resource leak in an error handling path (12sp5).
- cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#SLE-4681).
- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
- dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).
- drbd: Remove uninitialized_var() usage (bsc#1186515).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770) Backporting changes: * move from driver/video/fbdev/core to driver/video/console * context changes
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f (git-fixes).
- drm/amdgpu: Fix a use-after-free (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/meson: fix shutdown crash when component not probed (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors are connected (git-fixes).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
- efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408).
- ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has been unplugged (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528).
- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055 (git-fixes).
- HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- i2c: s3c2410: fix possible NULL pointer deref on read message after write (git-fixes).
- i2c: sh7760: add IRQ check (git-fixes).
- i2c: sh7760: fix IRQ error path (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- ima: Free IMA measurement buffer after kexec syscall (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated devices (git-fixes).
- Input: silead - add workaround for x86 BIOS-es which bring the chip up in a stuck state (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes).
- ixgbe: fix large MTU request from VF (git-fixes).
- ixgbevf: add correct exception tracing for XDP (bsc#1113994 ).
- kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264).
- kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes).
- kthread_worker: split code for canceling the delayed work timer (bsc#1187867).
- kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867).
- leds: lp5523: check return value of lp5xx_read and jump to cleanup code (git-fixes).
- libertas: register sysfs groups properly (git-fixes).
- mac80211: clear the beacon's CRC after channel switch (git-fixes).
- md: Fix missing unused status line of /proc/mdstat (git-fixes).
- media: adv7604: fix possible use-after-free in adv76xx_remove() (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: em28xx: fix memory leak (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in adv7842_remove() (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory leak bugs (git-fixes).
- mei: request autosuspend after sending rx flow control (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- mlxsw: spectrum: Do not process learned records with a dummy FID (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- mmc: core: Set read only for SD cards with permanent write protect bit (git-fixes).
- Move nfs backports into sorted section
- net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
- net: caif: Fix debugfs on 64-bit platforms (git-fixes).
- net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes).
- net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: fix iteration for sctp transport seq_files (git-fixes).
- net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353).
- net: netcp: Fix an error message (git-fixes).
- net: phy: intel-xway: enable integrated led functions (git-fixes).
- net: qed: RDMA personality shouldn't fail VF load (git-fixes).
- net: stmmac: Correctly take timestamp for PTPv2 (git-fixes).
- net: stmmac: ensure that the device has released ownership before reading data (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- net/smc: remove device from smcd_dev_list after failed device_add() (git-fixes).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes).
- NFC: fix possible resource leak (git-fixes).
- NFC: fix resource leak when target index is invalid (git-fixes).
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- NFS: Deal correctly with attribute generation counter overflow (git-fixes).
- NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes).
- NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes).
- NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes).
- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
- NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
- NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
- NFS: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes).
- NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes).
- NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes).
- NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- NFS: Do not rebind to the same source port when reconnecting to the server (bnc#1186264).
- NFS: fix handling of sr_eof in SEEK's reply (git-fixes).
- NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
- NFS: fix return value of _nfs4_get_security_label() (git-fixes).
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770)
- PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
- phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove() (git-fixes).
- pid: take a reference when initializing `cad_pid` (bsc#1114648).
- pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
- platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free in gab_remove() (git-fixes).
- power: supply: s3c_adc_battery: fix possible use-after-free in s3c_adc_bat_remove() (git-fixes).
- power: supply: Use IRQF_ONESHOT (git-fixes).
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- ravb: fix invalid context bug while calling auto-negotiation by ethtool (git-fixes).
- ravb: fix invalid context bug while changing link options by ethtool (git-fixes).
- RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991).
- Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041).
- Revert 'leds: lp5523: fix a missing check of return value of lp55xx_read' (git-fixes).
- Revert 337f13046ff0 ('futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op') (git-fixes).
- s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).
- scsi: aacraid: Fix an oops in error handling (bsc#1186698).
- scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516).
- scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517).
- scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186518).
- scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186519).
- scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1186699).
- scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520).
- scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521).
- scsi: bnx2i: Requires MMU (bsc#1186522).
- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523).
- scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186524).
- scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525).
- scsi: cxgb4i: Fix TLS dependency (bsc#1186526).
- scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186527).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529).
- scsi: hisi_sas: Fix IRQ checks (bsc#1186530).
- scsi: hisi_sas: Remove preemptible() (bsc#1186638).
- scsi: jazz_esp: Add IRQ check (bsc#1186531).
- scsi: libfc: Fix enum-conversion warning (bsc#1186532).
- scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533).
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700).
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186534).
- scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1186535).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701).
- scsi: mesh: Fix panic after host or bus reset (bsc#1186537).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186538).
- scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539).
- scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186540).
- scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186542).
- scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186543).
- scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186545).
- scsi: qla4xxx: Remove in_interrupt() (bsc#1186546).
- scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186547).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
- scsi: sd: Fix optimal I/O size for devices that change reported values (bsc#1186548).
- scsi: sg: add sg_remove_request in sg_write (bsc#1186635).
- scsi: sni_53c710: Add IRQ check (bsc#1186549).
- scsi: sun3x_esp: Add IRQ check (bsc#1186550).
- scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556).
- scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186551).
- scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186552).
- scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630).
- scsi: ufs: fix ktime_t kabi change (bsc#1187630).
- scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554).
- scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1186555).
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010).
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631).
- serial: max310x: unregister uart driver in case of failure and abort (git-fixes).
- serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
- staging: rtl8723bs: Fix uninitialized variables (git-fixes).
- SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes).
- SUNRPC: fix refcount leak for rpc auth modules (git-fixes).
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- SUNRPC: Move fault injection call sites (git-fixes).
- SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264).
- svcrdma: disable timeouts on rdma backchannel (git-fixes).
- swiotlb: fix 'x86: Do not panic if can not alloc buffer for swiotlb' (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (git-fixes).
- tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
- tracing: Correct the length check which causes memory corruption (git-fixes).
- tracing: Do no increment trace_clock_global() by one (git-fixes).
- tracing: Restructure trace_clock_global() to never block (git-fixes).
- ttyprintk: Add TTY hangup callback (git-fixes).
- ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: cdc-acm: always claim data interface (git-fixes).
- USB: cdc-acm: do not log successful probe on later errors (git-fixes).
- USB: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
- USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
- USB: dwc3: omap: improve extcon initialization (git-fixes).
- USB: fotg210-hcd: Fix an error message (git-fixes).
- USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes).
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
- USB: serial: quatech2: fix control-request directions (git-fixes).
- USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
- USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
- USB: sl811-hcd: improve misleading indentation (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes).
- USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes).
- USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
- USB: xhci: Fix port minor revision (git-fixes).
- USB: xhci: Increase timeout for HC halt (git-fixes).
- vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
- vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
- vfio/platform: fix module_put call in error flow (git-fixes).
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- video: hgafb: correctly handle card detect failure during probe (bsc#1129770)
- video: hgafb: fix potential NULL pointer dereference (bsc#1129770) Backporting changes: * context changes
- vsock/vmci: log once the failed queue pair allocation (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
- x86: fix seq_file iteration for pat/memtype.c (git-fixes).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#1114648).
ImportantSUSE bug 1103990SUSE bug 1103991SUSE bug 1104353SUSE bug 1113994SUSE bug 1114648SUSE bug 1129770SUSE bug 1135481SUSE bug 1136345SUSE bug 1174978SUSE bug 1179610SUSE bug 1182470SUSE bug 1184040SUSE bug 1185428SUSE bug 1185486SUSE bug 1185677SUSE bug 1185701SUSE bug 1185861SUSE bug 1185863SUSE bug 1186206SUSE bug 1186264SUSE bug 1186463SUSE bug 1186515SUSE bug 1186516SUSE bug 1186517SUSE bug 1186518SUSE bug 1186519SUSE bug 1186520SUSE bug 1186521SUSE bug 1186522SUSE bug 1186523SUSE bug 1186524SUSE bug 1186525SUSE bug 1186526SUSE bug 1186527SUSE bug 1186528SUSE bug 1186529SUSE bug 1186530SUSE bug 1186531SUSE bug 1186532SUSE bug 1186533SUSE bug 1186534SUSE bug 1186535SUSE bug 1186537SUSE bug 1186538SUSE bug 1186539SUSE bug 1186540SUSE bug 1186541SUSE bug 1186542SUSE bug 1186543SUSE bug 1186545SUSE bug 1186546SUSE bug 1186547SUSE bug 1186548SUSE bug 1186549SUSE bug 1186550SUSE bug 1186551SUSE bug 1186552SUSE bug 1186554SUSE bug 1186555SUSE bug 1186556SUSE bug 1186627SUSE bug 1186635SUSE bug 1186638SUSE bug 1186698SUSE bug 1186699SUSE bug 1186700SUSE bug 1186701SUSE bug 1187038SUSE bug 1187049SUSE bug 1187402SUSE bug 1187404SUSE bug 1187407SUSE bug 1187408SUSE bug 1187409SUSE bug 1187411SUSE bug 1187412SUSE bug 1187452SUSE bug 1187453SUSE bug 1187455SUSE bug 1187554SUSE bug 1187595SUSE bug 1187601SUSE bug 1187630SUSE bug 1187631SUSE bug 1187833SUSE bug 1187867SUSE bug 1187972SUSE bug 1188010CVE-2019-25045 at SUSECVE-2019-25045 at NVDCVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2020-36386 at SUSECVE-2020-36386 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-0512 at SUSECVE-2021-0512 at NVDCVE-2021-0605 at SUSECVE-2021-0605 at NVDCVE-2021-33624 at SUSECVE-2021-33624 at NVDCVE-2021-34693 at SUSECVE-2021-34693 at NVDcpe:/o:suse:suse-microos:5.0Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.0
This update for containerd fixes the following issues:
- CVE-2021-32760: Fixed a bug which allows untrusted container images to change permissions in the host's filesystem. (bsc#1188282)
ModerateSUSE bug 1188282CVE-2021-32760 at SUSECVE-2021-32760 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/x_tables.c (bnc#1188116).
- CVE-2021-33909: Extremely large seq buffer allocations in seq_file could lead to buffer underruns and code execution (bsc#1188062).
- CVE-2021-3609: A use-after-free in can/bcm could have led to privilege escalation (bsc#1187215).
- CVE-2021-3612: An out-of-bounds memory write flaw was found in the joystick devices subsystem in the way the user calls ioctl JSIOCSBTNMAP. This flaw allowed a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability (bnc#1187585 ).
- CVE-2021-35039: kernel/module.c mishandled Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, did not occur for a module.sig_enforce=1 command-line argument (bnc#1188080). NOTE that SUSE kernels are configured with CONFIG_MODULE_SIG=y, so are not affected.
The following non-security bugs were fixed:
- ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes).
- ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes).
- ACPICA: Fix memory leak caused by _CID repair function (git-fixes).
- ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes).
- ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
- ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
- ACPI: resources: Add checks for ACPI IRQ override (git-fixes).
- ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes).
- ALSA: hda/realtek: Add another ALC236 variant support (git-fixes).
- ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes).
- ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes).
- ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
- ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes).
- ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes).
- ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes).
- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472)
- ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes).
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes).
- ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes).
- ata: ahci_sunxi: Disable DIPM (git-fixes).
- ath10k: add missing error return code in ath10k_pci_probe() (git-fixes).
- ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
- ath10k: go to path err_unsupported when chip id is not supported (git-fixes).
- ath10k: remove unused more_frags variable (git-fixes).
- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes).
- backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes).
- Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes).
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
- brcmfmac: correctly report average RSSI in station info (git-fixes).
- brcmfmac: fix setting of station info chains bitmask (git-fixes).
- brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes).
- can: gw: synchronize rcu operations before removing gw job entry (git-fixes).
- can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes).
- cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes).
- char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes).
- clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes).
- clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes).
- clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes).
- clk: meson: g12a: fix gp0 and hifi ranges (git-fixes).
- clk: renesas: rcar-gen3: Update Z clock rate formula in comments (git-fixes).
- clk: si5341: Avoid divide errors due to bogus register contents (git-fixes).
- clk: si5341: Update initialization magic (git-fixes).
- clk: zynqmp: pll: Remove some dead code (git-fixes).
- clocksource: Retry clock read if long delays detected (git-fixes).
- cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes).
- crypto: ccp - Fix a resource leak in an error handling path (git-fixes).
- crypto: ixp4xx - dma_unmap the correct address (git-fixes).
- crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes).
- crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes).
- crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes).
- crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes).
- crypto: qat - remove unused macro in FW loader (git-fixes).
- crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes).
- dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes).
- dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes).
- dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes).
- dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes).
- dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes).
- docs: admin-guide: update description for kernel.hotplug sysctl (git-fixes).
- dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes).
- drm/amdgpu: Do not query CE and UE errors (bsc#1152472)
- drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489)
- drm/mcde/panel: Inverse misunderstood flag (bsc#1152472)
- drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes).
- drm/msm: Small msm_gem_purge() fix (bsc#1152489)
- drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
- drm: qxl: ensure surf.data is ininitialized (git-fixes).
- drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489)
- drm/radeon: wait for moving fence after pinning (git-fixes).
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes).
- drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes).
- drm/rockchip: dsi: remove extra component_del() call (git-fixes).
- drm/stm: Fix bus_flags handling (bsc#1152472)
- drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489)
- extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes).
- extcon: intel-mrfld: Sync hardware and software state on init (git-fixes).
- extcon: max8997: Add missing modalias string (git-fixes).
- extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes).
- firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes).
- Fix meta data in lpfc-decouple-port_template-and-vport_template.patch
- fix patches metadata
- fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes).
- fpga: machxo2-spi: Address warning about unused variable (git-fixes).
- fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
- fuse: check connected before queueing on fpq->io (bsc#1188267).
- fuse: ignore PG_workingset after stealing (bsc#1188268).
- fuse: reject internal errno (bsc#1188269).
- gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes).
- gve: Fix an error handling path in 'gve_probe()' (git-fixes).
- gve: Fix swapped vars when fetching max queues (git-fixes).
- HID: do not use down_interruptible() when unbinding devices (git-fixes).
- HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes).
- hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
- hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
- hwmon: (max31790) Fix pwmX_enable attributes (git-fixes).
- hwmon: (max31790) Report correct current pwm duty cycles (git-fixes).
- hwrng: exynos - Fix runtime PM imbalance on error (git-fixes).
- i2c: dev: Add __user annotation (git-fixes).
- i2c: robotfuzz-osif: fix control-request directions (git-fixes).
- ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237).
- ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237).
- ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237).
- ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
- ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes).
- ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
- ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237).
- ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237).
- ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
- iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes).
- iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes).
- iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adis16400: do not return ints in irq handlers (git-fixes).
- iio: adis_buffer: do not return ints in irq handlers (git-fixes).
- iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes).
- iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3472: do not free unallocated IRQ (git-fixes).
- iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes).
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes).
- iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: si1133: fix format string warnings (git-fixes).
- Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
- Input: usbtouchscreen - fix control-request directions (git-fixes).
- kABI: restore struct tcpc_config definition (git-fixes).
- kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042).
- leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes).
- leds: ktd2692: Fix an error handling path (git-fixes).
- leds: lm3532: select regmap I2C API (git-fixes).
- lib/decompressors: remove set but not used variabled 'level' (git-fixes).
- lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes).
- mac80211_hwsim: drop pending frames on stop (git-fixes).
- mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes).
- mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes).
- mac80211: remove warning in ieee80211_get_sband() (git-fixes).
- math: Export mul_u64_u64_div_u64 (git-fixes).
- media: au0828: fix a NULL vs IS_ERR() check (git-fixes).
- media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes).
- media: cobalt: fix race condition in setting HPD (git-fixes).
- media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
- media: dtv5100: fix control-request directions (git-fixes).
- media: dvb_net: avoid speculation from net slot (git-fixes).
- media: dvb-usb: fix wrong definition (git-fixes).
- media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
- media: em28xx: Fix possible memory leak of em28xx struct (git-fixes).
- media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
- media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes).
- media: Fix Media Controller API config checks (git-fixes).
- media: gspca/gl860: fix zero-length control requests (git-fixes).
- media: gspca/sq905: fix control-request direction (git-fixes).
- media: gspca/sunplus: fix zero-length control requests (git-fixes).
- media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes).
- media: imx-csi: Skip first few frames from a BT.656 source (git-fixes).
- media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes).
- media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes).
- media: mtk-vcodec: fix PM runtime get logic (git-fixes).
- media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
- media: rc: i2c: Fix an error message (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
- media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes).
- media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes).
- media: siano: fix device register error path (git-fixes).
- media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes).
- media: st-hva: Fix potential NULL pointer dereferences (git-fixes).
- media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes).
- media: sti: fix obj-$(config) targets (git-fixes).
- media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes).
- media: v4l2-async: Fix trivial documentation typo (git-fixes).
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes).
- media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
- memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
- memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
- memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes).
- memstick: rtsx_usb_ms: fix UAF (git-fixes).
- mmc: block: Disable CMDQ on the ioctl path (git-fixes).
- mmc: core: clear flags before allowing to retune (git-fixes).
- mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes).
- mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes).
- mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
- mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes).
- mmc: vub3000: fix control-request direction (git-fixes).
- mm, futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)).
- mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes).
- mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes).
- mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes).
- mwifiex: re-fix for unaligned accesses (git-fixes).
- nvme-rdma: fix in-casule data send for chained sgls (git-fixes).
- nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes).
- nvme-tcp: rerun io_work if req_list is not empty (git-fixes).
- nvme: verify MNAN value if ANA is enabled (bsc#1185791).
- PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes).
- pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes).
- platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes).
- ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes).
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes).
- regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes).
- regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes).
- regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes).
- reset: a10sr: add missing of_match_table reference (git-fixes).
- reset: bail if try_module_get() fails (git-fixes).
- reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes).
- Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes).
- Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729).
- rpm/kernel-binary.spec.in: Remove zdebug define used only once.
- rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes).
- rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes).
- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes).
- scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511).
- serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes).
- serial_cs: Add Option International GSM-Ready 56K/ISDN modem (git-fixes).
- serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes).
- serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes).
- serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes).
- serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
- serial: tegra-tcu: Reorder channel initialization (git-fixes).
- soc: fsl: qbman: Delete useless kfree code (bsc#1188176).
- soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176).
- soundwire: stream: Fix test for DP prepare complete (git-fixes).
- spi: fspi: dynamically alloc AHB memory (bsc#1188121).
- spi: Make of_register_spi_device also set the fwnode (git-fixes).
- spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121).
- spi: omap-100k: Fix the length judgment problem (git-fixes).
- spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes).
- spi: spi-nxp-fspi: Add ACPI support (bsc#1188121).
- spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121).
- spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121).
- spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121).
- spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121).
- spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
- spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes).
- spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes).
- spi: tegra114: Fix an error message (git-fixes).
- ssb: Fix error return code in ssb_bus_scan() (git-fixes).
- ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes).
- staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes).
- staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
- staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes).
- staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes).
- thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes).
- tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036).
- tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036).
- tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036).
- tpm, tpm_tis: Reserve locality in tpm_tis_resume() (bsc#1188036).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes).
- tracing/histograms: Fix parsing of 'sym-offset' modifier (git-fixes).
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes).
- tracing: Simplify & fix saved_tgids logic (git-fixes).
- tty: nozomi: Fix a resource leak in an error handling function (git-fixes).
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes).
- USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
- usb: dwc2: Do not reset the core after setting turnaround time (git-fixes).
- usb: dwc3: Fix debugfs creation flow (git-fixes).
- usb: gadget: eem: fix echo command packet response issue (git-fixes).
- usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes).
- usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes).
- usb: typec: fusb302: Always provide fwnode for the port (git-fixes).
- usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes).
- usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes).
- usb: typec: tcpm: Move mod_delayed_work(&port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes).
- usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes).
- usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes).
- usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes).
- usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes).
- usb: typec: tcpm: set correct data role for non-DRD (git-fixes).
- usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes).
- usb: typec: tcpm: update power supply once partner accepts (git-fixes).
- usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes).
- usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
- usb: typec: wcove: Fx wrong kernel doc format (git-fixes).
- Use /usr/lib/modules as module dir when usermerge is active in the target distro.
- vfio/pci: Handle concurrent vma faults (git-fixes).
- vfs: Convert functionfs to use the new mount API (git -fixes).
- video: fbdev: imxfb: Fix an error message (git-fixes).
- visorbus: fix error return code in visorchipset_init() (git-fixes).
- vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes).
- watchdog: aspeed: fix hardware timeout calculation (git-fixes).
- watchdog: sp805: Fix kernel doc description (git-fixes).
- wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
- wireless: carl9170: fix LEDS build errors & warnings (git-fixes).
- x86/kvm: Disable all PV features on crash (bsc#1185308).
- x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
- x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
- x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308).
- [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (git-fixes).
- xhci: solve a double free problem while doing s4 (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085224SUSE bug 1094840SUSE bug 1152472SUSE bug 1152489SUSE bug 1170511SUSE bug 1179243SUSE bug 1183871SUSE bug 1184114SUSE bug 1184804SUSE bug 1185308SUSE bug 1185791SUSE bug 1187215SUSE bug 1187585SUSE bug 1188036SUSE bug 1188062SUSE bug 1188080SUSE bug 1188116SUSE bug 1188121SUSE bug 1188176SUSE bug 1188267SUSE bug 1188268SUSE bug 1188269CVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDcpe:/o:suse:suse-microos:5.0Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.0
This update for curl fixes the following issues:
- CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220)
- CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219)
- CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218)
- CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217)
ModerateSUSE bug 1188217SUSE bug 1188218SUSE bug 1188219SUSE bug 1188220CVE-2021-22922 at SUSECVE-2021-22922 at NVDCVE-2021-22923 at SUSECVE-2021-22923 at NVDCVE-2021-22924 at SUSECVE-2021-22924 at NVDCVE-2021-22925 at SUSECVE-2021-22925 at NVDcpe:/o:suse:suse-microos:5.0Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libvirt fixes the following issues:
- CVE-2021-3631: fix SELinux label generation logic (bsc#1187871)
ModerateSUSE bug 1184253SUSE bug 1187871CVE-2021-3631 at SUSECVE-2021-3631 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Important)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3595: Fixed slirp: invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366)
- CVE-2021-3592: Fix for slirp: invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364)
- CVE-2021-3594: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367)
- CVE-2021-3593: Fix for slirp: invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365)
- CVE-2021-3582: Fix possible mremap overflow in the pvrdma (bsc#1187499)
- CVE-2021-3607: Ensure correct input on ring init (bsc#1187539)
- CVE-2021-3608: Fix the ring init error flow (bsc#1187538)
- CVE-2021-3611: Fix intel-hda segmentation fault due to stack overflow (bsc#1187529)
ImportantSUSE bug 1187364SUSE bug 1187365SUSE bug 1187366SUSE bug 1187367SUSE bug 1187499SUSE bug 1187529SUSE bug 1187538SUSE bug 1187539CVE-2021-3582 at SUSECVE-2021-3582 at NVDCVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3593 at SUSECVE-2021-3593 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDCVE-2021-3607 at SUSECVE-2021-3607 at NVDCVE-2021-3608 at SUSECVE-2021-3608 at NVDCVE-2021-3611 at SUSECVE-2021-3611 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/x_tables.c that could allow local provilege escalation. (bsc#1188116)
- CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol which allows for local privilege escalation. (bsc#1187215)
- CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows a local user to crash the system or possibly escalate their privileges on the system. (bsc#1187585)
- CVE-2021-35039: Fixed a bug where modules signature verification did not occur if CONFIG_MODULE_SIG is not set, regardless of the value of module.sig_enforce command-line argument. (bnc#1188080)
The following non-security bugs were fixed:
- ACPI: APEI: fix synchronous external aborts in user-mode (git-fixes).
- ACPI: bus: Call kobject_put() in acpi_init() error path (git-fixes).
- ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes).
- ACPI: Fix memory leak caused by _CID repair function (git-fixes).
- ACPI: processor idle: Fix up C-state latency if not ordered (git-fixes).
- ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
- ACPI: resources: Add checks for ACPI IRQ override (git-fixes).
- ACPI: sysfs: Fix a buffer overrun problem with description_show() (git-fixes).
- ALSA: hda/realtek: Add another ALC236 variant support (git-fixes).
- ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D (git-fixes).
- ALSA: intel8x0: Fix breakage at ac97 clock measurement (git-fixes).
- ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
- ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes).
- ALSA: usb-audio: scarlett2: Read mixer volumes at init time (git-fixes).
- ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes).
- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472) Backporting changes: * context changes
- ASoC: atmel-i2s: Fix usage of capture and playback at the same time (git-fixes).
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error in hi6210_i2s_startup() (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Fix an error handling path in 'mtk_btcvsd_snd_probe()' (git-fixes).
- ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes).
- ata: ahci_sunxi: Disable DIPM (git-fixes).
- ath10k: add missing error return code in ath10k_pci_probe() (git-fixes).
- ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
- ath10k: go to path err_unsupported when chip id is not supported (git-fixes).
- ath10k: remove unused more_frags variable (git-fixes).
- ath9k: Fix kernel NULL pointer dereference during ath_reset_internal() (git-fixes).
- backlight: lm3630a_bl: Put fwnode in error case during ->probe() (git-fixes).
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
- blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092).
- blk-mq: insert flush request to the front of dispatch queue (bsc#1180092).
- blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092).
- blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092).
- blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092).
- Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated event (git-fixes).
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
- bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518).
- brcmfmac: correctly report average RSSI in station info (git-fixes).
- brcmfmac: fix setting of station info chains bitmask (git-fixes).
- brcmsmac: mac80211_if: Fix a resource leak in an error handling path (git-fixes).
- can: gw: synchronize rcu operations before removing gw job entry (git-fixes).
- can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
- can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue in TX path (git-fixes).
- cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes).
- char: pcmcia: error out if 'num_bytes_read' is greater than 4 in set_protocol() (git-fixes).
- clk: actions: Fix bisp_factor_table based clocks on Owl S500 SoC (git-fixes).
- clk: actions: Fix SD clocks factor table on Owl S500 SoC (git-fixes).
- clk: actions: Fix UART clock dividers on Owl S500 SoC (git-fixes).
- clk: meson: g12a: fix gp0 and hifi ranges (git-fixes).
- clk: si5341: Avoid divide errors due to bogus register contents (git-fixes).
- clk: zynqmp: pll: Remove some dead code (git-fixes).
- clocksource: Retry clock read if long delays detected (git-fixes).
- cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes).
- crypto: ccp - Fix a resource leak in an error handling path (git-fixes).
- crypto: ixp4xx - dma_unmap the correct address (git-fixes).
- crypto: nitrox - fix unchecked variable in nitrox_register_interrupts (git-fixes).
- crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes).
- crypto: omap-sham - Fix PM reference leak in omap sham ops (git-fixes).
- crypto: qat - check return code of qat_hal_rd_rel_reg() (git-fixes).
- crypto: qat - remove unused macro in FW loader (git-fixes).
- crypto: ux500 - Fix error return code in hash_hw_final() (git-fixes).
- dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
- dmaengine: mediatek: do not issue a new desc if one is still current (git-fixes).
- dmaengine: mediatek: free the proper desc in desc_free handler (git-fixes).
- dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in prep_dma (git-fixes).
- dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe() (git-fixes).
- dmaengine: zynqmp_dma: Fix PM reference leak in zynqmp_dma_alloc_chan_resourc() (git-fixes).
- dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes).
- drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489) Backporting changes: * context changes
- drm: qxl: ensure surf.data is ininitialized (git-fixes).
- drm/amdgpu: Do not query CE and UE errors (bsc#1152472) Backporting changes: * unsigned long -> uint32_t
- drm/mcde/panel: Inverse misunderstood flag (bsc#1152472) Backporting changes: * only panel-samsung-s6d16d0.c exists
- drm/msm: Small msm_gem_purge() fix (bsc#1152489) Backporting changes: * context changes * GEM_WARN_ON() -> WARN_ON()
- drm/msm/dpu: Fix error return code in dpu_mdss_init() (git-fixes).
- drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
- drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489) Backporting changes: * context changes
- drm/radeon: wait for moving fence after pinning (git-fixes).
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in cdn_dp_grf_write() (git-fixes).
- drm/rockchip: dsi: move all lane config except LCDC mux to bind() (git-fixes).
- drm/rockchip: dsi: remove extra component_del() call (git-fixes).
- drm/stm: Fix bus_flags handling (bsc#1152472)
- drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489) Backporting changes: * context changes * vc4_hdmi -> vc4->hdmi
- extcon: extcon-max8997: Fix IRQ freeing at error path (git-fixes).
- extcon: intel-mrfld: Sync hardware and software state on init (git-fixes).
- extcon: max8997: Add missing modalias string (git-fixes).
- extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes).
- fbmem: add margin check to fb_check_caps() (git-fixes).
- firmware: tegra: Fix error return code in tegra210_bpmp_init() (git-fixes).
- fm10k: Fix an error handling path in 'fm10k_probe()' (git-fixes).
- fpga: machxo2-spi: Address warning about unused variable (git-fixes).
- fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
- fuse: check connected before queueing on fpq->io (bsc#1188267).
- fuse: ignore PG_workingset after stealing (bsc#1188268).
- fuse: reject internal errno (bsc#1188269).
- futex: fix shared futex pgoff on shmem huge page (git fixes (kernel/futex)).
- gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes).
- gve: Fix an error handling path in 'gve_probe()' (git-fixes).
- gve: Fix swapped vars when fetching max queues (git-fixes).
- HID: do not use down_interruptible() when unbinding devices (git-fixes).
- HID: wacom: Correct base usage for capacitive ExpressKey status bits (git-fixes).
- hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
- hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
- hwmon: (max31790) Fix pwmX_enable attributes (git-fixes).
- hwmon: (max31790) Report correct current pwm duty cycles (git-fixes).
- hwrng: exynos - Fix runtime PM imbalance on error (git-fixes).
- i2c: dev: Add __user annotation (git-fixes).
- i2c: robotfuzz-osif: fix control-request directions (git-fixes).
- ibmvnic: account for bufs already saved in indir_buf (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114 ltc#192237).
- ibmvnic: clean pending indirect buffs during reset (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#192237).
- ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#192237).
- ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
- ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes).
- ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
- ibmvnic: Use 'skb_frag_address()' instead of hand coding it (bsc#1184114 ltc#192237).
- ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#1184114 ltc#192237).
- ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
- iio: accel: bma180: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma220: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: kxcjk-1013: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: mxc4005: Fix overread of data and alignment issue (git-fixes).
- iio: accel: stk8312: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8ba50: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: at91-sama5d2: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: hx711: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: mxs-lradc: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads1015: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads8688: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adis_buffer: do not return ints in irq handlers (git-fixes).
- iio: adis16400: do not return ints in irq handlers (git-fixes).
- iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper (git-fixes).
- iio: gyro: bmg160: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: humidity: am2315: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: isl29125: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3414: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3472: do not free unallocated IRQ (git-fixes).
- iio: light: tcs3472: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: vcnl4035: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion (git-fixes).
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and PS_DATA as volatile, too (git-fixes).
- iio: magn: bmc150: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: magn: hmc5843: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: magn: rm3100: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: potentiostat: lmp91000: Fix alignment of buffer in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: as3935: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: isl29501: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: pulsed-light: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: srf08: Fix buffer alignment in iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: si1133: fix format string warnings (git-fixes).
- iio:accel:mxc4005: Drop unnecessary explicit casts in regmap_bulk_read calls (git-fixes).
- Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
- Input: usbtouchscreen - fix control-request directions (git-fixes).
- kABI: restore struct tcpc_config definition (git-fixes).
- leds: as3645a: Fix error return code in as3645a_parse_node() (git-fixes).
- leds: ktd2692: Fix an error handling path (git-fixes).
- leds: lm3532: select regmap I2C API (git-fixes).
- lib: vsprintf: Fix handling of number field widths in vsscanf (git-fixes).
- lib/decompressors: remove set but not used variabled 'level' (git-fixes).
- libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
- mac80211: drop pending frames on stop (git-fixes).
- mac80211: remove iwlwifi specific workaround NDPs of null_response (git-fixes).
- mac80211: remove iwlwifi specific workaround that broke sta NDP tx (git-fixes).
- mac80211: remove warning in ieee80211_get_sband() (git-fixes).
- math: Export mul_u64_u64_div_u64 (git-fixes).
- media: au0828: fix a NULL vs IS_ERR() check (git-fixes).
- media: bt8xx: Fix a missing check bug in bt878_probe (git-fixes).
- media: cobalt: fix race condition in setting HPD (git-fixes).
- media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
- media: dtv5100: fix control-request directions (git-fixes).
- media: dvb_net: avoid speculation from net slot (git-fixes).
- media: dvb-usb: fix wrong definition (git-fixes).
- media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
- media: em28xx: Fix possible memory leak of em28xx struct (git-fixes).
- media: exynos-gsc: fix pm_runtime_get_sync() usage count (git-fixes).
- media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
- media: Fix Media Controller API config checks (git-fixes).
- media: gspca/gl860: fix zero-length control requests (git-fixes).
- media: gspca/sq905: fix control-request direction (git-fixes).
- media: gspca/sunplus: fix zero-length control requests (git-fixes).
- media: I2C: change 'RST' to 'RSET' to fix multiple build errors (git-fixes).
- media: imx-csi: Skip first few frames from a BT.656 source (git-fixes).
- media: imx: imx7_mipi_csis: Fix logging of only error event counters (git-fixes).
- media: mdk-mdp: fix pm_runtime_get_sync() usage count (git-fixes).
- media: mtk-vcodec: fix PM runtime get logic (git-fixes).
- media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
- media: rc: i2c: Fix an error message (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
- media: s5p-jpeg: fix pm_runtime_get_sync() usage count (git-fixes).
- media: sh_vou: fix pm_runtime_get_sync() usage count (git-fixes).
- media: siano: fix device register error path (git-fixes).
- media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2() (git-fixes).
- media: st-hva: Fix potential NULL pointer dereferences (git-fixes).
- media: sti: fix obj-$(config) targets (git-fixes).
- media: sti/bdisp: fix pm_runtime_get_sync() usage count (git-fixes).
- media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes).
- media: v4l2-async: Fix trivial documentation typo (git-fixes).
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release (git-fixes).
- media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
- memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
- memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
- memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
- memory: pl353: Fix error return code in pl353_smc_probe() (git-fixes).
- memstick: rtsx_usb_ms: fix UAF (git-fixes).
- mmc: block: Disable CMDQ on the ioctl path (git-fixes).
- mmc: core: clear flags before allowing to retune (git-fixes).
- mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
- mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes).
- mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode (git-fixes).
- mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
- mmc: via-sdmmc: add a check against NULL pointer dereference (git-fixes).
- mmc: vub3000: fix control-request direction (git-fixes).
- mt76: fix possible NULL pointer dereference in mt76_tx (git-fixes).
- mtd: partitions: redboot: seek fis-index-block in the right node (git-fixes).
- mtd: rawnand: marvell: add missing clk_disable_unprepare() on error in marvell_nfc_resume() (git-fixes).
- mwifiex: re-fix for unaligned accesses (git-fixes).
- nvme: fix in-casule data send for chained sgls (git-fixes).
- nvme: introduce nvme_rdma_sgl structure (git-fixes).
- nvme: rerun io_work if req_list is not empty (git-fixes).
- nvme: verify MNAN value if ANA is enabled (bsc#1185791).
- PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes).
- pinctrl: stm32: fix the reported number of GPIO lines per bank (git-fixes).
- platform/x86: toshiba_acpi: Fix missing error code in toshiba_acpi_setup_keyboard() (git-fixes).
- ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation (git-fixes).
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- random32: Fix implicit truncation warning in prandom_seed_state() (git-fixes).
- regulator: da9052: Ensure enough delay time for .set_voltage_time_sel (git-fixes).
- regulator: hi655x: Fix pass wrong pointer to config.driver_data (git-fixes).
- regulator: uniphier: Add missing MODULE_DEVICE_TABLE (git-fixes).
- reset: a10sr: add missing of_match_table reference (git-fixes).
- reset: bail if try_module_get() fails (git-fixes).
- reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes).
- Revert 'ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro' (git-fixes).
- Revert 'ibmvnic: remove duplicate napi_schedule call in open function' (bsc#1065729).
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804).
- rpm/kernel-binary.spec.in: Remove zdebug define used only once.
- rsi: Assign beacon rate settings to the correct rate_info descriptor field (git-fixes).
- rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes).
- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe error path (git-fixes).
- scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#1170511).
- serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates (git-fixes).
- serial: Add Option International GSM-Ready 56K/ISDN modem (git-fixes).
- serial: mvebu-uart: correctly calculate minimal possible baudrate (git-fixes).
- serial: mvebu-uart: do not allow changing baudrate when uartclk is not available (git-fixes).
- serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
- serial: remove wrong GLOBETROTTER.cis entry (git-fixes).
- serial: tegra-tcu: Reorder channel initialization (git-fixes).
- soc: fsl: qbman: Delete useless kfree code (bsc#1188176).
- soc: fsl: qbman: Ensure device cleanup is run for kexec (bsc#1188176).
- soundwire: stream: Fix test for DP prepare complete (git-fixes).
- spi: fspi: dynamically alloc AHB memory (bsc#1188121).
- spi: Make of_register_spi_device also set the fwnode (git-fixes).
- spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121).
- spi: omap-100k: Fix the length judgment problem (git-fixes).
- spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf' (git-fixes).
- spi: spi-nxp-fspi: Add ACPI support (bsc#1188121).
- spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121).
- spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121).
- spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121).
- spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121).
- spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
- spi: spi-topcliff-pch: Fix potential double free in pch_spi_process_messages() (git-fixes).
- spi: stm32-qspi: Remove unused qspi field of struct stm32_qspi_flash (git-fixes).
- spi: tegra114: Fix an error message (git-fixes).
- ssb: Fix error return code in ssb_bus_scan() (git-fixes).
- ssb: sdio: Do not overwrite const buffer if block_write fails (git-fixes).
- staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt() (git-fixes).
- staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
- staging: rtl8712: fix memory leak in rtl871x_load_fw_cb (git-fixes).
- staging: rtl8712: remove redundant check in r871xu_drv_init (git-fixes).
- tcp: Remove superfluous BH-disable around listening_hash (bsc#1188525).
- thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations (git-fixes).
- tpm: Decorate tpm_get_timeouts() with request_locality() (bsc#1188036).
- tpm: Decorate tpm_tis_gen_interrupt() with request_locality() (bsc#1188036).
- tpm: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (bsc#1188036).
- tpm: Reserve locality in tpm_tis_resume() (bsc#1188036).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing (git-fixes).
- tracing: Fix parsing of 'sym-offset' modifier (git-fixes).
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT (git-fixes).
- tracing: Simplify and fix saved_tgids logic (git-fixes).
- tty: nozomi: Fix a resource leak in an error handling function (git-fixes).
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()' (git-fixes).
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch (bsc#1065729 bsc#1188405 ltc#193509).
- Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509).
- usb: dwc2: Do not reset the core after setting turnaround time (git-fixes).
- usb: dwc3: Fix debugfs creation flow (git-fixes).
- usb: gadget: eem: fix echo command packet response issue (git-fixes).
- usb: gadget: f_fs: Fix setting of device and driver data cross-references (git-fixes).
- usb: typec: Add the missed altmode_id_remove() in typec_register_altmode() (git-fixes).
- usb: typec: fusb302: Always provide fwnode for the port (git-fixes).
- usb: typec: fusb302: fix 'op-sink-microwatt' default that was in mW (git-fixes).
- usb: typec: tcpm: Error handling for tcpm_register_partner_altmodes (git-fixes).
- usb: typec: tcpm: Move mod_delayed_work(port->vdm_state_machine) call into tcpm_queue_vdm() (git-fixes).
- usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for DRP (git-fixes).
- usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes).
- usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload handling (git-fixes).
- usb: typec: tcpm: Remove tcpc_config configuration mechanism (git-fixes).
- usb: typec: tcpm: set correct data role for non-DRD (git-fixes).
- usb: typec: tcpm: Switch to use fwnode_property_count_uXX() (git-fixes).
- usb: typec: ucsi: Hold con->lock for the entire duration of ucsi_register_port() (git-fixes).
- usb: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
- usb: typec: wcove: Fx wrong kernel doc format (git-fixes).
- UsrMerge the kernel (boo#1184804)
- vfio: Handle concurrent vma faults (git-fixes).
- vfs: Convert functionfs to use the new mount API (git -fixes).
- video: fbdev: imxfb: Fix an error message (git-fixes).
- visorbus: fix error return code in visorchipset_init() (git-fixes).
- vmxnet3: fix cksum offload issues for tunnels with non-default udp ports (git-fixes).
- watchdog: aspeed: fix hardware timeout calculation (git-fixes).
- watchdog: sp805: Fix kernel doc description (git-fixes).
- wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
- wireless: carl9170: fix LEDS build errors and warnings (git-fixes).
- x86/kvm: Disable all PV features on crash (bsc#1185308).
- x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
- x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
- x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308).
- xhci: solve a double free problem while doing s4 (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085224SUSE bug 1094840SUSE bug 1152472SUSE bug 1152489SUSE bug 1155518SUSE bug 1170511SUSE bug 1179243SUSE bug 1180092SUSE bug 1183871SUSE bug 1184114SUSE bug 1184804SUSE bug 1185308SUSE bug 1185791SUSE bug 1186206SUSE bug 1187215SUSE bug 1187585SUSE bug 1188036SUSE bug 1188080SUSE bug 1188116SUSE bug 1188121SUSE bug 1188176SUSE bug 1188267SUSE bug 1188268SUSE bug 1188269SUSE bug 1188405SUSE bug 1188525CVE-2021-22555 at SUSECVE-2021-22555 at NVDCVE-2021-35039 at SUSECVE-2021-35039 at NVDCVE-2021-3609 at SUSECVE-2021-3609 at NVDCVE-2021-3612 at SUSECVE-2021-3612 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445).
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
- CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that allows to obtain full root privileges. (bsc#1188062)
The following non-security bugs were fixed:
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes).
- ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes).
- ARM: ensure the signal page contains defined contents (bsc#1188445).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes).
- ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
- ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes).
- Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes).
- Input: ili210x - add missing negation for touch indication on ili210x (git-fixes).
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771).
- KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773).
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774).
- KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777).
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes).
- PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
- PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes).
- PCI: quirks: fix false kABI positive (git-fixes).
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
- RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449).
- RDMA/cma: Protect RMW with qp_mutex (git-fixes).
- Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes).
- Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes).
- Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes).
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
- backlight: lm3630a: Fix return code of .update_status() callback (git-fixes).
- bcache: avoid oversized read request in cache missing code path (bsc#1184631).
- bcache: remove bcache device self-defined readahead (bsc#1184631).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: do not disable an already disabled PCI device (git-fixes).
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353).
- cadence: force nonlinear buffers to be cloned (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: esd_usb2: fix memory leak (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
- clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes).
- clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes).
- cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)).
- crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes).
- crypto: sun4i-ss - checking sg length is not sufficient (git-fixes).
- crypto: sun4i-ss - initialize need_fallback (git-fixes).
- crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes).
- drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
- drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
- drm/amd/display: Update scaling settings on modeset (git-fixes).
- drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes).
- drm/amd/display: fix incorrrect valid irq check (git-fixes).
- drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes).
- drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
- drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
- drm/arm/malidp: Always list modifiers (git-fixes).
- drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes).
- drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes).
- drm/msm/mdp4: Fix modifier support enabling (git-fixes).
- drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes).
- drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
- drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes).
- drm/sched: Avoid data corruptions (git-fixes).
- drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes).
- drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- e1000e: Check the PCIm state (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes).
- firmware/efi: Tell memblock about EFI iomem reservations (git-fixes).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes).
- firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes).
- gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add stats for gve (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Add support for raw addressing in the tx path (bsc#1176940).
- gve: Add support for raw addressing to the rx path (bsc#1176940).
- gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: Replace zero-length array with flexible-array member (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Use link status register to report link status (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- i2c: core: Disable client irq on reboot/shutdown (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
- ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533).
- ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926).
- igb: Check if num of q_vectors is smaller than max before array access (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- igb: Fix position of assignment to *ring (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- igc: Fix an error handling path in 'igc_probe()' (git-fixes).
- igc: Fix use-after-free error during reset (git-fixes).
- igc: change default return of igc_read_phy_reg() (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes).
- iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes).
- iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
- iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes).
- ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
- kABI workaround for pci/quirks.c (git-fixes).
- kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes).
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes).
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes).
- kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes).
- kprobes: fix kill kprobe which has been marked as gone (git-fixes).
- kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772).
- kvm: i8254: remove redundant assignment to pointer s (bsc#1188770).
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- media, bpf: Do not copy more entries than user space requested (git-fixes).
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes).
- mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes).
- misc: alcor_pci: fix inverted branch condition (git-fixes).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes).
- mt76: mt7603: set 0 as min coverage_class value (git-fixes).
- mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes).
- mt76: mt7615: increase MCU command timeout (git-fixes).
- mt76: set dma-done flag for flushed descriptors (git-fixes).
- mvpp2: suppress warning (git-fixes).
- net/mlx5: Do not fail driver on failure to create debugfs (git-fixes).
- net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes).
- net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
- net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
- net: marvell: Fix OF_MDIO config check (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
- net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes).
- net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
- net: wilc1000: clean up resource in error path of init mon interface (git-fixes).
- nfc: nfcsim: fix use after free during module unload (git-fixes).
- pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes).
- pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes).
- pinctrl: mcp23s08: fix race condition in irq handler (git-fixes).
- platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes).
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes).
- platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes).
- platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes).
- platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes).
- powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722).
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
- powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes).
- powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722).
- powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722).
- powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722).
- powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395).
- powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
- powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
- pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
- pwm: imx1: Do not disable clocks at device remove time (git-fixes).
- pwm: spear: Do not modify HW state in .remove callback (git-fixes).
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes).
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes).
- ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes).
- rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746).
- rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747).
- regulator: hi6421: Fix getting wrong drvdata (git-fixes).
- regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes).
- replaced with upstream security mitigation cleanup
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
- rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
- scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
- sfp: Fix error handing in sfp_probe() (git-fixes).
- soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
- spi: cadence: Correct initialisation of runtime PM again (git-fixes).
- spi: imx: add a check for speed_hz before calculating the clock (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes).
- thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes).
- tpm: efi: Use local variable for calculating final log size (git-fixes).
- tracing: Do not reference char * as a string in histograms (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes).
- usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes).
- usb: gadget: hid: fix error return code in hid_bind() (git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes).
- usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes).
- uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes).
- virtio_console: Assure used length from device is limited (git-fixes).
- virtio_net: move tx vq operation under tx queue lock (git-fixes).
- vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
- watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes).
- wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
- workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
- xen/events: reset active flag for lateeoi events later (git-fixes).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
- xhci: Fix lost USB 2 remote wake (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085224SUSE bug 1094840SUSE bug 1113295SUSE bug 1153274SUSE bug 1154353SUSE bug 1156395SUSE bug 1176940SUSE bug 1179243SUSE bug 1183871SUSE bug 1184114SUSE bug 1184350SUSE bug 1184631SUSE bug 1185377SUSE bug 1186194SUSE bug 1186482SUSE bug 1186483SUSE bug 1187476SUSE bug 1188062SUSE bug 1188063SUSE bug 1188101SUSE bug 1188257SUSE bug 1188405SUSE bug 1188445SUSE bug 1188504SUSE bug 1188620SUSE bug 1188683SUSE bug 1188746SUSE bug 1188747SUSE bug 1188748SUSE bug 1188770SUSE bug 1188771SUSE bug 1188772SUSE bug 1188773SUSE bug 1188774SUSE bug 1188777SUSE bug 1188838SUSE bug 1188842SUSE bug 1188876SUSE bug 1188885SUSE bug 1188973CVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-33909 at SUSECVE-2021-33909 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
- CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445).
- CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
- CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).
The following non-security bugs were fixed:
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes).
- ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes).
- ARM: ensure the signal page contains defined contents (bsc#1188445).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes).
- ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
- ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes).
- Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes).
- Input: ili210x - add missing negation for touch indication on ili210x (git-fixes).
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771).
- KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773).
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774).
- KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777).
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes).
- PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
- PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes).
- PCI: quirks: fix false kABI positive (git-fixes).
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
- RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449).
- RDMA/cma: Protect RMW with qp_mutex (git-fixes).
- Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes).
- Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes).
- Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes).
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
- backlight: lm3630a: Fix return code of .update_status() callback (git-fixes).
- bcache: avoid oversized read request in cache missing code path (bsc#1184631).
- bcache: remove bcache device self-defined readahead (bsc#1184631).
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
- blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092).
- blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092).
- blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092).
- blk-mq: insert flush request to the front of dispatch queue (bsc#1180092).
- blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: do not disable an already disabled PCI device (git-fixes).
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353).
- bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518).
- cadence: force nonlinear buffers to be cloned (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: esd_usb2: fix memory leak (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
- clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes).
- clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes).
- cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)).
- crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes).
- crypto: sun4i-ss - checking sg length is not sufficient (git-fixes).
- crypto: sun4i-ss - initialize need_fallback (git-fixes).
- crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
- dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes).
- drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
- drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
- drm/amd/display: Update scaling settings on modeset (git-fixes).
- drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes).
- drm/amd/display: fix incorrrect valid irq check (git-fixes).
- drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes).
- drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
- drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
- drm/arm/malidp: Always list modifiers (git-fixes).
- drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes).
- drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes).
- drm/msm/mdp4: Fix modifier support enabling (git-fixes).
- drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes).
- drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
- drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes).
- drm/sched: Avoid data corruptions (git-fixes).
- drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes).
- drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- e1000e: Check the PCIm state (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes).
- fbmem: Do not delete the mode that is still in use (git-fixes).
- fbmem: add margin check to fb_check_caps() (git-fixes).
- firmware/efi: Tell memblock about EFI iomem reservations (git-fixes).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes).
- firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes).
- gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add stats for gve (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Add support for raw addressing in the tx path (bsc#1176940).
- gve: Add support for raw addressing to the rx path (bsc#1176940).
- gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: Replace zero-length array with flexible-array member (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Use link status register to report link status (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- i2c: core: Disable client irq on reboot/shutdown (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
- ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533).
- ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926).
- igb: Check if num of q_vectors is smaller than max before array access (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- igb: Fix position of assignment to *ring (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- igc: Fix an error handling path in 'igc_probe()' (git-fixes).
- igc: Fix use-after-free error during reset (git-fixes).
- igc: change default return of igc_read_phy_reg() (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes).
- iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes).
- iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
- iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes).
- ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
- kABI workaround for pci/quirks.c (git-fixes).
- kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes).
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes).
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes).
- kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes).
- kprobes: fix kill kprobe which has been marked as gone (git-fixes).
- kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772).
- kvm: i8254: remove redundant assignment to pointer s (bsc#1188770).
- lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes).
- libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
- liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- media, bpf: Do not copy more entries than user space requested (git-fixes).
- media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes).
- mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes).
- misc: alcor_pci: fix inverted branch condition (git-fixes).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes).
- mt76: mt7603: set 0 as min coverage_class value (git-fixes).
- mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes).
- mt76: mt7615: increase MCU command timeout (git-fixes).
- mt76: set dma-done flag for flushed descriptors (git-fixes).
- mvpp2: suppress warning (git-fixes).
- net/mlx5: Do not fail driver on failure to create debugfs (git-fixes).
- net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes).
- net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
- net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
- net: marvell: Fix OF_MDIO config check (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
- net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes).
- net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
- net: wilc1000: clean up resource in error path of init mon interface (git-fixes).
- nfc: nfcsim: fix use after free during module unload (git-fixes).
- pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes).
- pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes).
- pinctrl: mcp23s08: fix race condition in irq handler (git-fixes).
- platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes).
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes).
- platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes).
- platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes).
- platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes).
- powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722).
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
- powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes).
- powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722).
- powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722).
- powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722).
- powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395).
- powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
- powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
- pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
- pwm: imx1: Do not disable clocks at device remove time (git-fixes).
- pwm: spear: Do not modify HW state in .remove callback (git-fixes).
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes).
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes).
- ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes).
- rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746).
- rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747).
- regulator: hi6421: Fix getting wrong drvdata (git-fixes).
- regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes).
- replaced with upstream security mitigation cleanup
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804).
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
- rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
- scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
- sfp: Fix error handing in sfp_probe() (git-fixes).
- soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
- spi: cadence: Correct initialisation of runtime PM again (git-fixes).
- spi: imx: add a check for speed_hz before calculating the clock (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes).
- thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes).
- tpm: efi: Use local variable for calculating final log size (git-fixes).
- tracing: Do not reference char * as a string in histograms (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes).
- usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes).
- usb: gadget: hid: fix error return code in hid_bind() (git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes).
- usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes).
- uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes).
- virtio_console: Assure used length from device is limited (git-fixes).
- virtio_net: move tx vq operation under tx queue lock (git-fixes).
- vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
- watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes).
- wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
- workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
- xen/events: reset active flag for lateeoi events later (git-fixes).
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
- xhci: Fix lost USB 2 remote wake (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085224SUSE bug 1094840SUSE bug 1113295SUSE bug 1153274SUSE bug 1154353SUSE bug 1155518SUSE bug 1156395SUSE bug 1176940SUSE bug 1179243SUSE bug 1180092SUSE bug 1183871SUSE bug 1184114SUSE bug 1184350SUSE bug 1184631SUSE bug 1184804SUSE bug 1185377SUSE bug 1186194SUSE bug 1186206SUSE bug 1186482SUSE bug 1186483SUSE bug 1187476SUSE bug 1188101SUSE bug 1188405SUSE bug 1188445SUSE bug 1188504SUSE bug 1188620SUSE bug 1188683SUSE bug 1188746SUSE bug 1188747SUSE bug 1188748SUSE bug 1188770SUSE bug 1188771SUSE bug 1188772SUSE bug 1188773SUSE bug 1188774SUSE bug 1188777SUSE bug 1188838SUSE bug 1188876SUSE bug 1188885SUSE bug 1188973CVE-2021-21781 at SUSECVE-2021-21781 at NVDCVE-2021-22543 at SUSECVE-2021-22543 at NVDCVE-2021-3659 at SUSECVE-2021-3659 at NVDCVE-2021-37576 at SUSECVE-2021-37576 at NVDcpe:/o:suse:suse-microos:5.0Recommended update for cpio (Critical)SUSE Linux Enterprise Micro 5.0
This update for cpio fixes the following issues:
- A regression in the previous update could lead to crashes (bsc#1189465)
CriticalSUSE bug 1189465CVE-2021-38185 at SUSECVE-2021-38185 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
Security issues fixed:
- usbredir: free call on invalid pointer in bufp_alloc (bsc#1189145, CVE-2021-3682)
- NULL pointer dereference in ESP (bsc#1180433, CVE-2020-35504) (bsc#1180434, CVE-2020-35505) (bsc#1180435, CVE-2020-35506)
- NULL pointer dereference issue in megasas-gen2 host bus adapter (bsc#1180432, CVE-2020-35503)
- eepro100: stack overflow via infinite recursion (bsc#1182651, CVE-2021-20255)
- usb: unbounded stack allocation in usbredir (bsc#1186012, CVE-2021-3527)
ModerateSUSE bug 1180432SUSE bug 1180433SUSE bug 1180434SUSE bug 1180435SUSE bug 1182651SUSE bug 1186012SUSE bug 1189145CVE-2020-35503 at SUSECVE-2020-35503 at NVDCVE-2020-35504 at SUSECVE-2020-35504 at NVDCVE-2020-35505 at SUSECVE-2020-35505 at NVDCVE-2020-35506 at SUSECVE-2020-35506 at NVDCVE-2021-20255 at SUSECVE-2021-20255 at NVDCVE-2021-3527 at SUSECVE-2021-3527 at NVDCVE-2021-3682 at SUSECVE-2021-3682 at NVDcpe:/o:suse:suse-microos:5.0Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.0
This update for krb5 fixes the following issues:
- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)
ImportantSUSE bug 1188571CVE-2021-36222 at SUSECVE-2021-36222 at NVDcpe:/o:suse:suse-microos:5.0Security update for libmspack (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libmspack fixes the following issues:
- CVE-2018-14681: Bad KWAJ file header extensions could cause a one or two byte overwrite. (bsc#1103032)
- CVE-2018-14682: There is an off-by-one error in the TOLOWER() macro for CHM decompression. (bsc#1103032)
- CVE-2018-14679: There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service. (bsc#1103032)
ModerateSUSE bug 1103032CVE-2018-14679 at SUSECVE-2018-14679 at NVDCVE-2018-14681 at SUSECVE-2018-14681 at NVDCVE-2018-14682 at SUSECVE-2018-14682 at NVDcpe:/o:suse:suse-microos:5.0Security update for dbus-1 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for dbus-1 fixes the following issues:
- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)
ModerateSUSE bug 1172505CVE-2020-12049 at SUSECVE-2020-12049 at NVDcpe:/o:suse:suse-microos:5.0Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.0
This patch updates the Python AWS SDK stack in SLE 15:
General:
# aws-cli
- Version updated to upstream release v1.19.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-boto3
- Version updated to upstream release 1.17.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-botocore
- Version updated to upstream release 1.20.9
For a detailed list of all changes, please refer to the changelog file of this package.
# python-urllib3
- Version updated to upstream release 1.25.10
For a detailed list of all changes, please refer to the changelog file of this package.
# python-service_identity
- Added this new package to resolve runtime dependencies for other packages.
Version: 18.1.0
# python-trustme
- Added this new package to resolve runtime dependencies for other packages.
Version: 0.6.0
Security fixes:
# python-urllib3:
- CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated
by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120)
ModerateSUSE bug 1102408SUSE bug 1138715SUSE bug 1138746SUSE bug 1176389SUSE bug 1177120SUSE bug 1182421SUSE bug 1182422CVE-2020-26137 at SUSECVE-2020-26137 at NVDcpe:/o:suse:suse-microos:5.0Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.0
This update for openssl-1_1 fixes the following security issues:
- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
could lead to buffer overflows. [bsc#1189520]
- CVE-2021-3712: a bug in the code for printing certificate details could
lead to a buffer overrun that a malicious actor could exploit to crash
the application, causing a denial-of-service attack. [bsc#1189521]
ImportantSUSE bug 1189520SUSE bug 1189521CVE-2021-3711 at SUSECVE-2021-3711 at NVDCVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-microos:5.0Security update for xen (Important)SUSE Linux Enterprise Micro 5.0
This update for xen fixes the following issues:
Update to Xen 4.13.3 general bug fix release (bsc#1027519).
Security issues fixed:
- CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428)
- CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429)
- CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433)
- CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434)
- CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
- CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376).
- CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).
- CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380).
- CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381).
Other issues fixed:
- Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491)
- Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682)
- Fixed shell macro expansion in the spec file, so that ExecStart=
in xendomains-wait-disks.service is created correctly (bsc#1183877)
- Upstream bug fixes (bsc#1027519)
- Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050).
- xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189).
- Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246).
- Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).
ImportantSUSE bug 1027519SUSE bug 1137251SUSE bug 1176189SUSE bug 1179148SUSE bug 1179246SUSE bug 1180491SUSE bug 1181989SUSE bug 1183877SUSE bug 1185682SUSE bug 1186428SUSE bug 1186429SUSE bug 1186433SUSE bug 1186434SUSE bug 1188050SUSE bug 1189373SUSE bug 1189376SUSE bug 1189378SUSE bug 1189380SUSE bug 1189381SUSE bug 1189882CVE-2021-0089 at SUSECVE-2021-0089 at NVDCVE-2021-28690 at SUSECVE-2021-28690 at NVDCVE-2021-28692 at SUSECVE-2021-28692 at NVDCVE-2021-28693 at SUSECVE-2021-28693 at NVDCVE-2021-28694 at SUSECVE-2021-28694 at NVDCVE-2021-28695 at SUSECVE-2021-28695 at NVDCVE-2021-28696 at SUSECVE-2021-28696 at NVDCVE-2021-28697 at SUSECVE-2021-28697 at NVDCVE-2021-28698 at SUSECVE-2021-28698 at NVDCVE-2021-28699 at SUSECVE-2021-28699 at NVDCVE-2021-28700 at SUSECVE-2021-28700 at NVDcpe:/o:suse:suse-microos:5.0Security update for libesmtp (Important)SUSE Linux Enterprise Micro 5.0
This update for libesmtp fixes the following issues:
- CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).
ImportantSUSE bug 1160462SUSE bug 1189097CVE-2019-19977 at SUSECVE-2019-19977 at NVDcpe:/o:suse:suse-microos:5.0Security update for openssl-1_1 (Low)SUSE Linux Enterprise Micro 5.0
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-microos:5.0Recommended update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.0
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ModerateSUSE bug 1029961SUSE bug 1174697SUSE bug 1176206SUSE bug 1176934SUSE bug 1179382SUSE bug 1188891CVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDcpe:/o:suse:suse-microos:5.0Security update for libcroco (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libcroco fixes the following issues:
- CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685).
ModerateSUSE bug 1171685CVE-2020-12825 at SUSECVE-2020-12825 at NVDcpe:/o:suse:suse-microos:5.0Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.0
This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- Upstream bug fixes (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1189632CVE-2021-28701 at SUSECVE-2021-28701 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 Realtime kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
- CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
- CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
The following non-security bugs were fixed:
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
- ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes).
- ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
- ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes).
- ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
- ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
- ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes).
- Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
- Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted
- Fix breakage of swap over NFS (bsc#1188924).
- Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
- HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
- HID: input: do not report stylus battery state as 'full' (git-fixes).
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
- KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788).
- KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780).
- KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782).
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783).
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784).
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- Move upstreamed BT fixes into sorted section
- NFS: Correct size calculation for create reply length (bsc#1189870).
- NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021)
- NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes).
- NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
- README: Modernize build instructions.
- Revert 'ACPICA: Fix memory leak caused by _CID repair function' (git-fixes).
- Revert 'USB: serial: ch341: fix character loss at high transfer rates' (git-fixes).
- Revert 'dmaengine: imx-sdma: refine to load context only once' (git-fixes).
- Revert 'gpio: eic-sprd: Use devm_platform_ioremap_resource()' (git-fixes).
- Revert 'mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711' (git-fixes).
- SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924).
- SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021).
- USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
- USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes).
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- bdi: Do not use freezable workqueue (bsc#1189573).
- blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
- blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503).
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- block: fix trace completion for chained bio (bsc#1189505).
- brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- btrfs: do async reclaim for data reservations (bsc#1135481).
- btrfs: don't force commit if we are data (bsc#1135481).
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077).
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077).
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- btrfs: use ticketing for data space reservations (bsc#1135481).
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes).
- ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468).
- ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468).
- ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427).
- cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes).
- cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181).
- cgroup: verify that source is a string (bsc#1190131).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- cpuidle: Consolidate disabled state checks (bsc#1175543)
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- cpuidle: cpuidle_state kABI fix (bsc#1175543)
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
- crypto: qat - use proper type for vf_mask (git-fixes).
- crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes).
- dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes).
- dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
- drm/nouveau/disp: power down unused DP links during init (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes).
- drm: Copy drm_wait_vblank to user before returning (git-fixes).
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568).
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576).
- ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
- ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
- firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes).
- fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
- gpio: eic-sprd: break loop when getting NULL device resource (git-fixes).
- gpio: tqmx86: really make IRQ optional (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time (git-fixes).
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- intel_idle: Annotate init time data structures (bsc#1175543)
- intel_idle: Customize IceLake server support (bsc#1175543)
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- intel_idle: Use ACPI _CST on server systems (bsc#1175543)
- iommu/amd: Fix extended features logging (bsc#1189213).
- iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
- iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215).
- iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216).
- iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
- iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219).
- iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220).
- iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221).
- iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
- iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes).
- kABI fix of usb_dcd_config_params (git-fixes).
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021)
- kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- md/raid10: properly indicate failure when ending a failed write request (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
- media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
- memcg: enable accounting for file lock caches (bsc#1190115).
- misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes).
- misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes).
- mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301).
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569).
- mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes).
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes).
- mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes).
- nbd: Aovid double completion of a request (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- nbd: do not update block size after device is started (git-fixes).
- net/mlx5: Properly convey driver version to firmware (git-fixes).
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes).
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme: code command_id with a genctr for use-after-free validation (bsc#1181972).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
- ocfs2: fix snprintf() checking (bsc#1189581).
- ocfs2: fix zero out valid data (bsc#1189579).
- ocfs2: initialize ip_next_orphan (bsc#1186731).
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439).
- overflow: Correct check_shl_overflow() comment (git-fixes).
- ovl: allow upperdir inside lowerdir (bsc#1189323).
- ovl: expand warning in ovl_d_real() (bsc#1189323).
- ovl: fix missing revert_creds() on error path (bsc#1189323).
- ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
- ovl: skip getxattr of security labels (bsc#1189323).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes).
- platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes).
- power: supply: max17042: handle fails of reading status register (git-fixes).
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
- powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906).
- powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes).
- powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes)
- powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes).
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm: Abolish image suffix (bsc#1189841).
- rpm: Define $certs as rpm macro (bsc#1189841).
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841).
- rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz.
- rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817).
- s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
- sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
- sched/rt: Fix RT utilization tracking during policy change (git-fixes)
- scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
- scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970).
- scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- scsi: libfc: Fix array index out of bound exception (bsc#1188616).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385).
- scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385).
- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385).
- scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392).
- scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
- scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392).
- scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392).
- scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Add key update (bsc#1189392).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392).
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392).
- scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392).
- scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes).
- serial: tegra: Only print FIFO error message when an error occurs (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes).
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes).
- spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- spi: stm32h7: fix full duplex irq handler handling (git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes).
- staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
- tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes).
- tracing / histogram: Give calculation hist_fields a size (git-fixes).
- tracing: Reject string operand in the histogram expression (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455).
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes).
- usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes).
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- usb: dwc3: Separate field holding multiple properties (git-fixes).
- usb: dwc3: Stop active transfers before halting the controller (git-fixes).
- usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
- usb: dwc3: Use devres to get clocks (git-fixes).
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes).
- usb: dwc3: debug: Remove newline printout (git-fixes).
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes).
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes).
- usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
- usb: dwc3: gadget: Do not setup more than requested (git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes).
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes).
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
- usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes).
- usb: dwc3: support continuous runtime PM with dual role (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes).
- usb: gadget: Export recommended BESL values (git-fixes).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes).
- usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
- usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- virt_wifi: fix error on connect (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device (git-fixes).
- wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
- wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes).
- wireguard: allowedips: remove nodes in O(1) (git-fixes).
- writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
- x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
- x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489).
- x86/fpu: Reset state for all signal restore failures (bsc#1152489).
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489).
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- xprtrdma: Pad optimization, revisited (bsc#1189760).
ImportantSUSE bug 1040364SUSE bug 1127650SUSE bug 1135481SUSE bug 1152489SUSE bug 1160010SUSE bug 1167032SUSE bug 1168202SUSE bug 1174969SUSE bug 1175052SUSE bug 1175543SUSE bug 1177399SUSE bug 1180141SUSE bug 1180347SUSE bug 1181148SUSE bug 1181972SUSE bug 1184114SUSE bug 1184180SUSE bug 1185675SUSE bug 1185902SUSE bug 1186264SUSE bug 1186731SUSE bug 1187211SUSE bug 1187455SUSE bug 1187468SUSE bug 1187619SUSE bug 1188067SUSE bug 1188172SUSE bug 1188418SUSE bug 1188439SUSE bug 1188616SUSE bug 1188780SUSE bug 1188781SUSE bug 1188782SUSE bug 1188783SUSE bug 1188784SUSE bug 1188786SUSE bug 1188787SUSE bug 1188788SUSE bug 1188790SUSE bug 1188878SUSE bug 1188885SUSE bug 1188924SUSE bug 1188982SUSE bug 1188983SUSE bug 1188985SUSE bug 1189021SUSE bug 1189057SUSE bug 1189077SUSE bug 1189153SUSE bug 1189197SUSE bug 1189209SUSE bug 1189210SUSE bug 1189212SUSE bug 1189213SUSE bug 1189214SUSE bug 1189215SUSE bug 1189216SUSE bug 1189217SUSE bug 1189218SUSE bug 1189219SUSE bug 1189220SUSE bug 1189221SUSE bug 1189222SUSE bug 1189229SUSE bug 1189262SUSE bug 1189291SUSE bug 1189292SUSE bug 1189298SUSE bug 1189301SUSE bug 1189305SUSE bug 1189323SUSE bug 1189384SUSE bug 1189385SUSE bug 1189392SUSE bug 1189399SUSE bug 1189400SUSE bug 1189427SUSE bug 1189449SUSE bug 1189503SUSE bug 1189504SUSE bug 1189505SUSE bug 1189506SUSE bug 1189507SUSE bug 1189562SUSE bug 1189563SUSE bug 1189564SUSE bug 1189565SUSE bug 1189566SUSE bug 1189567SUSE bug 1189568SUSE bug 1189569SUSE bug 1189573SUSE bug 1189574SUSE bug 1189575SUSE bug 1189576SUSE bug 1189577SUSE bug 1189579SUSE bug 1189581SUSE bug 1189582SUSE bug 1189583SUSE bug 1189585SUSE bug 1189586SUSE bug 1189587SUSE bug 1189706SUSE bug 1189760SUSE bug 1189832SUSE bug 1189841SUSE bug 1189870SUSE bug 1189883SUSE bug 1190025SUSE bug 1190115SUSE bug 1190117SUSE bug 1190131SUSE bug 1190181CVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDcpe:/o:suse:suse-microos:5.0Security update for hivex (Moderate)SUSE Linux Enterprise Micro 5.0
This update for hivex fixes the following issues:
- CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060).
ModerateSUSE bug 1189060CVE-2021-3622 at SUSECVE-2021-3622 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
- CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
- CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
The following non-security bugs were fixed:
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
- ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes).
- ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
- ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes).
- ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
- ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
- ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes).
- Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
- Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted
- Fix breakage of swap over NFS (bsc#1188924).
- Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
- HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
- HID: input: do not report stylus battery state as 'full' (git-fixes).
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
- KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788).
- KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780).
- KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782).
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783).
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784).
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- Move upstreamed BT fixes into sorted section
- NFS: Correct size calculation for create reply length (bsc#1189870).
- NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021)
- NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes).
- NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
- README: Modernize build instructions.
- Revert 'ACPICA: Fix memory leak caused by _CID repair function' (git-fixes).
- Revert 'USB: serial: ch341: fix character loss at high transfer rates' (git-fixes).
- Revert 'dmaengine: imx-sdma: refine to load context only once' (git-fixes).
- Revert 'gpio: eic-sprd: Use devm_platform_ioremap_resource()' (git-fixes).
- Revert 'mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711' (git-fixes).
- SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924).
- SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021).
- USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
- USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes).
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- bdi: Do not use freezable workqueue (bsc#1189573).
- blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
- blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503).
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- block: fix trace completion for chained bio (bsc#1189505).
- brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- btrfs: do async reclaim for data reservations (bsc#1135481).
- btrfs: don't force commit if we are data (bsc#1135481).
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077).
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077).
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- btrfs: use ticketing for data space reservations (bsc#1135481).
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes).
- ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468).
- ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468).
- ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427).
- cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes).
- cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181).
- cgroup: verify that source is a string (bsc#1190131).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- cpuidle: Consolidate disabled state checks (bsc#1175543)
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- cpuidle: cpuidle_state kABI fix (bsc#1175543)
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
- crypto: qat - use proper type for vf_mask (git-fixes).
- crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes).
- dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes).
- dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
- drm/nouveau/disp: power down unused DP links during init (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes).
- drm: Copy drm_wait_vblank to user before returning (git-fixes).
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568).
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576).
- ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
- ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
- firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes).
- fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
- gpio: eic-sprd: break loop when getting NULL device resource (git-fixes).
- gpio: tqmx86: really make IRQ optional (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time (git-fixes).
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- intel_idle: Annotate init time data structures (bsc#1175543)
- intel_idle: Customize IceLake server support (bsc#1175543)
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- intel_idle: Use ACPI _CST on server systems (bsc#1175543)
- iommu/amd: Fix extended features logging (bsc#1189213).
- iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
- iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215).
- iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216).
- iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
- iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219).
- iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220).
- iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221).
- iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
- iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes).
- kABI fix of usb_dcd_config_params (git-fixes).
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021)
- kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- md/raid10: properly indicate failure when ending a failed write request (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
- media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
- memcg: enable accounting for file lock caches (bsc#1190115).
- misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes).
- misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes).
- mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301).
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569).
- mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes).
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes).
- mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes).
- nbd: Aovid double completion of a request (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- nbd: do not update block size after device is started (git-fixes).
- net/mlx5: Properly convey driver version to firmware (git-fixes).
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes).
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme: code command_id with a genctr for use-after-free validation (bsc#1181972).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
- ocfs2: fix snprintf() checking (bsc#1189581).
- ocfs2: fix zero out valid data (bsc#1189579).
- ocfs2: initialize ip_next_orphan (bsc#1186731).
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439).
- overflow: Correct check_shl_overflow() comment (git-fixes).
- ovl: allow upperdir inside lowerdir (bsc#1189323).
- ovl: expand warning in ovl_d_real() (bsc#1189323).
- ovl: fix missing revert_creds() on error path (bsc#1189323).
- ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
- ovl: skip getxattr of security labels (bsc#1189323).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes).
- platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes).
- power: supply: max17042: handle fails of reading status register (git-fixes).
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
- powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906).
- powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes).
- powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes)
- powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes).
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm: Abolish image suffix (bsc#1189841).
- rpm: Define $certs as rpm macro (bsc#1189841).
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841).
- rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz.
- rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817).
- s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
- sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
- sched/rt: Fix RT utilization tracking during policy change (git-fixes)
- scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
- scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970).
- scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- scsi: libfc: Fix array index out of bound exception (bsc#1188616).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385).
- scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385).
- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385).
- scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392).
- scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
- scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392).
- scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392).
- scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Add key update (bsc#1189392).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392).
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392).
- scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392).
- scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes).
- serial: tegra: Only print FIFO error message when an error occurs (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes).
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes).
- spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- spi: stm32h7: fix full duplex irq handler handling (git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes).
- staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
- tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes).
- tracing / histogram: Give calculation hist_fields a size (git-fixes).
- tracing: Reject string operand in the histogram expression (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455).
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes).
- usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes).
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- usb: dwc3: Separate field holding multiple properties (git-fixes).
- usb: dwc3: Stop active transfers before halting the controller (git-fixes).
- usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
- usb: dwc3: Use devres to get clocks (git-fixes).
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes).
- usb: dwc3: debug: Remove newline printout (git-fixes).
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes).
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes).
- usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
- usb: dwc3: gadget: Do not setup more than requested (git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes).
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes).
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
- usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes).
- usb: dwc3: support continuous runtime PM with dual role (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes).
- usb: gadget: Export recommended BESL values (git-fixes).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes).
- usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
- usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- virt_wifi: fix error on connect (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device (git-fixes).
- wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
- wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes).
- wireguard: allowedips: remove nodes in O(1) (git-fixes).
- writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
- x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
- x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489).
- x86/fpu: Reset state for all signal restore failures (bsc#1152489).
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489).
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- xprtrdma: Pad optimization, revisited (bsc#1189760).
ImportantSUSE bug 1040364SUSE bug 1127650SUSE bug 1135481SUSE bug 1152489SUSE bug 1160010SUSE bug 1167032SUSE bug 1168202SUSE bug 1174969SUSE bug 1175052SUSE bug 1175543SUSE bug 1177399SUSE bug 1180141SUSE bug 1180347SUSE bug 1181148SUSE bug 1181972SUSE bug 1184114SUSE bug 1184180SUSE bug 1185675SUSE bug 1185902SUSE bug 1186264SUSE bug 1186731SUSE bug 1187211SUSE bug 1187455SUSE bug 1187468SUSE bug 1187619SUSE bug 1188067SUSE bug 1188172SUSE bug 1188418SUSE bug 1188439SUSE bug 1188616SUSE bug 1188780SUSE bug 1188781SUSE bug 1188782SUSE bug 1188783SUSE bug 1188784SUSE bug 1188786SUSE bug 1188787SUSE bug 1188788SUSE bug 1188790SUSE bug 1188878SUSE bug 1188885SUSE bug 1188924SUSE bug 1188982SUSE bug 1188983SUSE bug 1188985SUSE bug 1189021SUSE bug 1189057SUSE bug 1189077SUSE bug 1189153SUSE bug 1189197SUSE bug 1189209SUSE bug 1189210SUSE bug 1189212SUSE bug 1189213SUSE bug 1189214SUSE bug 1189215SUSE bug 1189216SUSE bug 1189217SUSE bug 1189218SUSE bug 1189219SUSE bug 1189220SUSE bug 1189221SUSE bug 1189222SUSE bug 1189229SUSE bug 1189262SUSE bug 1189291SUSE bug 1189292SUSE bug 1189298SUSE bug 1189301SUSE bug 1189305SUSE bug 1189323SUSE bug 1189384SUSE bug 1189385SUSE bug 1189392SUSE bug 1189399SUSE bug 1189400SUSE bug 1189427SUSE bug 1189449SUSE bug 1189503SUSE bug 1189504SUSE bug 1189505SUSE bug 1189506SUSE bug 1189507SUSE bug 1189562SUSE bug 1189563SUSE bug 1189564SUSE bug 1189565SUSE bug 1189566SUSE bug 1189567SUSE bug 1189568SUSE bug 1189569SUSE bug 1189573SUSE bug 1189574SUSE bug 1189575SUSE bug 1189576SUSE bug 1189577SUSE bug 1189579SUSE bug 1189581SUSE bug 1189582SUSE bug 1189583SUSE bug 1189585SUSE bug 1189586SUSE bug 1189587SUSE bug 1189706SUSE bug 1189760SUSE bug 1189832SUSE bug 1189841SUSE bug 1189870SUSE bug 1189883SUSE bug 1190025SUSE bug 1190115SUSE bug 1190117SUSE bug 1190131SUSE bug 1190181CVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDcpe:/o:suse:suse-microos:5.0Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.0
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
ModerateSUSE bug 1190373SUSE bug 1190374CVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to 3.12.31 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
The following non-security bugs were fixed:
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1148868SUSE bug 1152489SUSE bug 1154353SUSE bug 1159886SUSE bug 1167773SUSE bug 1170774SUSE bug 1173746SUSE bug 1176940SUSE bug 1184439SUSE bug 1184804SUSE bug 1185302SUSE bug 1185677SUSE bug 1185726SUSE bug 1185762SUSE bug 1187167SUSE bug 1188067SUSE bug 1188651SUSE bug 1188986SUSE bug 1189297SUSE bug 1189841SUSE bug 1189884SUSE bug 1190023SUSE bug 1190062SUSE bug 1190115SUSE bug 1190159SUSE bug 1190358SUSE bug 1190406SUSE bug 1190432SUSE bug 1190467SUSE bug 1190523SUSE bug 1190534SUSE bug 1190543SUSE bug 1190576SUSE bug 1190595SUSE bug 1190596SUSE bug 1190598SUSE bug 1190620SUSE bug 1190626SUSE bug 1190679SUSE bug 1190705SUSE bug 1190717SUSE bug 1190746SUSE bug 1190758SUSE bug 1190784SUSE bug 1190785SUSE bug 1191172SUSE bug 1191193SUSE bug 1191240SUSE bug 1191292CVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-3669 at SUSECVE-2021-3669 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDcpe:/o:suse:suse-microos:5.0Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.0
This update for glibc fixes the following issues:
- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)
ModerateSUSE bug 1186489SUSE bug 1187911CVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDcpe:/o:suse:suse-microos:5.0Security update for rpm (Important)SUSE Linux Enterprise Micro 5.0
This update for rpm fixes the following issues:
Security issues fixed:
- CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)
- PGP hardening changes (bsc#1185299)
- Fixed potential access of freed mem in ndb's glue code (bsc#1179416)
Maintaince issues fixed:
- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)
ImportantSUSE bug 1179416SUSE bug 1183543SUSE bug 1183545SUSE bug 1183632SUSE bug 1183659SUSE bug 1185299SUSE bug 1187670SUSE bug 1188548CVE-2021-20266 at SUSECVE-2021-20266 at NVDCVE-2021-20271 at SUSECVE-2021-20271 at NVDCVE-2021-3421 at SUSECVE-2021-3421 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated.
The following security bugs were fixed:
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
The following non-security bugs were fixed:
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1148868SUSE bug 1152489SUSE bug 1154353SUSE bug 1159886SUSE bug 1167773SUSE bug 1170774SUSE bug 1173746SUSE bug 1176940SUSE bug 1184439SUSE bug 1184804SUSE bug 1185302SUSE bug 1185677SUSE bug 1185726SUSE bug 1185762SUSE bug 1187167SUSE bug 1188067SUSE bug 1188651SUSE bug 1188986SUSE bug 1189297SUSE bug 1189841SUSE bug 1189884SUSE bug 1190023SUSE bug 1190062SUSE bug 1190115SUSE bug 1190159SUSE bug 1190358SUSE bug 1190406SUSE bug 1190432SUSE bug 1190467SUSE bug 1190523SUSE bug 1190534SUSE bug 1190543SUSE bug 1190576SUSE bug 1190595SUSE bug 1190596SUSE bug 1190598SUSE bug 1190620SUSE bug 1190626SUSE bug 1190679SUSE bug 1190705SUSE bug 1190717SUSE bug 1190746SUSE bug 1190758SUSE bug 1190784SUSE bug 1190785SUSE bug 1191172SUSE bug 1191193SUSE bug 1191240SUSE bug 1191292CVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-3669 at SUSECVE-2021-3669 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDcpe:/o:suse:suse-microos:5.0Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for krb5 fixes the following issues:
- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).
ModerateSUSE bug 1189929CVE-2021-37750 at SUSECVE-2021-37750 at NVDcpe:/o:suse:suse-microos:5.0Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.0
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
ModerateSUSE bug 1190793CVE-2021-39537 at SUSECVE-2021-39537 at NVDcpe:/o:suse:suse-microos:5.0Security update for containerd, docker, runc (Important)SUSE Linux Enterprise Micro 5.0
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355
- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)
- Install systemd service file as well (bsc#1190826)
Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ('interrupted system call') on an
Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704
Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups
ImportantSUSE bug 1102408SUSE bug 1185405SUSE bug 1187704SUSE bug 1188282SUSE bug 1190826SUSE bug 1191015SUSE bug 1191121SUSE bug 1191334SUSE bug 1191355SUSE bug 1191434CVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDcpe:/o:suse:suse-microos:5.0Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.0
This update for util-linux fixes the following issues:
Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:
- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)
ModerateSUSE bug 1122417SUSE bug 1125886SUSE bug 1178236SUSE bug 1188921CVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:suse-microos:5.0Security update for pcre (Moderate)SUSE Linux Enterprise Micro 5.0
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
ModerateSUSE bug 1172973SUSE bug 1172974CVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:suse-microos:5.0Security update for dnsmasq (Moderate)SUSE Linux Enterprise Micro 5.0
This update for dnsmasq fixes the following issues:
Update to version 2.86
- CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709)
- CVE-2020-14312: Set --local-service by default (bsc#1173646).
- Open inotify socket only when used (bsc#1180914).
ModerateSUSE bug 1173646SUSE bug 1180914SUSE bug 1183709CVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDcpe:/o:suse:suse-microos:5.0Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.0
This update for salt fixes the following issues:
- Support querying for JSON data in external sql pillar.
- Exclude the full path of a download URL to prevent injection of malicious code.
(bsc#1190265, CVE-2021-21996)
ModerateSUSE bug 1190265CVE-2021-21996 at SUSECVE-2021-21996 at NVDcpe:/o:suse:suse-microos:5.0Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.0
This update for libvirt fixes the following issues:
- CVE-2021-3667: Fixed a DoS vulnerability in the libvirt virStoragePoolLookupByTargetPath API. (bsc#1188843)
ModerateSUSE bug 1177902SUSE bug 1186398SUSE bug 1188232SUSE bug 1188843SUSE bug 1190420SUSE bug 1190693SUSE bug 1190695CVE-2021-3667 at SUSECVE-2021-3667 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Important)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)
Non-security issues fixed:
- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)
ImportantSUSE bug 1189234SUSE bug 1189702SUSE bug 1189938SUSE bug 1190425CVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 Real Time kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
The following non-security bugs were fixed:
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085030SUSE bug 1152489SUSE bug 1154353SUSE bug 1156395SUSE bug 1157177SUSE bug 1167773SUSE bug 1172073SUSE bug 1173604SUSE bug 1176940SUSE bug 1184673SUSE bug 1185762SUSE bug 1186063SUSE bug 1187167SUSE bug 1188563SUSE bug 1189841SUSE bug 1190006SUSE bug 1190067SUSE bug 1190349SUSE bug 1190351SUSE bug 1190479SUSE bug 1190620SUSE bug 1190642SUSE bug 1190795SUSE bug 1190941SUSE bug 1191229SUSE bug 1191241SUSE bug 1191315SUSE bug 1191317SUSE bug 1191349SUSE bug 1191384SUSE bug 1191449SUSE bug 1191450SUSE bug 1191451SUSE bug 1191452SUSE bug 1191455SUSE bug 1191456SUSE bug 1191628SUSE bug 1191731SUSE bug 1191800SUSE bug 1191934SUSE bug 1191958SUSE bug 1192040SUSE bug 1192041SUSE bug 1192107SUSE bug 1192145CVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
The following non-security bugs were fixed:
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- NFS: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself (bsc#1191628 bsc#1192549).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085030SUSE bug 1152489SUSE bug 1154353SUSE bug 1156395SUSE bug 1157177SUSE bug 1167773SUSE bug 1172073SUSE bug 1173604SUSE bug 1176940SUSE bug 1184673SUSE bug 1185762SUSE bug 1186063SUSE bug 1187167SUSE bug 1188563SUSE bug 1189841SUSE bug 1190006SUSE bug 1190067SUSE bug 1190349SUSE bug 1190351SUSE bug 1190479SUSE bug 1190620SUSE bug 1190642SUSE bug 1190795SUSE bug 1190941SUSE bug 1191229SUSE bug 1191241SUSE bug 1191315SUSE bug 1191317SUSE bug 1191349SUSE bug 1191384SUSE bug 1191449SUSE bug 1191450SUSE bug 1191451SUSE bug 1191452SUSE bug 1191455SUSE bug 1191456SUSE bug 1191628SUSE bug 1191731SUSE bug 1191800SUSE bug 1191934SUSE bug 1191958SUSE bug 1192040SUSE bug 1192041SUSE bug 1192107SUSE bug 1192145SUSE bug 1192267SUSE bug 1192549CVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDcpe:/o:suse:suse-microos:5.0Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.0
This update for glibc fixes the following issues:
- libio: do not attempt to free wide buffers of legacy streams (bsc#1183085)
- CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)
ModerateSUSE bug 1027496SUSE bug 1183085CVE-2016-10228 at SUSECVE-2016-10228 at NVDcpe:/o:suse:suse-microos:5.0Security update for ruby2.5 (Important)SUSE Linux Enterprise Micro 5.0
This update for ruby2.5 fixes the following issues:
- CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
- CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
ImportantSUSE bug 1188160SUSE bug 1188161SUSE bug 1190375CVE-2021-31799 at SUSECVE-2021-31799 at NVDCVE-2021-31810 at SUSECVE-2021-31810 at NVDCVE-2021-32066 at SUSECVE-2021-32066 at NVDcpe:/o:suse:suse-microos:5.0Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.0
This update for xen fixes the following issues:
- CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).
- Update to Xen 4.13.4 bug fix release (bsc#1027519).
ModerateSUSE bug 1027519SUSE bug 1191363SUSE bug 1192554SUSE bug 1192557SUSE bug 1192559CVE-2021-28702 at SUSECVE-2021-28702 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDcpe:/o:suse:suse-microos:5.0Security update for aaa_base (Moderate)SUSE Linux Enterprise Micro 5.0
This update for aaa_base fixes the following issues:
- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)
ModerateSUSE bug 1162581SUSE bug 1174504SUSE bug 1191563SUSE bug 1192248cpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
The following non-security bugs were fixed:
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath6kl: fix division by zero in send path (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Fix potential race in tail call compatibility check (git-fixes).
- btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- config: disable unprivileged BPF by default (jsc#SLE-22573)
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
- exfat: fix erroneous discard when clear cluster bit (git-fixes).
- exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
- exfat: properly set s_time_gran (bsc#1192328).
- exfat: truncate atimes to 2s granularity (bsc#1192328).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- fuse: fix page stealing (bsc#1192718).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
- HID: u2fzero: clarify error check and length calculations (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
- libertas: Fix possible memory leak in probe and disconnect (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
- mwifiex: fix division by zero in fw download path (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
- nvme-pci: set min_align_mask (bsc#1191851).
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- ocfs2: fix data corruption on truncate (bsc#1190795).
- PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
- PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
- power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes).
- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
- printk: handle blank console arguments passed in (bsc#1192753).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- r8152: add a helper function about setting EEE (git-fixes).
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
- r8152: Disable PLA MCU clock speed down (git-fixes).
- r8152: disable U2P3 for RTL8153B (git-fixes).
- r8152: divide the tx and rx bottom functions (git-fixes).
- r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
- r8152: fix runtime resume for linking change (git-fixes).
- r8152: replace array with linking list for rx information (git-fixes).
- r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
- r8152: saving the settings of EEE (git-fixes).
- r8152: separate the rx buffer size (git-fixes).
- r8152: use alloc_pages for rx buffer (git-fixes).
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
- Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).
- Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
- Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).
- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
- rsi: fix control-message timeout (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- usb: iowarrior: fix control-message timeouts (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- usb: serial: keyspan: fix memleak on probe errors (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- x86/msi: Force affinity setup before startup (bsc#1152489).
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
- xen: Fix implicit type conversion (git-fixes).
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- xfs: do not allow log writes if the data device is readonly (bsc#1192229).
- zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
ImportantSUSE bug 1094840SUSE bug 1133021SUSE bug 1152489SUSE bug 1169263SUSE bug 1170269SUSE bug 1188601SUSE bug 1190523SUSE bug 1190795SUSE bug 1191790SUSE bug 1191851SUSE bug 1191958SUSE bug 1191961SUSE bug 1191980SUSE bug 1192045SUSE bug 1192229SUSE bug 1192273SUSE bug 1192328SUSE bug 1192718SUSE bug 1192740SUSE bug 1192745SUSE bug 1192750SUSE bug 1192753SUSE bug 1192781SUSE bug 1192802SUSE bug 1192896SUSE bug 1192906SUSE bug 1192918CVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDcpe:/o:suse:suse-microos:5.0Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.0
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
ImportantSUSE bug 1193170CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-microos:5.0Security update for glib-networking (Important)SUSE Linux Enterprise Micro 5.0
This update for glib-networking fixes the following issues:
Update to version 2.62.4:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
ImportantSUSE bug 1172460CVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:suse-microos:5.0Security update for python-Babel (Important)SUSE Linux Enterprise Micro 5.0
This update for python-Babel fixes the following issues:
- CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768).
ImportantSUSE bug 1185768CVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:suse-microos:5.0Security update for gmp (Moderate)SUSE Linux Enterprise Micro 5.0
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
ModerateSUSE bug 1192717CVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux RT Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
- CVE-2020-27820: Fixed a use-after-free in nouveau's postclose() handler that could have happened during device or driver removal (bnc#1179599).
The following non-security bugs were fixed:
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath6kl: fix division by zero in send path (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Fix potential race in tail call compatibility check (git-fixes).
- btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
- btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
- btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
- btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
- btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
- btrfs: make checksum item extension more efficient (bsc#1193002).
- btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- config: disable unprivileged BPF by default (jsc#SLE-22573)
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
- elfcore: fix building with clang (bsc#1169514).
- exfat: fix erroneous discard when clear cluster bit (git-fixes).
- exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
- exfat: properly set s_time_gran (bsc#1192328).
- exfat: truncate atimes to 2s granularity (bsc#1192328).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- fuse: fix page stealing (bsc#1192718).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
- gve: Add netif_set_xps_queue call (bsc#1176940).
- gve: Add rx buffer pagecnt bias (bsc#1176940).
- gve: Allow pageflips on larger pages (bsc#1176940).
- gve: DQO: avoid unused variable warnings (bsc#1176940).
- gve: Track RX buffer allocation failures (bsc#1176940).
- HID: u2fzero: clarify error check and length calculations (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
- libertas: Fix possible memory leak in probe and disconnect (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
- mwifiex: fix division by zero in fw download path (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
- nvme-pci: set min_align_mask (bsc#1191851).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- ocfs2: fix data corruption on truncate (bsc#1190795).
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
- PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
- power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes).
- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
- printk: handle blank console arguments passed in (bsc#1192753).
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- r8152: add a helper function about setting EEE (git-fixes).
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
- r8152: Disable PLA MCU clock speed down (git-fixes).
- r8152: disable U2P3 for RTL8153B (git-fixes).
- r8152: divide the tx and rx bottom functions (git-fixes).
- r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
- r8152: fix runtime resume for linking change (git-fixes).
- r8152: replace array with linking list for rx information (git-fixes).
- r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
- r8152: saving the settings of EEE (git-fixes).
- r8152: separate the rx buffer size (git-fixes).
- r8152: use alloc_pages for rx buffer (git-fixes).
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
- Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).
- Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
- Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).
- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
- rsi: fix control-message timeout (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- usb: iowarrior: fix control-message timeouts (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- usb: serial: keyspan: fix memleak on probe errors (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- x86/msi: Force affinity setup before startup (bsc#1152489).
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- xen: Fix implicit type conversion (git-fixes).
- xfs: do not allow log writes if the data device is readonly (bsc#1192229).
- zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
ImportantSUSE bug 1094840SUSE bug 1133021SUSE bug 1152489SUSE bug 1153275SUSE bug 1169263SUSE bug 1169514SUSE bug 1170269SUSE bug 1176940SUSE bug 1179599SUSE bug 1188601SUSE bug 1190523SUSE bug 1190795SUSE bug 1191790SUSE bug 1191851SUSE bug 1191958SUSE bug 1191961SUSE bug 1191980SUSE bug 1192045SUSE bug 1192229SUSE bug 1192273SUSE bug 1192328SUSE bug 1192718SUSE bug 1192740SUSE bug 1192745SUSE bug 1192750SUSE bug 1192753SUSE bug 1192781SUSE bug 1192802SUSE bug 1192896SUSE bug 1192906SUSE bug 1192918SUSE bug 1192987SUSE bug 1192998SUSE bug 1193002CVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDcpe:/o:suse:suse-microos:5.0Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for python3 fixes the following issues:
- CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241)
- CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287)
- CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374)
- Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338).
ModerateSUSE bug 1180125SUSE bug 1183374SUSE bug 1183858SUSE bug 1185588SUSE bug 1187338SUSE bug 1187668SUSE bug 1189241SUSE bug 1189287CVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDcpe:/o:suse:suse-microos:5.0Security update for p11-kit (Important)SUSE Linux Enterprise Micro 5.0
This update for p11-kit fixes the following issues:
- CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).
ImportantSUSE bug 1180064SUSE bug 1187993CVE-2020-29361 at SUSECVE-2020-29361 at NVDcpe:/o:suse:suse-microos:5.0Security update for runc (Moderate)SUSE Linux Enterprise Micro 5.0
This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
ModerateSUSE bug 1193436CVE-2021-43784 at SUSECVE-2021-43784 at NVDcpe:/o:suse:suse-microos:5.0Security update for permissions (Moderate)SUSE Linux Enterprise Micro 5.0
This update for permissions fixes the following issues:
- Update to version 20181225:
* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
ModerateSUSE bug 1174504cpe:/o:suse:suse-microos:5.0Security update for kernel-firmware (Low)SUSE Linux Enterprise Micro 5.0
This update for kernel-firmware fixes the following issues:
- CVE-2019-15126: Updated Broadcom firmware to fix Kr00k bug (bsc#1167162).
LowSUSE bug 1167162CVE-2019-15126 at SUSECVE-2019-15126 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).
- CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).
- CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).
by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).
- CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially
enable an escalation of privilege via local access (bsc#1181720).
- CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially
enable a denial of service via local access (bsc#1181735).
- CVE-2020-12364: Fixed a null pointer reference which may have allowed a privileged user to potentially
enable a denial of service via local access (bsc#1181736 ).
- CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user
to potentially enable a denial of service via local access (bsc#1181738).
- CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access
because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).
The following non-security bugs were fixed:
- ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes).
- ACPI: property: Fix fwnode string properties matching (git-fixes).
- ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes).
- ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes).
- ALSA: hda: Add another CometLake-H PCI ID (git-fixes).
- ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes).
- ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).
- ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes).
- ALSA: pcm: Call sync_stop at disconnection (git-fixes).
- ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes).
- ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes).
- ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes).
- ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes).
- ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes).
- ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes).
- ALSA: usb-audio: More strict state change in EP (git-fixes).
- amba: Fix resource leak for drivers without .remove (git-fixes).
- arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)
- ASoC: cpcap: fix microphone timeslot mask (git-fixes).
- ASoC: cs42l56: fix up error handling in probe (git-fixes).
- ASoC: simple-card-utils: Fix device module clock (git-fixes).
- ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes).
- ata: ahci_brcm: Add back regulators management (git-fixes).
- ata: sata_nv: Fix retrieving of active qcs (git-fixes).
- ath10k: Fix error handling in case of CE pipe init failure (git-fixes).
- ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes).
- bcache: fix overflow in offset_to_stripe() (git-fixes).
- blk-mq: call commit_rqs while list empty but error happen (bsc#1182442).
- blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443).
- blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444).
- block: fix inflight statistics of part0 (bsc#1182445).
- block: respect queue limit of max discard segment (bsc#1182441).
- block: virtio_blk: fix handling single range discard request (bsc#1182439).
- Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes).
- Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes).
- Bluetooth: drop HCI device reference before return (git-fixes).
- Bluetooth: Fix initializing response id after clearing struct (git-fixes).
- Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).
- Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes).
- bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes).
- bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
- bnxt_en: fix error return code in bnxt_init_one() (git-fixes).
- bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes).
- bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
- bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes).
- bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).
- bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).
- bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).
- bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518).
- bpf, cgroup: Fix problematic bounds check (bsc#1155518).
- btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626).
- btrfs: Cleanup try_flush_qgroup (bsc#1182047).
- btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).
- btrfs: fix race between RO remount and the cleaner task (bsc#1182626).
- btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626).
- btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626).
- btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: lift read-write mount setup from mount and remount (bsc#1182626).
- btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626).
- btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).
- btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).
- caif: no need to check return value of debugfs_create functions (git-fixes).
- ceph: fix flush_snap logic after putting caps (bsc#1182854).
- cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683).
- cgroup: fix psi monitor for root cgroup (bsc#1182686).
- cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684).
- chelsio/chtls: correct function return and return type (git-fixes).
- chelsio/chtls: correct netdevice for vlan interface (git-fixes).
- chelsio/chtls: fix a double free in chtls_setkey() (git-fixes).
- chelsio/chtls: fix always leaking ctrl_skb (git-fixes).
- chelsio/chtls: fix deadlock issue (git-fixes).
- chelsio/chtls: fix memory leaks caused by a race (git-fixes).
- chelsio/chtls: fix memory leaks in CPL handlers (git-fixes).
- chelsio/chtls: fix panic during unload reload chtls (git-fixes).
- chelsio/chtls: fix socket lock (git-fixes).
- chelsio/chtls: fix tls record info to user (git-fixes).
- Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268).
- chtls: Added a check to avoid NULL pointer dereference (git-fixes).
- chtls: Fix chtls resources release sequence (git-fixes).
- chtls: Fix hardware tid leak (git-fixes).
- chtls: Fix panic when route to peer not configured (git-fixes).
- chtls: Remove invalid set_tcb call (git-fixes).
- chtls: Replace skb_dequeue with skb_peek (git-fixes).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).
- cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes).
- clk: meson: clk-pll: make 'ret' a signed integer (git-fixes).
- clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes).
- clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes).
- clk: sunxi-ng: h6: Fix CEC clock (git-fixes).
- clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes).
- clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes).
- clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in ->remove() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes).
- cpuset: fix race between hotplug work and later CPU offline (bsc#1182676).
- crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes).
- crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes).
- cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
- cxgb4: fix all-mask IP address comparison (git-fixes).
- cxgb4: fix checks for max queues to allocate (git-fixes).
- cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
- cxgb4: fix set but unused variable when DCB is disabled (git-fixes).
- cxgb4: fix SGE queue dump destination buffer context (git-fixes).
- cxgb4: fix the panic caused by non smac rewrite (git-fixes).
- cxgb4: move DCB version extern to header file (git-fixes).
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes).
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- cxgb4: remove cast when saving IPv4 partial checksum (git-fixes).
- cxgb4: set up filter action after rewrites (git-fixes).
- cxgb4: use correct type for all-mask IP address comparison (git-fixes).
- cxgb4: use unaligned conversion for fetching timestamp (git-fixes).
- dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes).
- dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes).
- dmaengine: hsu: disable spurious interrupt (git-fixes).
- dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes).
- dm crypt: avoid truncating the logical block size (git-fixes).
- dm: fix bio splitting and its bio completion order for regular IO (git-fixes).
- dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529).
- dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529).
- dm thin metadata: fix lockdep complaint (bsc#1177529).
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529).
- dm: use noio when sending kobject event (bsc#1177529).
- docs: filesystems: vfs: correct flag name (bsc#1182856).
- dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes).
- drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).
- drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes).
- drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes).
- drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes).
- drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes).
- drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes).
- drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes).
- drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes).
- drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes).
- drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes).
- drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes).
- drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes).
- drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes).
- drm/gma500: Fix error return code in psb_driver_load() (git-fixes).
- drm/meson: Unbind all connectors on module removal (bsc#1152472)
- drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472)
- drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472)
- drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472)
- drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472)
- drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489)
- Drop HID logitech patch that caused a regression (bsc#1182259)
- exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes).
- exfat: Avoid allocating upcase table using kcalloc() (git-fixes).
- ext4: do not remount read-only with errors=continue on reboot (bsc#1182464).
- ext4: fix a memory leak of ext4_free_data (bsc#1182447).
- ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).
- ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).
- ext4: fix superblock checksum failure when setting password salt (bsc#1182465).
- ext4: prevent creating duplicate encrypted filenames (bsc#1182446).
- fgraph: Initialize tracing_graph_pause at task creation (git-fixes).
- firmware_loader: align .builtin_fw to 8 (git-fixes).
- fscrypt: add fscrypt_is_nokey_name() (bsc#1182446).
- fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446).
- fs: fix lazytime expiration handling in __writeback_single_inode() (bsc#1182466).
- gma500: clean up error handling in init (git-fixes).
- gpio: pcf857x: Fix missing first interrupt (git-fixes).
- HID: core: detect and skip invalid inputs to snto32() (git-fixes).
- HID: make arrays usage and value to be the same (git-fixes).
- HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes).
- hwrng: timeriomem - Fix cooldown period calculation (git-fixes).
- i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).
- i2c: iproc: handle only slave interrupts which are enabled (git-fixes).
- i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes).
- i2c: stm32f7: fix configuration of the digital filter (git-fixes).
- i3c: master: dw: Drop redundant disec call (git-fixes).
- i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025).
- i40e: avoid premature Rx buffer reuse (git-fixes).
- i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).
- i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
- i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).
- i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025).
- iavf: fix double-release of rtnl_lock (git-fixes).
- iavf: fix error return code in iavf_init_get_resources() (git-fixes).
- iavf: fix speed reporting over virtchnl (git-fixes).
- iavf: Fix updating statistics (git-fixes).
- ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591).
- ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591).
- ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).
- ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: device remove has higher precedence over reset (bsc#1065729).
- ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591).
- ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).
- ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).
- ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960).
- ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: serialize access to work queue on remove (bsc#1065729).
- ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes).
- ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591).
- ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290).
- ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926).
- ice: Fix MSI-X vector fallback logic (jsc#SLE-7926).
- igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes).
- igc: fix link speed advertising (git-fixes).
- igc: Fix returning wrong statistics (git-fixes).
- igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes).
- igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes).
- include/linux/memremap.h: remove stale comments (git-fixes).
- Input: elo - fix an error code in elo_connect() (git-fixes).
- Input: i8042 - unbreak Pegatron C15B (git-fixes).
- Input: joydev - prevent potential read overflow in ioctl (git-fixes).
- Input: sur40 - fix an error code in sur40_probe() (git-fixes).
- Input: xpad - sync supported devices with fork on GitHub (git-fixes).
- iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes).
- iwlwifi: mvm: guard against device removal in reprobe (git-fixes).
- iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes).
- iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes).
- iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes).
- iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes).
- iwlwifi: pcie: fix context info memory leak (git-fixes).
- iwlwifi: pcie: reschedule in long-running memory reads (git-fixes).
- iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes).
- ixgbe: avoid premature Rx buffer reuse (git-fixes).
- ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes).
- kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995).
- kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).
- kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191).
- kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine.
- kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-{source,binary}.spec: do not include ghost symlinks (boo#1179082).')
- kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).
- kernel/smp: add more data to CSD lock debugging (bsc#1180846).
- kernel/smp: prepare more CSD lock debugging (bsc#1180846).
- kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).
- KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818).
- KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818).
- KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489).
- KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380).
- KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX: Emulate MTF when performing instruction emulation' (bsc#1182380).
- KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995).
- KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770).
- KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798).
- KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800).
- KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490).
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381).
- KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374).
- KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801).
- KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995).
- KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406).
- libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).
- lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599).
- linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes).
- mac80211: 160MHz with extended NSS BW in CSA (git-fixes).
- mac80211: fix fast-rx encryption check (git-fixes).
- mac80211: fix potential overflow when multiplying to u32 integers (git-fixes).
- mac80211: pause TX while changing interface type (git-fixes).
- macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost.
- MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290).
- matroxfb: avoid -Warray-bounds warning (bsc#1152472)
- media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes).
- media: camss: missing error code in msm_video_register() (git-fixes).
- media: cx25821: Fix a bug when reallocating some dma memory (git-fixes).
- media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes).
- media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes).
- media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes).
- media: lmedm04: Fix misuse of comma (git-fixes).
- media: media/pci: Fix memleak in empress_init (git-fixes).
- media: mt9v111: Remove unneeded device-managed puts (git-fixes).
- media: pwc: Use correct device for DMA (bsc#1181133).
- media: pxa_camera: declare variable when DEBUG is defined (git-fixes).
- media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes).
- media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes).
- media: tm6000: Fix memleak in tm6000_start_stream (git-fixes).
- media: vsp1: Fix an error handling path in the probe function (git-fixes).
- mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes).
- memory: ti-aemif: Drop child node when jumping out loop (git-fixes).
- mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes).
- mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes).
- misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes).
- misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes).
- mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes).
- mlxsw: core: Fix memory leak on module removal (git-fixes).
- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).
- mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes).
- mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes).
- mlxsw: core: Increase scope of RCU read-side critical section (git-fixes).
- mlxsw: core: Use variable timeout for EMAD retries (git-fixes).
- mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes).
- mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes).
- mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes).
- mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes).
- mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes).
- mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes).
- mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273).
- mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes).
- mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273).
- mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes).
- net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes).
- net: axienet: Fix error return code in axienet_probe() (git-fixes).
- net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).
- net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
- net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).
- net: bcmgenet: set Rx mode before starting netif (git-fixes).
- net: bcmgenet: use hardware padding of runt frames (git-fixes).
- net: broadcom CNIC: requires MMU (git-fixes).
- net: caif: Fix debugfs on 64-bit platforms (git-fixes).
- net/cxgb4: Check the return from t4_query_params properly (git-fixes).
- net: cxgb4: fix return error value in t4_prep_fw (git-fixes).
- net: dsa: bcm_sf2: Fix overflow checks (git-fixes).
- net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes).
- net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes).
- net: dsa: mt7530: set CPU port to fallback mode (git-fixes).
- net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).
- net: ethernet: ave: Fix error returns in ave_init (git-fixes).
- net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes).
- net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes).
- net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes).
- net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes).
- net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes).
- net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes).
- net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes).
- net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353).
- net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes).
- net: hns3: add a missing uninit debugfs when unload driver (git-fixes).
- net: hns3: add reset check for VF updating port based VLAN (git-fixes).
- net: hns3: clear port base VLAN when unload PF (git-fixes).
- net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes).
- net: hns3: fix a TX timeout issue (git-fixes).
- net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes).
- net: hns3: fix for mishandle of asserting VF reset fail (git-fixes).
- net: hns3: fix for VLAN config when reset failed (git-fixes).
- net: hns3: fix RSS config lost after VF reset (git-fixes).
- net: hns3: fix set and get link ksettings issue (git-fixes).
- net: hns3: fix 'tc qdisc del' failed issue (git-fixes).
- net: hns3: fix the number of queues actually used by ARQ (git-fixes).
- net: hns3: fix use-after-free when doing self test (git-fixes).
- net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes).
- net: hns: fix return value check in __lb_other_process() (git-fixes).
- net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).
- net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes).
- net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes).
- net: macb: mark device wake capable when 'magic-packet' property present (git-fixes).
- net/mlx4_core: fix a memory leak bug (git-fixes).
- net/mlx4_core: Fix init_hca fields offset (git-fixes).
- net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854).
- net/mlx4_en: Handle TX error CQE (bsc#1181854).
- net/mlx5: Add handling of port type in rule deletion (git-fixes).
- net/mlx5: Annotate mutex destroy for root ns (git-fixes).
- net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
- net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes).
- net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes).
- net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes).
- net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes).
- net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes).
- net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes).
- net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes).
- net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes).
- net/mlx5e: Fix endianness handling in pedit mask (git-fixes).
- net/mlx5e: Fix error path of device attach (git-fixes).
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).
- net/mlx5e: Fix two double free cases (git-fixes).
- net/mlx5e: Fix VLAN cleanup flow (git-fixes).
- net/mlx5e: Fix VLAN create flow (git-fixes).
- net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes).
- net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes).
- net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes).
- net/mlx5e: Reduce tc unsupported key print level (git-fixes).
- net/mlx5e: Rename hw_modify to preactivate (git-fixes).
- net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes).
- net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes).
- net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes).
- net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes).
- net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes).
- net/mlx5e: Use preactivate hook to set the indirection table (git-fixes).
- net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes).
- net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).
- net/mlx5: Fix deletion of duplicate rules (git-fixes).
- net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes).
- net/mlx5: Fix memory leak on flow table creation error flow (git-fixes).
- net/mlx5: Fix request_irqs error flow (git-fixes).
- net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes).
- net/mlx5: Query PPS pin operational status before registering it (git-fixes).
- net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes).
- net: moxa: Fix a potential double 'free_irq()' (git-fixes).
- net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes).
- net: mscc: ocelot: fix address ageing time (again) (git-fixes).
- net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes).
- net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes).
- net: mvpp2: disable force link UP during port init procedure (git-fixes).
- net: mvpp2: Fix error return code in mvpp2_open() (git-fixes).
- net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes).
- net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).
- net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes).
- net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes).
- net: mvpp2: Remove Pause and Asym_Pause support (git-fixes).
- net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes).
- net: netsec: Correct dma sync for XDP_TX frames (git-fixes).
- net: nixge: fix potential memory leak in nixge_probe() (git-fixes).
- net: octeon: mgmt: Repair filling of RX ring (git-fixes).
- net: phy: at803x: use operating parameters from PHY-specific status (git-fixes).
- net: phy: extract link partner advertisement reading (git-fixes).
- net: phy: extract pause mode (git-fixes).
- net: phy: marvell10g: fix null pointer dereference (git-fixes).
- net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes).
- net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes).
- net: qca_spi: fix receive buffer size check (git-fixes).
- net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
- net: qede: fix PTP initialization on recovery (git-fixes).
- net: qede: fix use-after-free on recovery and AER handling (git-fixes).
- net: qede: stop adding events on an already destroyed workqueue (git-fixes).
- net: qed: fix async event callbacks unregistering (git-fixes).
- net: qed: fix excessive QM ILT lines consumption (git-fixes).
- net: qed: fix 'maybe uninitialized' warning (git-fixes).
- net: qed: fix NVMe login fails over VFs (git-fixes).
- net: qed: RDMA personality shouldn't fail VF load (git-fixes).
- net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293).
- net: rmnet: do not allow to add multiple bridge interfaces (git-fixes).
- net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes).
- net: rmnet: fix bridge mode bugs (git-fixes).
- net: rmnet: fix lower interface leak (git-fixes).
- net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes).
- net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes).
- net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes).
- net: rmnet: fix suspicious RCU usage (git-fixes).
- net: rmnet: print error message when command fails (git-fixes).
- net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes).
- net: rmnet: use upper/lower device infrastructure (git-fixes).
- net, sctp, filter: remap copy_from_user failure error (bsc#1181637).
- net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).
- net/sonic: Add mutual exclusion for accessing shared state (git-fixes).
- net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
- net: stmmac: Always arm TX Timer at end of transmission start (git-fixes).
- net: stmmac: Do not accept invalid MTU values (git-fixes).
- net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: Enable 16KB buffer size (git-fixes).
- net: stmmac: fix disabling flexible PPS output (git-fixes).
- net: stmmac: fix length of PTP clock's name string (git-fixes).
- net: stmmac: Fix the TX IOC in xmit path (git-fixes).
- net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
- net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes).
- net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes).
- net: stmmac: xgmac: Clear previous RX buffer size (git-fixes).
- net: sun: fix missing release regions in cas_init_one() (git-fixes).
- net: team: fix memory leak in __team_options_register (git-fixes).
- net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes).
- net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes).
- net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes).
- nvme-hwmon: rework to avoid devm allocation (bsc#1177326).
- nvme-multipath: Early exit if no path is available (bsc#1180964).
- nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137).
- nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547).
- objtool: Do not fail on missing symbol table (bsc#1169514).
- perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989).
- perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989).
- perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989).
- perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989).
- perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989).
- perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989).
- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989).
- phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes).
- phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes).
- platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes).
- platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes).
- platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes).
- powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345).
- powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395).
- powerpc: Fix alignment bug within the init sections (bsc#1065729).
- powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395).
- powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159).
- powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159).
- powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159).
- powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes).
- powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530).
- powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159).
- powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159).
- powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159).
- powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159).
- powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159).
- powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159).
- powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159).
- powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159).
- powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159).
- powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159).
- powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729).
- powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624).
- powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080).
- powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080).
- powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395).
- powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395).
- powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395).
- powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924).
- powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074).
- powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855).
- powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes).
- powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900).
- powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159).
- powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159).
- powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159).
- powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes).
- powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159).
- powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159).
- powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159).
- powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159).
- powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159).
- powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).
- powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159).
- powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159).
- powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159).
- powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159).
- powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159).
- powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159).
- powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159).
- powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159).
- powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159).
- power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes).
- pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530).
- pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530).
- qed: fix error return code in qed_iwarp_ll2_start() (git-fixes).
- qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes).
- qed: Populate nvm-file attributes while reading nvm config partition (git-fixes).
- qed: select CONFIG_CRC32 (git-fixes).
- qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).
- quota: Fix memory leak when handling corrupted quota file (bsc#1182650).
- quota: Sanity-check quota file headers on load (bsc#1182461).
- r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes).
- r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes).
- rcu/nocb: Perform deferred wake up before last idle's (git-fixes)
- rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes)
- rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes)
- RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248).
- RDMA/efa: Count admin commands errors (bsc#1176248).
- RDMA/efa: Count mmap failures (bsc#1176248).
- RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248).
- RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248).
- RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248).
- RDMA/efa: Expose minimum SQ size (bsc#1176248).
- RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248).
- RDMA/efa: Properly document the interrupt mask register (bsc#1176248).
- RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248).
- RDMA/efa: Report create CQ error counter (bsc#1176248).
- RDMA/efa: Report host information to the device (bsc#1176248).
- RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248).
- RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248).
- RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248).
- RDMA/efa: Use the correct current and new states in modify QP (git-fixes).
- regulator: axp20x: Fix reference cout leak (git-fixes).
- regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes).
- regulator: core: avoid regulator_resolve_supply() race condition (git-fixes).
- regulator: Fix lockdep warning resolving supplies (git-fixes).
- regulator: s5m8767: Drop regulators OF node reference (git-fixes).
- regulator: s5m8767: Fix reference count leak (git-fixes).
- reiserfs: add check for an invalid ih_entry_count (bsc#1182462).
- reset: hisilicon: correct vendor prefix (git-fixes).
- Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290).
- Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes).
- Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes).
- Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464).
- rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439)
- rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)
- rtc: s5m: select REGMAP_I2C (git-fixes).
- rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9).
- s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes).
- s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes).
- sched: Reenable interrupts in do_sched_yield() (git-fixes)
- scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958).
- sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes).
- sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes).
- sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes).
- smp: Add source and destination CPUs to __call_single_data (bsc#1180846).
- smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes).
- smsc95xx: check return value of smsc95xx_reset (git-fixes).
- soc: aspeed: snoop: Add clock control logic (git-fixes).
- spi: atmel: Put allocated master before return (git-fixes).
- spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes).
- spi: spi-synquacer: fix set_cs handling (git-fixes).
- spi: stm32: properly handle 0 byte transfer (git-fixes).
- squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266).
- squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267).
- squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268).
- staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes).
- target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109).
- team: set dev->needed_headroom in team_setup_by_port() (git-fixes).
- tpm: Remove tpm_dev_wq_lock (git-fixes).
- tpm_tis: Clean up locality release (git-fixes).
- tpm_tis: Fix check_locality for correct locality acquisition (git-fixes).
- tracing: Check length before giving out the filter buffer (git-fixes).
- tracing: Do not count ftrace events in top level enable output (git-fixes).
- tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes).
- tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes).
- tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes).
- ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459).
- ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454).
- ubifs: prevent creating duplicate encrypted filenames (bsc#1182457).
- ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456).
- ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455).
- ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458).
- Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).
- Update config files: Set ledtrig-default-on as builtin (bsc#1182128)
- USB: dwc2: Abort transaction after errors with unknown reason (git-fixes).
- USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes).
- USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes).
- USB: dwc3: fix clock issue during resume in OTG mode (git-fixes).
- USB: gadget: legacy: fix an error code in eth_bind() (git-fixes).
- USB: gadget: u_audio: Free requests only after callback (git-fixes).
- USB: mUSB: Fix runtime PM race in musb_queue_resume_work (git-fixes).
- USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes).
- USB: quirks: sort quirk entries (git-fixes).
- USB: renesas_usbhs: Clear pipe running flag in USBhs_pkt_pop() (git-fixes).
- USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes).
- USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes).
- USB: serial: mos7720: fix error code in mos7720_write() (git-fixes).
- USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes).
- USB: serial: mos7840: fix error code in mos7840_write() (git-fixes).
- USB: serial: option: Adding support for Cinterion MV31 (git-fixes).
- USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes).
- veth: Adjust hard_start offset on redirect XDP frames (git-fixes).
- vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265).
- virtio_net: Fix error code in probe() (git-fixes).
- virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).
- virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes).
- virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes).
- vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).
- vxlan: fix memleak of fdb (git-fixes).
- wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes).
- writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).
- x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489).
- x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191).
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).
- xen/netback: fix spurious event detection for common event case (bsc#1182175).
- xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272).
- xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558).
- xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276).
- xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430).
- xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273).
- xfs: ratelimit xfs_discard_page messages (bsc#1182283).
- xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561).
- xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275).
- xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278).
- xfs: strengthen rmap record flags checking (git-fixes bsc#1182271).
- xhci: fix bounce buffer usage for non-sg list case (git-fixes).
The kernel-default-base packaging was changed:
- Added squashfs for kiwi installiso support (bsc#1182341)
- Added fuse (bsc#1182507)
- Added modules which got lost when migrating away from supported.conf (bsc#1182110):
* am53c974 had a typo
* cls_bpf, iscsi_ibft, libahci, libata, openvswitch, sch_ingress
- Also added vport-* modules for Open vSwitch
ImportantSUSE bug 1065600SUSE bug 1065729SUSE bug 1078720SUSE bug 1081134SUSE bug 1084610SUSE bug 1132477SUSE bug 1151927SUSE bug 1152472SUSE bug 1152489SUSE bug 1154353SUSE bug 1155518SUSE bug 1156395SUSE bug 1163776SUSE bug 1169514SUSE bug 1170442SUSE bug 1176248SUSE bug 1176855SUSE bug 1177109SUSE bug 1177326SUSE bug 1177440SUSE bug 1177529SUSE bug 1178142SUSE bug 1178995SUSE bug 1179082SUSE bug 1179137SUSE bug 1179243SUSE bug 1179428SUSE bug 1179660SUSE bug 1179929SUSE bug 1180058SUSE bug 1180846SUSE bug 1180964SUSE bug 1180989SUSE bug 1181133SUSE bug 1181259SUSE bug 1181544SUSE bug 1181574SUSE bug 1181637SUSE bug 1181655SUSE bug 1181671SUSE bug 1181674SUSE bug 1181710SUSE bug 1181720SUSE bug 1181735SUSE bug 1181736SUSE bug 1181738SUSE bug 1181747SUSE bug 1181753SUSE bug 1181818SUSE bug 1181843SUSE bug 1181854SUSE bug 1181896SUSE bug 1181958SUSE bug 1181960SUSE bug 1181985SUSE bug 1182047SUSE bug 1182110SUSE bug 1182118SUSE bug 1182128SUSE bug 1182140SUSE bug 1182171SUSE bug 1182175SUSE bug 1182259SUSE bug 1182265SUSE bug 1182266SUSE bug 1182267SUSE bug 1182268SUSE bug 1182271SUSE bug 1182272SUSE bug 1182273SUSE bug 1182275SUSE bug 1182276SUSE bug 1182278SUSE bug 1182283SUSE bug 1182341SUSE bug 1182374SUSE bug 1182380SUSE bug 1182381SUSE bug 1182406SUSE bug 1182430SUSE bug 1182439SUSE bug 1182441SUSE bug 1182442SUSE bug 1182443SUSE bug 1182444SUSE bug 1182445SUSE bug 1182446SUSE bug 1182447SUSE bug 1182449SUSE bug 1182454SUSE bug 1182455SUSE bug 1182456SUSE bug 1182457SUSE bug 1182458SUSE bug 1182459SUSE bug 1182460SUSE bug 1182461SUSE bug 1182462SUSE bug 1182463SUSE bug 1182464SUSE bug 1182465SUSE bug 1182466SUSE bug 1182485SUSE bug 1182489SUSE bug 1182490SUSE bug 1182507SUSE bug 1182547SUSE bug 1182558SUSE bug 1182560SUSE bug 1182561SUSE bug 1182571SUSE bug 1182599SUSE bug 1182602SUSE bug 1182626SUSE bug 1182650SUSE bug 1182672SUSE bug 1182676SUSE bug 1182683SUSE bug 1182684SUSE bug 1182686SUSE bug 1182770SUSE bug 1182798SUSE bug 1182800SUSE bug 1182801SUSE bug 1182854SUSE bug 1182856CVE-2020-12362 at SUSECVE-2020-12362 at NVDCVE-2020-12363 at SUSECVE-2020-12363 at NVDCVE-2020-12364 at SUSECVE-2020-12364 at NVDCVE-2020-12373 at SUSECVE-2020-12373 at NVDCVE-2020-29368 at SUSECVE-2020-29368 at NVDCVE-2020-29374 at SUSECVE-2020-29374 at NVDCVE-2021-26930 at SUSECVE-2021-26930 at NVDCVE-2021-26931 at SUSECVE-2021-26931 at NVDCVE-2021-26932 at SUSECVE-2021-26932 at NVDcpe:/o:suse:suse-microos:5.0Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for openssl-1_1 fixes the following issues:
- CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333)
- CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331)
- Fixed unresolved error codes in FIPS (bsc#1182959).
ModerateSUSE bug 1182331SUSE bug 1182333SUSE bug 1182959CVE-2021-23840 at SUSECVE-2021-23840 at NVDCVE-2021-23841 at SUSECVE-2021-23841 at NVDcpe:/o:suse:suse-microos:5.0Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.0
This update for glib2 fixes the following issues:
- CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if
the length is larger than guint. (bsc#1182328)
- CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362)
ImportantSUSE bug 1182328SUSE bug 1182362CVE-2021-27218 at SUSECVE-2021-27218 at NVDCVE-2021-27219 at SUSECVE-2021-27219 at NVDcpe:/o:suse:suse-microos:5.0Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.0
This update for nghttp2 fixes the following issues:
- CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358)
ImportantSUSE bug 1172442SUSE bug 1181358CVE-2020-11080 at SUSECVE-2020-11080 at NVDcpe:/o:suse:suse-microos:5.0Security update for ruby2.5 (Important)SUSE Linux Enterprise Micro 5.0
This update for ruby2.5 fixes the following issues:
- CVE-2020-25613: Fixed a potential HTTP Request Smuggling in WEBrick (bsc#1177125).
- Enable optimizations also on ARM64 (bsc#1177222)
ImportantSUSE bug 1177125SUSE bug 1177222CVE-2020-25613 at SUSECVE-2020-25613 at NVDcpe:/o:suse:suse-microos:5.0Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.0
This update for gnutls fixes the following issues:
- CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456).
- CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457).
ImportantSUSE bug 1183456SUSE bug 1183457CVE-2021-20231 at SUSECVE-2021-20231 at NVDCVE-2021-20232 at SUSECVE-2021-20232 at NVDcpe:/o:suse:suse-microos:5.0Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.0
This update for python3 fixes the following issues:
- python36 was updated to 3.6.13
- CVE-2021-23336: Fixed a potential web cache poisoning by using a semicolon in query parameters use of semicolon as a query string separator (bsc#1182379).
ModerateSUSE bug 1182379CVE-2021-23336 at SUSECVE-2021-23336 at NVDcpe:/o:suse:suse-microos:5.0Security update for zstd (Moderate)SUSE Linux Enterprise Micro 5.0
This update for zstd fixes the following issues:
- CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371).
- CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370).
ModerateSUSE bug 1183370SUSE bug 1183371CVE-2021-24031 at SUSECVE-2021-24031 at NVDCVE-2021-24032 at SUSECVE-2021-24032 at NVDcpe:/o:suse:suse-microos:5.0Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.0
This update for openssl-1_1 fixes the security issue:
* CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted
renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation
ClientHello omits the signature_algorithms extension but includes a
signature_algorithms_cert extension, then a NULL pointer dereference will
result, leading to a crash and a denial of service attack. OpenSSL TLS
clients are not impacted by this issue. [bsc#1183852]
ImportantSUSE bug 1183852CVE-2021-3449 at SUSECVE-2021-3449 at NVDcpe:/o:suse:suse-microos:5.0Security update for tar (Low)SUSE Linux Enterprise Micro 5.0
This update for tar fixes the following issues:
CVE-2021-20193: Memory leak in read_header() in list.c (bsc#1181131)
LowSUSE bug 1181131CVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:suse-microos:5.0Recommended update for the Azure SDK and CLI (Moderate)SUSE Linux Enterprise Micro 5.0
This update for the Azure SDK and CLI adds support for the AHB (Azure Hybrid Benefit).
(bsc#1176784, jsc#ECO=3105)
ModerateSUSE bug 1125671SUSE bug 1140565SUSE bug 1154393SUSE bug 1174514SUSE bug 1175289SUSE bug 1176784SUSE bug 1176785SUSE bug 1178168CVE-2020-14343 at SUSECVE-2020-14343 at NVDCVE-2020-25659 at SUSECVE-2020-25659 at NVDcpe:/o:suse:suse-microos:5.0Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.0
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
ModerateSUSE bug 1195258CVE-2021-22570 at SUSECVE-2021-22570 at NVDcpe:/o:suse:suse-microos:5.0Security update for salt (Important)SUSE Linux Enterprise Micro 5.0
This update for salt fixes the following issues:
- CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
- CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)
ImportantSUSE bug 1197417CVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDcpe:/o:suse:suse-microos:5.0Security update for zlib (Important)SUSE Linux Enterprise Micro 5.0
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:suse-microos:5.0Security update for yaml-cpp (Moderate)SUSE Linux Enterprise Micro 5.0
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
ModerateSUSE bug 1121227SUSE bug 1121230SUSE bug 1122004SUSE bug 1122021CVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:suse-microos:5.0Security update for virglrenderer (Important)SUSE Linux Enterprise Micro 5.0
This update for virglrenderer fixes the following issues:
- CVE-2022-0175: Fixed missing initialization of res->ptr (bsc#1194601).
ImportantSUSE bug 1194601CVE-2022-0175 at SUSECVE-2022-0175 at NVDcpe:/o:suse:suse-microos:5.0Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.0
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:suse-microos:5.0Security update for libsolv, libzypp, zypper (Important)SUSE Linux Enterprise Micro 5.0
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
ImportantSUSE bug 1184501SUSE bug 1194848SUSE bug 1195999SUSE bug 1196061SUSE bug 1196317SUSE bug 1196368SUSE bug 1196514SUSE bug 1196925SUSE bug 1197134cpe:/o:suse:suse-microos:5.0Security update for xz (Important)SUSE Linux Enterprise Micro 5.0
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated.
The following security bugs were fixed:
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836)
- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
- CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373)
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830)
The following non-security bugs were fixed:
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- net: tipc: validate domain record count on input (bsc#1195254).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
ImportantSUSE bug 1179639SUSE bug 1189562SUSE bug 1193731SUSE bug 1194943SUSE bug 1195051SUSE bug 1195254SUSE bug 1195353SUSE bug 1195403SUSE bug 1195939SUSE bug 1196018SUSE bug 1196196SUSE bug 1196468SUSE bug 1196488SUSE bug 1196761SUSE bug 1196823SUSE bug 1196830SUSE bug 1196836SUSE bug 1196956SUSE bug 1197227SUSE bug 1197331SUSE bug 1197366SUSE bug 1197389SUSE bug 1197462SUSE bug 1197702SUSE bug 1197914SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823).
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032).
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033).
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031).
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331).
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation (bnc#1197702).
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462).
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836).
- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image (bsc#1196079).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235).
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018).
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761).
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227).
The following non-security bugs were fixed:
- cifs: use the correct max-length for dentry_path_raw() (bsc#1196196).
- gve: multiple bugfixes (jsc#SLE-23652).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
ImportantSUSE bug 1179639SUSE bug 1189126SUSE bug 1189562SUSE bug 1193731SUSE bug 1194516SUSE bug 1194943SUSE bug 1195051SUSE bug 1195254SUSE bug 1195286SUSE bug 1195353SUSE bug 1195403SUSE bug 1195516SUSE bug 1195543SUSE bug 1195612SUSE bug 1195897SUSE bug 1195905SUSE bug 1195939SUSE bug 1195987SUSE bug 1196018SUSE bug 1196079SUSE bug 1196095SUSE bug 1196155SUSE bug 1196196SUSE bug 1196235SUSE bug 1196468SUSE bug 1196488SUSE bug 1196612SUSE bug 1196761SUSE bug 1196776SUSE bug 1196823SUSE bug 1196830SUSE bug 1196836SUSE bug 1196956SUSE bug 1197227SUSE bug 1197331SUSE bug 1197366SUSE bug 1197389SUSE bug 1197462SUSE bug 1197702SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDcpe:/o:suse:suse-microos:5.0Security update for xen (Important)SUSE Linux Enterprise Micro 5.0
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
- CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue
mitigations (bsc#1196915).
ImportantSUSE bug 1194267SUSE bug 1196915SUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:suse-microos:5.0Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.0
This update for dnsmasq fixes the following issues:
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1197872CVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:suse-microos:5.0Recommended update for salt (Important)SUSE Linux Enterprise Micro 5.0
This update for salt fixes the following issues:
- Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions processed at the same time (bsc#1197637)
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks (bsc#1182851, bsc#1196432)
- Restrict 'state.orchestrate_single' to pass a pillar value if it exists (bsc#1194632)
ImportantSUSE bug 1182851SUSE bug 1194632SUSE bug 1196050SUSE bug 1196432SUSE bug 1197417SUSE bug 1197533SUSE bug 1197637CVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDcpe:/o:suse:suse-microos:5.0Security update for permissions (Moderate)SUSE Linux Enterprise Micro 5.0
This update for permissions fixes the following issues:
- Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).
ModerateSUSE bug 1169614cpe:/o:suse:suse-microos:5.0Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.0
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:suse-microos:5.0Security update for ruby2.5 (Important)SUSE Linux Enterprise Micro 5.0
This update for ruby2.5 fixes the following issues:
- CVE-2022-28739: Fixed a buffer overrun in String-to-Float conversion (bsc#1198441).
- CVE-2021-41817: Fixed a regular expression denial of service in Date Parsing Methods (bsc#1193035).
- CVE-2021-32066: Fixed a StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).
- CVE-2021-31810: Fixed a trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
- CVE-2021-31799: Fixed a command injection vulnerability in RDoc (bsc#1190375).
ImportantSUSE bug 1188160SUSE bug 1188161SUSE bug 1190375SUSE bug 1193035SUSE bug 1198441CVE-2021-31799 at SUSECVE-2021-31799 at NVDCVE-2021-31810 at SUSECVE-2021-31810 at NVDCVE-2021-32066 at SUSECVE-2021-32066 at NVDCVE-2021-41817 at SUSECVE-2021-41817 at NVDCVE-2022-28739 at SUSECVE-2022-28739 at NVDcpe:/o:suse:suse-microos:5.0Security update for tar (Moderate)SUSE Linux Enterprise Micro 5.0
This update for tar fixes the following issues:
- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).
- Update to GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- Update to GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- prepare usrmerge (bsc#1029961)
- Update to GNU 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- Update to GNU 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the '-K NAME' option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
ModerateSUSE bug 1029961SUSE bug 1120610SUSE bug 1130496SUSE bug 1181131CVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:suse-microos:5.0Security update for gzip (Important)SUSE Linux Enterprise Micro 5.0
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
ImportantSUSE bug 1198062SUSE bug 1198922CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-microos:5.0Security update for e2fsprogs (Important)SUSE Linux Enterprise Micro 5.0
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:suse-microos:5.0Security update for containerd, docker (Important)SUSE Linux Enterprise Micro 5.0
This update for containerd, docker fixes the following issues:
- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).
ImportantSUSE bug 1193930SUSE bug 1196441SUSE bug 1197284SUSE bug 1197517CVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.0Security update for expat (Important)SUSE Linux Enterprise Micro 5.0
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
ImportantSUSE bug 1194251SUSE bug 1194362SUSE bug 1194474SUSE bug 1194476SUSE bug 1194477SUSE bug 1194478SUSE bug 1194479SUSE bug 1194480CVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE MicroOS 5.0 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990)
- CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
- CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
- CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
- CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
- CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
- CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that could allow an authenticate user to cause a denial of service (bnc#1192877).
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845)
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
The following non-security bugs were fixed:
- acpi: battery: Accept charges over the design capacity as full (git-fixes).
- acpi: pmic: Fix intel_pmic_regs_handler() read accesses (git-fixes).
- acpica: Avoid evaluating methods too early during system resume (git-fixes).
- alsa: ISA: not for M68K (git-fixes).
- alsa: ctxfi: Fix out-of-range access (git-fixes).
- alsa: gus: fix null pointer dereference on pointer block (git-fixes).
- alsa: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
- alsa: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
- alsa: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
- alsa: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
- alsa: timer: Fix use-after-free problem (git-fixes).
- alsa: timer: Unconditionally unlink slave instances, too (git-fixes).
- alsa: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
- arm: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
- arm: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
- arm: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
- arm: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
- arm: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
- arm: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
- arm: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
- arm: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
- arm: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
- arm: 9134/1: remove duplicate memcpy() definition (git-fixes)
- arm: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
- arm: 9141/1: only warn about XIP address when not compile testing (git-fixes)
- arm: 9155/1: fix early early_iounmap() (git-fixes)
- arm: OMAP2+: Fix legacy mode dss_reset (git-fixes)
- arm: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
- arm: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
- arm: at91: pm: of_node_put() after its usage (git-fixes)
- arm: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
- arm: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
- arm: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
- arm: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
- arm: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
- arm: dts: Configure missing thermal interrupt for 4430 (git-fixes)
- arm: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
- arm: dts: Fix duovero smsc interrupt for suspend (git-fixes)
- arm: dts: NSP: Correct FA2 mailbox node (git-fixes)
- arm: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
- arm: dts: NSP: Fixed QSPI compatible string (git-fixes)
- arm: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
- arm: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
- arm: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
- arm: dts: am437x-l4: fix typo in can@0 node (git-fixes)
- arm: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
- arm: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
- arm: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
- arm: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
- arm: dts: aspeed: tiogapass: Remove vuart (git-fixes)
- arm: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
- arm: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
- arm: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
- arm: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
- arm: dts: at91: sama5d2: map securam as device (git-fixes)
- arm: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
- arm: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
- arm: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
- arm: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
- arm: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
- arm: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
- arm: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes)
- arm: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
- arm: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
- arm: dts: dra76x: m_can: fix order of clocks (git-fixes)
- arm: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
- arm: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
- arm: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
- arm: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
- arm: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
- arm: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
- arm: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
- arm: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
- arm: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
- arm: dts: gose: Fix ports node name for adv7180 (git-fixes)
- arm: dts: gose: Fix ports node name for adv7612 (git-fixes)
- arm: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
- arm: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
- arm: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
- arm: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
- arm: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
- arm: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
- arm: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
- arm: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
- arm: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
- arm: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
- arm: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
- arm: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
- arm: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
- arm: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
- arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
- arm: dts: imx6sl: fix rng node (git-fixes)
- arm: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
- arm: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
- arm: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
- arm: dts: imx6sx: Improve UART pins macro defines (git-fixes)
- arm: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
- arm: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
- arm: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
- arm: dts: imx7ulp: Correct gpio ranges (git-fixes)
- arm: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
- arm: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
- arm: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
- arm: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
- arm: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
- arm: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
- arm: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
- arm: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
- arm: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
- arm: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
- arm: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
- arm: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
- arm: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
- arm: dts: meson: fix PHY deassert timing requirements (git-fixes)
- arm: dts: mt7623: add missing pause for switchport (git-fixes)
- arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
- arm: dts: omap3430-sdp: Fix NAND device node (git-fixes)
- arm: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
- arm: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
- arm: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
- arm: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
- arm: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
- arm: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
- arm: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
- arm: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
- arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
- arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
- arm: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
- arm: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
- arm: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
- arm: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
- arm: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
- arm: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
- arm: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
- arm: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
- arm: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
- arm: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: turris-omnia: add SFP node (git-fixes)
- arm: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
- arm: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
- arm: dts: turris-omnia: describe switch interrupt (git-fixes)
- arm: dts: turris-omnia: enable HW buffer management (git-fixes)
- arm: dts: turris-omnia: fix hardware buffer management (git-fixes)
- arm: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
- arm: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
- arm: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
- arm: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
- arm: exynos: add missing of_node_put for loop iteration (git-fixes)
- arm: footbridge: fix PCI interrupt mapping (git-fixes)
- arm: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
- arm: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
- arm: imx: add missing clk_disable_unprepare() (git-fixes)
- arm: imx: add missing iounmap() (git-fixes)
- arm: imx: build suspend-imx6.S with arm instruction set (git-fixes)
- arm: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
- arm: mvebu: drop pointless check for coherency_base (git-fixes)
- arm: p2v: fix handling of LPAE translation in BE mode (git-fixes)
- arm: s3c24xx: fix missing system reset (git-fixes)
- arm: s3c24xx: fix mmc gpio lookup tables (git-fixes)
- arm: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
- arm: samsung: do not build plat/pm-common for Exynos (git-fixes)
- arm: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
- arm: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
- asoc: DAPM: Cover regression by kctl change notification fix (git-fixes).
- asoc: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
- asoc: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
- asoc: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
- asoc: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ath10k: fix invalid dma_addr_t token assignment (git-fixes).
- ath10k: high latency fixes for beacon buffer (git-fixes).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
- bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
- bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- cifs: Add SMB 2 support for getting and setting SACLs (bsc#1192606).
- cifs: Add get_security_type_str function to return sec type (bsc#1192606).
- cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
- cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
- cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
- cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
- cifs: Add witness information to debug data dump (bsc#1192606).
- cifs: Adjust indentation in smb2_open_file (bsc#1164565).
- cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
- cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
- cifs: Allocate encryption header through kmalloc (bsc#1192606).
- cifs: Always update signing key of first channel (bsc#1192606).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
- cifs: Avoid error pointer dereference (bsc#1192606).
- cifs: Avoid field over-reading memcpy() (bsc#1192606).
- cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX Create (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606).
- cifs: Clarify SMB1 code for SetFileSize (bsc#1192606).
- cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
- cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
- cifs: Clarify SMB1 code for delete (bsc#1192606).
- cifs: Clarify SMB1 code for rename open file (bsc#1192606).
- cifs: Clean up DFS referral cache (bsc#1164565).
- cifs: Close cached root handle only if it had a lease (bsc#1164565).
- cifs: Close open handle after interrupted close (bsc#1164565).
- cifs: Constify static struct genl_ops (bsc#1192606).
- cifs: Convert to use the fallthrough macro (bsc#1192606).
- cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
- cifs: Deal with some warnings from W=1 (bsc#1192606).
- cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
- cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
- cifs: Do not display RDMA transport on reconnect (bsc#1164565).
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
- cifs: Do not miss cancelled OPEN responses (bsc#1164565).
- cifs: Do not use iov_iter::type directly (bsc#1192606).
- cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
- cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
- cifs: Fix NULL pointer dereference in mid callback (bsc#1164565).
- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
- cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
- cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606).
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
- cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
- cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
- cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
- cifs: Fix fall-through warnings for Clang (bsc#1192606).
- cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
- cifs: Fix inconsistent indenting (bsc#1192606).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
- cifs: Fix missed free operations (bnc#1151927 5.3.8).
- cifs: Fix mode output in debugging statements (bsc#1164565).
- cifs: Fix mount options set in automount (bsc#1164565).
- cifs: Fix null pointer check in cifs_read (bsc#1192606).
- cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
- cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
- cifs: Fix return value in __update_cache_entry (bsc#1164565).
- cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
- cifs: Fix spelling of 'security' (bsc#1192606).
- cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
- cifs: Fix task struct use-after-free on reconnect (bsc#1164565).
- cifs: Fix the target file was deleted when rename failed (bsc#1192606).
- cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
- cifs: Fix use after free of file info structures (bnc#1151927 5.3.8).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
- cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
- cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
- cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
- cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
- cifs: Handle witness client move notification (bsc#1192606).
- cifs: Identify a connection by a conn_id (bsc#1192606).
- cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
- cifs: In the new mount api we get the full devname as source= (bsc#1192606).
- cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
- cifs: Introduce helpers for finding TCP connection (bsc#1164565).
- cifs: Make extract_hostname function public (bsc#1192606).
- cifs: Make extract_sharename function public (bsc#1192606).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
- cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
- cifs: Move more definitions into the shared area (bsc#1192606).
- cifs: New optype for session operations (bsc#1181507).
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
- cifs: Optimize readdir on reparse points (bsc#1164565).
- cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
- cifs: Properly process SMB3 lease breaks (bsc#1164565).
- cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
- cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
- cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
- cifs: Remove the superfluous break (bsc#1192606).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: Remove useless variable (bsc#1192606).
- cifs: Replace HTTP links with HTTPS ones (bsc#1192606).
- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
- cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
- cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
- cifs: Set cifs_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
- cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
- cifs: Silently ignore unknown oplock break handle (bsc#1192606).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
- cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606).
- cifs: Standardize logging output (bsc#1192606).
- cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
- cifs: Use #define in cifs_dbg (bsc#1164565).
- cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
- cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
- cifs: Warn less noisily on default mount (bsc#1192606).
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
- cifs: add SMB3 change notification support (bsc#1164565).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
- cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
- cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
- cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
- cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
- cifs: add files to host new mount api (bsc#1192606).
- cifs: add fs_context param to parsing helpers (bsc#1192606).
- cifs: add initial reconfigure support (bsc#1192606).
- cifs: add missing mount option to /proc/mounts (bsc#1164565).
- cifs: add missing parsing of backupuid (bsc#1192606).
- cifs: add mount parameter tcpnodelay (bsc#1192606).
- cifs: add multichannel mount options and data structs (bsc#1192606).
- cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
- cifs: add passthrough for smb2 setinfo (bsc#1164565).
- cifs: add server param (bsc#1192606).
- cifs: add shutdown support (bsc#1192606).
- cifs: add smb2 POSIX info level (bsc#1164565).
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
- cifs: add support for flock (bsc#1164565).
- cifs: add witness mount option and data structs (bsc#1192606).
- cifs: added WARN_ON for all the count decrements (bsc#1192606).
- cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
- cifs: allow chmod to set mode bits using special sid (bsc#1164565).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
- cifs: ask for more credit on async read/write code paths (bsc#1192606).
- cifs: avoid extra calls in posix_info_parse (bsc#1192606).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
- cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565).
- cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
- cifs: change format of cifs_FULL_KEY_DUMP ioctl (bsc#1192606).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: check new file size when extending file by fallocate (bsc#1192606).
- cifs: check pointer before freeing (bsc#1183534).
- cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
- cifs: cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
- cifs: cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
- cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
- cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
- cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
- cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
- cifs: cleanup misc.c (bsc#1192606).
- cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
- cifs: close the shared root handle on tree disconnect (bsc#1164565).
- cifs: compute full_path already in cifs_readdir() (bsc#1192606).
- cifs: connect individual channel servers to primary channel server (bsc#1192606).
- cifs: connect: style: Simplify bool comparison (bsc#1192606).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: constify path argument of ->make_node() (bsc#1192606).
- cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
- cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
- cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
- cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
- cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
- cifs: convert to use be32_add_cpu() (bsc#1192606).
- cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
- cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
- cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
- cifs: create a helper to find a writeable handle by path name (bsc#1154355).
- cifs: create sd context must be a multiple of 8 (bsc#1192606).
- cifs: delete duplicated words in header files (bsc#1192606).
- cifs: detect dead connections only when echoes are enabled (bsc#1192606).
- cifs: do d_move in rename (bsc#1164565).
- cifs: do not allow changing posix_paths during remount (bsc#1192606).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
- cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
- cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
- cifs: do not negotiate session if session already exists (bsc#1192606).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcons with DFS (bsc#1178270).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
- cifs: do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
- cifs: document and cleanup dfs mount (bsc#1178270).
- cifs: dump Security Type info in DebugData (bsc#1192606).
- cifs: dump channel info in DebugData (bsc#1192606).
- cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
- cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
- cifs: enable extended stats by default (bsc#1192606).
- cifs: ensure correct super block for DFS reconnect (bsc#1178270).
- cifs: escape spaces in share names (bsc#1192606).
- cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
- cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606).
- cifs: fix DFS failover (bsc#1192606).
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
- cifs: fix NULL dereference in match_prepath (bsc#1164565).
- cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
- cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
- cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
- cifs: fix a memleak with modefromsid (bsc#1192606).
- cifs: fix a sign extension bug (bsc#1192606).
- cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
- cifs: fix allocation size on newly created files (bsc#1192606).
- cifs: fix channel signing (bsc#1192606).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
- cifs: fix credit accounting for extra channel (bsc#1192606).
- cifs: fix dereference on ses before it is null checked (bsc#1164565).
- cifs: fix dfs domain referrals (bsc#1192606).
- cifs: fix dfs-links (bsc#1192606).
- cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
- cifs: fix double free error on share and prefix (bsc#1178270).
- cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
- cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
- cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
- cifs: fix incorrect kernel doc comments (bsc#1192606).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
- cifs: fix leaked reference on requeued write (bsc#1178270).
- cifs: fix max ea value size (bnc#1151927 5.3.4).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
- cifs: fix minor typos in comments and log messages (bsc#1192606).
- cifs: fix missing null session check in mount (bsc#1192606).
- cifs: fix missing spinlock around update to ses->status (bsc#1192606).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- cifs: fix mounts to subdirectories of target (bsc#1192606).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
- cifs: fix potential mismatch of UNC paths (bsc#1164565).
- cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
- cifs: fix reference leak for tlink (bsc#1192606).
- cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
- cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
- cifs: fix trivial typo (bsc#1192606).
- cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
- cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
- cifs: fix unneeded null check (bsc#1192606).
- cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
- cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
- cifs: for compound requests, use open handle if possible (bsc#1192606).
- cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
- cifs: get mode bits from special sid on stat (bsc#1164565).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: get rid of cifs_sb->mountdata (bsc#1192606).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
- cifs: handle 'guest' mount parameter (bsc#1192606).
- cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
- cifs: handle -EINTR in cifs_setattr (bsc#1192606).
- cifs: handle ERRBaduid for SMB1 (bsc#1192606).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
- cifs: handle prefix paths in reconnect (bsc#1164565).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
- cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
- cifs: ignore auto and noauto options if given (bsc#1192606).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: improve fallocate emulation (bsc#1192606).
- cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606).
- cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: log mount errors using cifs_errorf() (bsc#1192606).
- cifs: log warning message (once) if out of disk space (bsc#1164565).
- cifs: make build_path_from_dentry() return const char * (bsc#1192606).
- cifs: make const array static, makes object smaller (bsc#1192606).
- cifs: make fs_context error logging wrapper (bsc#1192606).
- cifs: make locking consistent around the server session status (bsc#1192606).
- cifs: make multichannel warning more visible (bsc#1192606).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
- cifs: minor fix to two debug messages (bsc#1192606).
- cifs: minor kernel style fixes for comments (bsc#1192606).
- cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
- cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
- cifs: minor updates to Kconfig (bsc#1192606).
- cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
- cifs: missed ref-counting smb session in find (bsc#1192606).
- cifs: missing null check for newinode pointer (bsc#1192606).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: modefromsid: make room for 4 ACE (bsc#1164565).
- cifs: modefromsid: write mode ACE first (bsc#1164565).
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
- cifs: move SMB FSCTL definitions to common code (bsc#1192606).
- cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
- cifs: move cache mount options to fs_context.ch (bsc#1192606).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
- cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
- cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
- cifs: move debug print out of spinlock (bsc#1192606).
- cifs: move security mount options into fs_context.ch (bsc#1192606).
- cifs: move smb version mount options into fs_context.c (bsc#1192606).
- cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
- cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
- cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
- cifs: move update of flags into a separate function (bsc#1192606).
- cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
- cifs: multichannel: move channel selection above transport layer (bsc#1192606).
- cifs: multichannel: move channel selection in function (bsc#1192606).
- cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
- cifs: multichannel: use pointer for binding channel (bsc#1192606).
- cifs: nosharesock should be set on new server (bsc#1192606).
- cifs: nosharesock should not share socket with future sessions (bsc#1192606).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
- cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
- cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
- cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
- cifs: populate server_hostname for extra channels (bsc#1192606).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: print warning mounting with vers=1.0 (bsc#1164565).
- cifs: properly invalidate cached root handle when closing it (bsc#1192606).
- cifs: protect session channel fields with chan_lock (bsc#1192606).
- cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
- cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
- cifs: reduce stack use in smb2_compound_op (bsc#1192606).
- cifs: refactor cifs_get_inode_info() (bsc#1164565).
- cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
- cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
- cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
- cifs: remove actimeo from cifs_sb (bsc#1192606).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
- cifs: remove duplicated prototype (bsc#1192606).
- cifs: remove old dead code (bsc#1192606).
- cifs: remove pathname for file from SPDX header (bsc#1192606).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
- cifs: remove redundant assignment to variable rc (bsc#1164565).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove set but not used variable 'server' (bsc#1164565).
- cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
- cifs: remove set but not used variables (bsc#1164565).
- cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
- cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
- cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
- cifs: remove unused variable 'server' (bsc#1192606).
- cifs: remove unused variable 'sid_user' (bsc#1164565).
- cifs: remove unused variable (bsc#1164565).
- cifs: remove various function description warnings (bsc#1192606).
- cifs: rename a variable in SendReceive() (bsc#1164565).
- cifs: rename cifs_common to smbfs_common (bsc#1192606).
- cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
- cifs: rename posix create rsp (bsc#1164565).
- cifs: rename reconn_inval_dfs_target() (bsc#1178270).
- cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
- cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
- cifs: return cached_fid from open_shroot (bsc#1192606).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: returning mount parm processing errors correctly (bsc#1192606).
- cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
- cifs: send workstation name during ntlmssp session setup (bsc#1192606).
- cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
- cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
- cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
- cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
- cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
- cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
- cifs: smbd: Check send queue size before posting a send (bsc#1192606).
- cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
- cifs: smbd: Merge code to track pending packets (bsc#1192606).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
- cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
- cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
- cifs: sort interface list by speed (bsc#1192606).
- cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
- cifs: style: replace one-element array with flexible-array (bsc#1192606).
- cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
- cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
- cifs: switch servers depending on binding state (bsc#1192606).
- cifs: switch to new mount api (bsc#1192606).
- cifs: try harder to open new channels (bsc#1192606).
- cifs: try opening channels after mounting (bsc#1192606).
- cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
- cifs: update FSCTL definitions (bsc#1192606).
- cifs: update ctime and mtime during truncate (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
- cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
- cifs: update super_operations to show_devname (bsc#1192606).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
- cifs: use SPDX-Licence-Identifier (bsc#1192606).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
- cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
- cifs: use echo_interval even when connection not ready (bsc#1192606).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
- cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
- cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
- cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
- cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
- clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
- clk: ingenic: Fix bugs with divided dividers (git-fixes).
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
- crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
- drm/msm: Do hw_init() before capturing GPU state (git-fixes).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
- drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
- drm/plane-helper: fix uninitialized variable reference (git-fixes).
- drm/vc4: fix error code in vc4_create_object() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
- edac/amd64: Handle three rank interleaving mode (bsc#1152489).
- elfcore: correct reference to CONFIG_UML (git-fixes).
- fs: cifs: Assign boolean values to a bool variable (bsc#1192606).
- fs: cifs: Fix atime update check vs mtime (bsc#1164565).
- fs: cifs: Fix resource leak (bsc#1192606).
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565).
- fs: cifs: Remove repeated struct declaration (bsc#1192606).
- fs: cifs: Remove unnecessary struct declaration (bsc#1192606).
- fs: cifs: Simplify bool comparison (bsc#1192606).
- fs: cifs: cifssmb.c: use true,false for bool variable (bsc#1164565).
- fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
- fs: cifs: fix gcc warning in sid_to_id (bsc#1192606).
- fs: cifs: fix misspellings using codespell tool (bsc#1192606).
- fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
- fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
- fs: cifs: sess.c: Remove set but not used variable 'capabilities' (bsc#1164565).
- fs: cifs: smb2ops.c: use true,false for bool variable (bsc#1164565).
- fs: cifs: smb2pdu.c: Make SMB2_notify_init static (bsc#1164565).
- fuse: release pipe buf after last use (bsc#1193318).
- i2c: cbus-gpio: set atomic transfer callback (git-fixes).
- i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
- i2c: stm32f7: recover the bus on access timeout (git-fixes).
- i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
- i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
- i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
- i40e: Fix pre-set max number of queues for VF (git-fixes).
- iavf: Fix reporting when setting descriptor count (git-fixes).
- iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
- iavf: Restore VLAN filters after link down (git-fixes).
- iavf: do not clear a lock we do not hold (git-fixes).
- ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
- ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: fix vsi->txq_map sizing (jsc#SLE-7926).
- ice: ignore dropped packets during init (git-fixes).
- igb: fix netpoll exit with traffic (git-fixes).
- igc: Remove _I_PHY_ID checking (bsc#1193169).
- igc: Remove phy->type checking (bsc#1193169).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
- input: iforce - fix control-message timeout (git-fixes).
- iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
- iommu/amd: Remove iommu_init_ga() (git-fixes).
- iommu: Check if group is NULL before remove device (git-fixes).
- ipmi: Disable some operations during a panic (git-fixes).
- kabi: hide changes to struct uv_info (git-fixes).
- kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise.
- kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging.
- kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore.
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
- lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
- libata: fix checking of DMA state (git-fixes).
- linux/parser.h: add include guards (bsc#1192606).
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- md: fix a lock order reversal in md_alloc (git-fixes).
- media: imx: set a media_device bus_info string (git-fixes).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
- media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
- media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
- media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
- media: uvcvideo: Return -EIO for control errors (git-fixes).
- media: uvcvideo: Set capability in s_param (git-fixes).
- media: uvcvideo: Set unique vdev name based in type (git-fixes).
- memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
- mm: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
- mmc: winbond: do not build on M68K (git-fixes).
- mtd: core: do not remove debugfs directory if device is in use (git-fixes).
- mwifiex: Properly initialize private structure on interface type changes (git-fixes).
- mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
- net/mlx5: Update error handler for UCTX and UMEM (git-fixes).
- net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
- net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
- net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
- net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
- net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- nfc: add NCI_UNREG flag to eliminate the race (git-fixes).
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
- nfc: reorder the logic in nfc_{un,}register_device (git-fixes).
- nfc: reorganize the functions in nci_request (git-fixes).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
- nfs: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
- nfs: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
- nfs: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
- nfs: Fix up commit deadlocks (git-fixes).
- nfs: do not take i_rwsem for swap IO (bsc#1191876).
- nfs: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
- nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
- nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- pci/msi: Deal with devices lying about their MSI mask capability (git-fixes).
- pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- pci: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
- perf: Correctly handle failed perf_get_aux_event() (git-fixes).
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
- platform/x86: wmi: do not fail if disabling fails (git-fixes).
- pm: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
- pm: hibernate: use correct mode for swsusp_close() (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
- powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
- powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
- powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
- powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
- powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
- powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
- powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
- qede: validate non LSO skb length (git-fixes).
- r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
- ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
- rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
- s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
- s390: mm: Fix secure storage access exception handling (git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
- scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
- serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
- serial: core: fix transmit-buffer reset and memleak (git-fixes).
- smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
- smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
- smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
- smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
- smb3: Add missing reparse tags (bsc#1164565).
- smb3: Add new compression flags (bsc#1192606).
- smb3: Add new info level for query directory (bsc#1192606).
- smb3: Add new parm 'nodelete' (bsc#1192606).
- smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606).
- smb3: Add support for getting and setting SACLs (bsc#1192606).
- smb3: Add support for lookup with posix extensions query info (bsc#1192606).
- smb3: Add support for negotiating signing algorithm (bsc#1192606).
- smb3: Add support for query info using posix extensions (level 100) (bsc#1192606).
- smb3: Add tracepoints for new compound posix query info (bsc#1192606).
- smb3: Additional compression structures (bsc#1192606).
- smb3: Avoid Mid pending list corruption (bsc#1192606).
- smb3: Backup intent flag missing from some more ops (bsc#1164565).
- smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
- smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
- smb3: Fix ids returned in POSIX query dir (bsc#1192606).
- smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
- smb3: Fix regression in time handling (bsc#1164565).
- smb3: Handle error case during offload read path (bsc#1192606).
- smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- smb3: Honor lease disabling for multiuser mounts (git-fixes).
- smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- smb3: Incorrect size for netname negotiate context (bsc#1154355).
- smb3: Minor cleanup of protocol definitions (bsc#1192606).
- smb3: Resolve data corruption of TCP server info fields (bsc#1192606).
- smb3: add additional null check in SMB2_ioctl (bsc#1192606).
- smb3: add additional null check in SMB2_open (bsc#1192606).
- smb3: add additional null check in SMB2_tcon (bsc#1192606).
- smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
- smb3: add debug messages for closing unmatched open (bsc#1164565).
- smb3: add defines for new crypto algorithms (bsc#1192606).
- smb3: add defines for new signing negotiate context (bsc#1192606).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: add dynamic trace points for socket connection (bsc#1192606).
- smb3: add dynamic tracepoints for flush and close (bsc#1164565).
- smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
- smb3: add missing flag definitions (bsc#1164565).
- smb3: add missing worker function for SMB3 change notify (bsc#1164565).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
- smb3: add mount option to allow forced caching of read only share (bsc#1164565).
- smb3: add new module load parm enable_gcm_256 (bsc#1192606).
- smb3: add new module load parm require_gcm_256 (bsc#1192606).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
- smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
- smb3: add some missing definitions from MS-FSCC (bsc#1192606).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
- smb3: add support for recognizing WSL reparse tags (bsc#1192606).
- smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
- smb3: add support for using info level for posix extensions query (bsc#1192606).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
- smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
- smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
- smb3: allow dumping keys for multiuser mounts (bsc#1192606).
- smb3: allow parallelizing decryption of reads (bsc#1164565).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
- smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
- smb3: avoid confusing warning message on mount to Azure (bsc#1192606).
- smb3: change noisy error message to FYI (bsc#1192606).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
- smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
- smb3: correct smb3 ACL security descriptor (bsc#1192606).
- smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
- smb3: display max smb3 requests in flight at any one time (bsc#1164565).
- smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
- smb3: do not error on fsync when readonly (bsc#1192606).
- smb3: do not fail if no encryption required but server does not support it (bsc#1192606).
- smb3: do not log warning message if server does not populate salt (bsc#1192606).
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
- smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
- smb3: enable negotiating stronger encryption by default (bsc#1192606).
- smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
- smb3: enable swap on SMB3 mounts (bsc#1192606).
- smb3: extend fscache mount volume coherency check (bsc#1192606).
- smb3: fix access denied on change notify request to some servers (bsc#1192606).
- smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
- smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
- smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
- smb3: fix mount failure to some servers when compression enabled (bsc#1192606).
- smb3: fix performance regression with setting mtime (bsc#1164565).
- smb3: fix posix extensions mount option (bsc#1192606).
- smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
- smb3: fix potential null dereference in decrypt offload (bsc#1164565).
- smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
- smb3: fix readpage for large swap cache (bsc#1192606).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
- smb3: fix signing verification of large reads (bsc#1154355).
- smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
- smb3: fix typo in compression flag (bsc#1192606).
- smb3: fix typo in header file (bsc#1192606).
- smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
- smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
- smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
- smb3: fix unneeded error message on change notify (bsc#1192606).
- smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
- smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
- smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
- smb3: incorrect file id in requests compounded with open (bsc#1192606).
- smb3: limit noisy error (bsc#1192606).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
- smb3: minor update to compression header definitions (bsc#1192606).
- smb3: missing ACL related flags (bsc#1164565).
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
- smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
- smb3: pass mode bits into create calls (bsc#1164565).
- smb3: prevent races updating CurrentMid (bsc#1192606).
- smb3: print warning if server does not support requested encryption type (bsc#1192606).
- smb3: print warning once if posix context returned on open (bsc#1164565).
- smb3: query attributes on file close (bsc#1164565).
- smb3: rc uninitialized in one fallocate path (bsc#1192606).
- smb3: remind users that witness protocol is experimental (bsc#1192606).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
- smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
- smb3: remove dead code for non compounded posix query info (bsc#1192606).
- smb3: remove noisy debug message and minor cleanup (bsc#1164565).
- smb3: remove overly noisy debug line in signing errors (bsc#1192606).
- smb3: remove static checker warning (bsc#1192606).
- smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
- smb3: remove two unused variables (bsc#1192606).
- smb3: remove unused flag passed into close functions (bsc#1164565).
- smb3: rename nonces used for GCM and CCM encryption (bsc#1192606).
- smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
- smb3: set gcm256 when requested (bsc#1192606).
- smb3: smbdirect support can be configured by default (bsc#1192606).
- smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
- smb3: update protocol header definitions based to include new flags (bsc#1192606).
- smb3: update structures for new compression protocol definitions (bsc#1192606).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
- smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
- spi: spl022: fix Microwire full duplex mode (git-fixes).
- sunrpc/auth: async tasks mustn't block waiting for memory (bsc#1191876).
- sunrpc/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
- sunrpc/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
- sunrpc: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
- sunrpc: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
- swiotlb: Fix the type of index (git-fixes).
- tlb: mmu_gather: add tlb_flush_*_range APIs
- tracing: Add length protection to histogram string copies (git-fixes).
- tracing: Change STR_VAR_MAX_LEN (git-fixes).
- tracing: Check pid filtering when creating events (git-fixes).
- tracing: Fix pid filtering when triggers are attached (git-fixes).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
- update structure definitions from updated protocol documentation (bsc#1192606).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
- usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
- usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
- usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
- usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
- vfs: do not parse forbidden flags (bsc#1192606).
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
- x86/pvh: add prototype for xen_pvh_init() (git-fixes).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen/pvh: add missing prototype to header (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
- zram: fix return value on writeback_store (git-fixes).
- zram: off by one in read_block_state() (git-fixes).
ImportantSUSE bug 1139944SUSE bug 1151927SUSE bug 1152489SUSE bug 1154353SUSE bug 1154355SUSE bug 1161907SUSE bug 1164565SUSE bug 1166780SUSE bug 1176242SUSE bug 1176536SUSE bug 1176544SUSE bug 1176545SUSE bug 1176546SUSE bug 1176548SUSE bug 1176558SUSE bug 1176559SUSE bug 1176956SUSE bug 1177440SUSE bug 1178270SUSE bug 1179211SUSE bug 1179426SUSE bug 1179427SUSE bug 1179960SUSE bug 1181148SUSE bug 1181507SUSE bug 1181710SUSE bug 1183534SUSE bug 1183540SUSE bug 1183897SUSE bug 1185726SUSE bug 1185902SUSE bug 1187541SUSE bug 1189126SUSE bug 1191793SUSE bug 1191876SUSE bug 1192267SUSE bug 1192507SUSE bug 1192511SUSE bug 1192569SUSE bug 1192606SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1192969SUSE bug 1192990SUSE bug 1193042SUSE bug 1193169SUSE bug 1193318SUSE bug 1193349SUSE bug 1193440SUSE bug 1193442CVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDcpe:/o:suse:suse-microos:5.0Security update for json-c (Important)SUSE Linux Enterprise Micro 5.0
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)
ImportantSUSE bug 1171479CVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:suse-microos:5.0Security update for polkit (Important)SUSE Linux Enterprise Micro 5.0
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).
ImportantSUSE bug 1194568CVE-2021-4034 at SUSECVE-2021-4034 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
- CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529)
- CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727).
- CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001).
- CVE-2021-45485: The IPv6 implementation in net/ipv6/output_core.c had an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094).
- CVE-2021-45486: The IPv4 implementation in net/ipv4/route.c had an information leak because the hash table is very small (bnc#1194087).
- CVE-2021-4001: A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. (bnc#1192990).
- CVE-2021-28715: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. ()
- CVE-2021-28714: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing (bnc#1193442).
- CVE-2021-28713: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
- CVE-2021-28712: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
- CVE-2021-28711: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time (bnc#1193440).
- CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).
- CVE-2021-43975: hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allowed an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value (bnc#1192845).
- CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1192877).
- CVE-2021-43976: mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allowed an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic) (bnc#1192847).
- CVE-2021-4002: Incorrect TLBs flushing after huge_pmd_unshare could lead to exposing hugepages to other users (bsc#1192946).
- CVE-2020-27820: A use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (bnc#1179599).
The following non-security bugs were fixed:
- smb3: print warning once if posix context returned on open (bsc#1164565).
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes).
- ACPI: battery: Accept charges over the design capacity as full (git-fixes).
- ACPICA: Avoid evaluating methods too early during system resume (git-fixes).
- ALSA: ISA: not for M68K (git-fixes).
- ALSA: ctxfi: Fix out-of-range access (git-fixes).
- ALSA: gus: fix null pointer dereference on pointer block (git-fixes).
- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
- ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
- ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
- ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
- ALSA: timer: Fix use-after-free problem (git-fixes).
- ALSA: timer: Unconditionally unlink slave instances, too (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
- ARM: 8970/1: decompressor: increase tag size (git-fixes).
- ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
- ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
- ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
- ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
- ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
- ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
- ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
- ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
- ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
- ARM: 9134/1: remove duplicate memcpy() definition (git-fixes)
- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
- ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes)
- ARM: 9155/1: fix early early_iounmap() (git-fixes)
- ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes)
- ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
- ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
- ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
- ARM: at91: pm: of_node_put() after its usage (git-fixes)
- ARM: at91: pm: use proper master clock register offset (git-fixes)
- ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
- ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
- ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
- ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
- ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes)
- ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
- ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes)
- ARM: dts: N900: fix onenand timings (git-fixes).
- ARM: dts: NSP: Correct FA2 mailbox node (git-fixes)
- ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
- ARM: dts: NSP: Fixed QSPI compatible string (git-fixes)
- ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
- ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
- ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
- ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes)
- ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
- ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
- ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
- ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
- ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes)
- ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
- ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
- ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
- ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
- ARM: dts: at91: sama5d2: map securam as device (git-fixes)
- ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
- ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
- ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
- ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
- ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
- ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
- ARM: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
- ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
- ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
- ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
- ARM: dts: dra76x: m_can: fix order of clocks (git-fixes)
- ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
- ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
- ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
- ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
- ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
- ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
- ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
- ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
- ARM: dts: gose: Fix ports node name for adv7180 (git-fixes)
- ARM: dts: gose: Fix ports node name for adv7612 (git-fixes)
- ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
- ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
- ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
- ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
- ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
- ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes)
- ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
- ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
- ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
- ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
- ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
- ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
- ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
- ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
- ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
- ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
- ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
- ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
- ARM: dts: imx6sl: fix rng node (git-fixes)
- ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
- ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
- ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
- ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes)
- ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
- ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
- ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
- ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
- ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
- ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
- ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes)
- ARM: dts: imx7d: fix opp-supported-hw (git-fixes)
- ARM: dts: imx7ulp: Correct gpio ranges (git-fixes)
- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
- ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
- ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
- ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
- ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
- ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
- ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
- ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
- ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
- ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
- ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson: fix PHY deassert timing requirements (git-fixes)
- ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes)
- ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
- ARM: dts: oxnas: Fix clear-mask property (git-fixes)
- ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
- ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
- ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
- ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
- ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
- ARM: dts: renesas: Fix IOMMU device node names (git-fixes)
- ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
- ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
- ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
- ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
- ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
- ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
- ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
- ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
- ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
- ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
- ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes)
- ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
- ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: turris-omnia: add SFP node (git-fixes)
- ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
- ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
- ARM: dts: turris-omnia: describe switch interrupt (git-fixes)
- ARM: dts: turris-omnia: enable HW buffer management (git-fixes)
- ARM: dts: turris-omnia: fix hardware buffer management (git-fixes)
- ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
- ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
- ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
- ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
- ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
- ARM: exynos: add missing of_node_put for loop iteration (git-fixes)
- ARM: footbridge: fix PCI interrupt mapping (git-fixes)
- ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
- ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
- ARM: imx: add missing clk_disable_unprepare() (git-fixes)
- ARM: imx: add missing iounmap() (git-fixes)
- ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes)
- ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
- ARM: mvebu: drop pointless check for coherency_base (git-fixes)
- ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes)
- ARM: s3c24xx: fix missing system reset (git-fixes)
- ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes)
- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
- ARM: samsung: do not build plat/pm-common for Exynos (git-fixes)
- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
- ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
- ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes).
- ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
- ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- Add SMB 2 support for getting and setting SACLs (bsc#1192606).
- Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4
- Blacklist SCSI commit that breaks kABI (git-fixes)
- Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
- CIFS: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
- CIFS: Clarify SMB1 code for POSIX Create (bsc#1192606).
- CIFS: Clarify SMB1 code for POSIX Lock (bsc#1192606).
- CIFS: Clarify SMB1 code for POSIX delete file (bsc#1192606).
- CIFS: Clarify SMB1 code for SetFileSize (bsc#1192606).
- CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
- CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
- CIFS: Clarify SMB1 code for delete (bsc#1192606).
- CIFS: Clarify SMB1 code for rename open file (bsc#1192606).
- CIFS: Close cached root handle only if it had a lease (bsc#1164565).
- CIFS: Close open handle after interrupted close (bsc#1164565).
- CIFS: Do not miss cancelled OPEN responses (bsc#1164565).
- CIFS: Fix NULL pointer dereference in mid callback (bsc#1164565).
- CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
- CIFS: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
- CIFS: Fix bug which the return value by asynchronous read is error (bsc#1192606).
- CIFS: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
- CIFS: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
- CIFS: Fix task struct use-after-free on reconnect (bsc#1164565).
- CIFS: Fix use after free of file info structures (bnc#1151927 5.3.8).
- CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
- CIFS: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
- CIFS: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
- CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
- CIFS: Properly process SMB3 lease breaks (bsc#1164565).
- CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
- CIFS: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
- CIFS: Spelling s/EACCESS/EACCES/ (bsc#1192606).
- CIFS: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
- CIFS: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
- CIFS: Warn less noisily on default mount (bsc#1192606).
- CIFS: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
- CIFS: check new file size when extending file by fallocate (bsc#1192606).
- CIFS: fiemap: do not return EINVAL if get nothing (bsc#1192606).
- CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
- CIFS: fix max ea value size (bnc#1151927 5.3.4).
- CIFS: refactor cifs_get_inode_info() (bsc#1164565).
- CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
- Convert trailing spaces and periods in path components (bsc#1179424).
- EDAC/amd64: Handle three rank interleaving mode (bsc#1152489).
- Handle STATUS_IO_TIMEOUT gracefully (bsc#1192606).
- Input: iforce - fix control-message timeout (git-fixes).
- MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
- Mark commit as not needed (git-fixes)
- Move upstreamed i8042 patch into sorted section
- NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
- NFC: reorder the logic in nfc_{un,}register_device (git-fixes).
- NFC: reorganize the functions in nci_request (git-fixes).
- NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
- NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
- NFS: Fix up commit deadlocks (git-fixes).
- NFS: do not take i_rwsem for swap IO (bsc#1191876).
- NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
- NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
- PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes).
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
- PM: hibernate: use correct mode for swsusp_close() (git-fixes).
- Pass consistent param->type to fs_parse() (bsc#1192606).
- Replace HTTP links with HTTPS ones: CIFS (bsc#1192606).
- Revert 'ARM: sti: Implement dummy L2 cache's write_sec' (git-fixes)
- Revert 'arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to (git-fixes)
- Revert 'cifs: Fix the target file was deleted when rename failed.' (bsc#1192606).
- SMB3.1.1: Add support for negotiating signing algorithm (bsc#1192606).
- SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1192606).
- SMB3.1.1: add defines for new signing negotiate context (bsc#1192606).
- SMB3.1.1: do not log warning message if server does not populate salt (bsc#1192606).
- SMB3.1.1: fix mount failure to some servers when compression enabled (bsc#1192606).
- SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
- SMB3.1.1: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
- SMB311: Add support for query info using posix extensions (level 100) (bsc#1192606).
- SMB3: Add new compression flags (bsc#1192606).
- SMB3: Add new info level for query directory (bsc#1192606).
- SMB3: Add support for getting and setting SACLs (bsc#1192606).
- SMB3: Additional compression structures (bsc#1192606).
- SMB3: Backup intent flag missing from some more ops (bsc#1164565).
- SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
- SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
- SMB3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
- SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- SMB3: Honor lease disabling for multiuser mounts (git-fixes).
- SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- SMB3: Minor cleanup of protocol definitions (bsc#1192606).
- SMB3: Resolve data corruption of TCP server info fields (bsc#1192606).
- SMB3: add support for recognizing WSL reparse tags (bsc#1192606).
- SMB3: avoid confusing warning message on mount to Azure (bsc#1192606).
- SMB3: fix readpage for large swap cache (bsc#1192606).
- SMB3: incorrect file id in requests compounded with open (bsc#1192606).
- SMB3: update structures for new compression protocol definitions (bsc#1192606).
- SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
- SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606).
- USB: serial: option: add Fibocom FM101-GL variants (git-fixes).
- USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
- Update configs to add CONFIG_SMBFS_COMMON=m.
- Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158)
- arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
- arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
- arm: dts: mt7623: add missing pause for switchport (git-fixes)
- arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
- ath10k: fix invalid dma_addr_t token assignment (git-fixes).
- ath10k: high latency fixes for beacon buffer (git-fixes).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
- bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
- btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
- btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
- btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
- btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
- btrfs: make checksum item extension more efficient (bsc#1193002).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- cifs: Add get_security_type_str function to return sec type (bsc#1192606).
- cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
- cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
- cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
- cifs: Add witness information to debug data dump (bsc#1192606).
- cifs: Adjust indentation in smb2_open_file (bsc#1164565).
- cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
- cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
- cifs: Allocate encryption header through kmalloc (bsc#1192606).
- cifs: Always update signing key of first channel (bsc#1192606).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
- cifs: Avoid error pointer dereference (bsc#1192606).
- cifs: Avoid field over-reading memcpy() (bsc#1192606).
- cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
- cifs: Clean up DFS referral cache (bsc#1164565).
- cifs: Constify static struct genl_ops (bsc#1192606).
- cifs: Convert to use the fallthrough macro (bsc#1192606).
- cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
- cifs: Deal with some warnings from W=1 (bsc#1192606).
- cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
- cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
- cifs: Do not display RDMA transport on reconnect (bsc#1164565).
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
- cifs: Do not use iov_iter::type directly (bsc#1192606).
- cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
- cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
- cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
- cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
- cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
- cifs: Fix fall-through warnings for Clang (bsc#1192606).
- cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
- cifs: Fix inconsistent indenting (bsc#1192606).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
- cifs: Fix missed free operations (bnc#1151927 5.3.8).
- cifs: Fix mode output in debugging statements (bsc#1164565).
- cifs: Fix mount options set in automount (bsc#1164565).
- cifs: Fix null pointer check in cifs_read (bsc#1192606).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
- cifs: Fix return value in __update_cache_entry (bsc#1164565).
- cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
- cifs: Fix spelling of 'security' (bsc#1192606).
- cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
- cifs: Fix the target file was deleted when rename failed (bsc#1192606).
- cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
- cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
- cifs: Handle witness client move notification (bsc#1192606).
- cifs: Identify a connection by a conn_id (bsc#1192606).
- cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
- cifs: In the new mount api we get the full devname as source= (bsc#1192606).
- cifs: Introduce helpers for finding TCP connection (bsc#1164565).
- cifs: Make extract_hostname function public (bsc#1192606).
- cifs: Make extract_sharename function public (bsc#1192606).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
- cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
- cifs: Move more definitions into the shared area (bsc#1192606).
- cifs: New optype for session operations (bsc#1181507).
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
- cifs: Optimize readdir on reparse points (bsc#1164565).
- cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
- cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
- cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
- cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
- cifs: Remove the superfluous break (bsc#1192606).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: Remove useless variable (bsc#1192606).
- cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
- cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
- cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
- cifs: Silently ignore unknown oplock break handle (bsc#1192606).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
- cifs: Standardize logging output (bsc#1192606).
- cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
- cifs: Use #define in cifs_dbg (bsc#1164565).
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
- cifs: add SMB3 change notification support (bsc#1164565).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
- cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
- cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
- cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
- cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
- cifs: add files to host new mount api (bsc#1192606).
- cifs: add fs_context param to parsing helpers (bsc#1192606).
- cifs: add initial reconfigure support (bsc#1192606).
- cifs: add missing mount option to /proc/mounts (bsc#1164565).
- cifs: add missing parsing of backupuid (bsc#1192606).
- cifs: add mount parameter tcpnodelay (bsc#1192606).
- cifs: add multichannel mount options and data structs (bsc#1192606).
- cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
- cifs: add passthrough for smb2 setinfo (bsc#1164565).
- cifs: add server param (bsc#1192606).
- cifs: add shutdown support (bsc#1192606).
- cifs: add smb2 POSIX info level (bsc#1164565).
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
- cifs: add support for flock (bsc#1164565).
- cifs: add witness mount option and data structs (bsc#1192606).
- cifs: added WARN_ON for all the count decrements (bsc#1192606).
- cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
- cifs: allow chmod to set mode bits using special sid (bsc#1164565).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
- cifs: ask for more credit on async read/write code paths (bsc#1192606).
- cifs: avoid extra calls in posix_info_parse (bsc#1192606).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565).
- cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
- cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: check pointer before freeing (bsc#1183534).
- cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
- cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
- cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
- cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
- cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
- cifs: cleanup misc.c (bsc#1192606).
- cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
- cifs: close the shared root handle on tree disconnect (bsc#1164565).
- cifs: compute full_path already in cifs_readdir() (bsc#1192606).
- cifs: connect individual channel servers to primary channel server (bsc#1192606).
- cifs: connect: style: Simplify bool comparison (bsc#1192606).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: constify path argument of ->make_node() (bsc#1192606).
- cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
- cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
- cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
- cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
- cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
- cifs: convert to use be32_add_cpu() (bsc#1192606).
- cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
- cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
- cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
- cifs: create a helper to find a writeable handle by path name (bsc#1154355).
- cifs: create sd context must be a multiple of 8 (bsc#1192606).
- cifs: delete duplicated words in header files (bsc#1192606).
- cifs: detect dead connections only when echoes are enabled (bsc#1192606).
- cifs: do d_move in rename (bsc#1164565).
- cifs: do not allow changing posix_paths during remount (bsc#1192606).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
- cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
- cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
- cifs: do not negotiate session if session already exists (bsc#1192606).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcons with DFS (bsc#1178270).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
- cifs: document and cleanup dfs mount (bsc#1178270).
- cifs: dump Security Type info in DebugData (bsc#1192606).
- cifs: dump channel info in DebugData (bsc#1192606).
- cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
- cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
- cifs: enable extended stats by default (bsc#1192606).
- cifs: ensure correct super block for DFS reconnect (bsc#1178270).
- cifs: escape spaces in share names (bsc#1192606).
- cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
- cifs: fix DFS failover (bsc#1192606).
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
- cifs: fix NULL dereference in match_prepath (bsc#1164565).
- cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
- cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
- cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
- cifs: fix a memleak with modefromsid (bsc#1192606).
- cifs: fix a sign extension bug (bsc#1192606).
- cifs: fix allocation size on newly created files (bsc#1192606).
- cifs: fix channel signing (bsc#1192606).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
- cifs: fix credit accounting for extra channel (bsc#1192606).
- cifs: fix dereference on ses before it is null checked (bsc#1164565).
- cifs: fix dfs domain referrals (bsc#1192606).
- cifs: fix dfs-links (bsc#1192606).
- cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
- cifs: fix double free error on share and prefix (bsc#1178270).
- cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
- cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
- cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
- cifs: fix incorrect kernel doc comments (bsc#1192606).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
- cifs: fix leaked reference on requeued write (bsc#1178270).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
- cifs: fix minor typos in comments and log messages (bsc#1192606).
- cifs: fix missing null session check in mount (bsc#1192606).
- cifs: fix missing spinlock around update to ses->status (bsc#1192606).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- cifs: fix mounts to subdirectories of target (bsc#1192606).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
- cifs: fix potential mismatch of UNC paths (bsc#1164565).
- cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
- cifs: fix reference leak for tlink (bsc#1192606).
- cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
- cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
- cifs: fix trivial typo (bsc#1192606).
- cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
- cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
- cifs: fix unneeded null check (bsc#1192606).
- cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
- cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
- cifs: for compound requests, use open handle if possible (bsc#1192606).
- cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
- cifs: get mode bits from special sid on stat (bsc#1164565).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: get rid of cifs_sb->mountdata (bsc#1192606).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
- cifs: handle 'guest' mount parameter (bsc#1192606).
- cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
- cifs: handle -EINTR in cifs_setattr (bsc#1192606).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
- cifs: handle prefix paths in reconnect (bsc#1164565).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
- cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
- cifs: ignore auto and noauto options if given (bsc#1192606).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: improve fallocate emulation (bsc#1192606).
- cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606).
- cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: log mount errors using cifs_errorf() (bsc#1192606).
- cifs: log warning message (once) if out of disk space (bsc#1164565).
- cifs: make build_path_from_dentry() return const char * (bsc#1192606).
- cifs: make const array static, makes object smaller (bsc#1192606).
- cifs: make fs_context error logging wrapper (bsc#1192606).
- cifs: make locking consistent around the server session status (bsc#1192606).
- cifs: make multichannel warning more visible (bsc#1192606).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
- cifs: minor fix to two debug messages (bsc#1192606).
- cifs: minor kernel style fixes for comments (bsc#1192606).
- cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
- cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
- cifs: minor updates to Kconfig (bsc#1192606).
- cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
- cifs: missed ref-counting smb session in find (bsc#1192606).
- cifs: missing null check for newinode pointer (bsc#1192606).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: modefromsid: make room for 4 ACE (bsc#1164565).
- cifs: modefromsid: write mode ACE first (bsc#1164565).
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
- cifs: move SMB FSCTL definitions to common code (bsc#1192606).
- cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
- cifs: move cache mount options to fs_context.ch (bsc#1192606).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
- cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
- cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
- cifs: move debug print out of spinlock (bsc#1192606).
- cifs: move security mount options into fs_context.ch (bsc#1192606).
- cifs: move smb version mount options into fs_context.c (bsc#1192606).
- cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
- cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
- cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
- cifs: move update of flags into a separate function (bsc#1192606).
- cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
- cifs: multichannel: move channel selection above transport layer (bsc#1192606).
- cifs: multichannel: move channel selection in function (bsc#1192606).
- cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
- cifs: multichannel: use pointer for binding channel (bsc#1192606).
- cifs: nosharesock should be set on new server (bsc#1192606).
- cifs: nosharesock should not share socket with future sessions (bsc#1192606).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
- cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
- cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
- cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
- cifs: populate server_hostname for extra channels (bsc#1192606).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: print warning mounting with vers=1.0 (bsc#1164565).
- cifs: properly invalidate cached root handle when closing it (bsc#1192606).
- cifs: protect session channel fields with chan_lock (bsc#1192606).
- cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
- cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
- cifs: reduce stack use in smb2_compound_op (bsc#1192606).
- cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
- cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
- cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
- cifs: remove actimeo from cifs_sb (bsc#1192606).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
- cifs: remove duplicated prototype (bsc#1192606).
- cifs: remove old dead code (bsc#1192606).
- cifs: remove pathname for file from SPDX header (bsc#1192606).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
- cifs: remove redundant assignment to variable rc (bsc#1164565).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove set but not used variable 'server' (bsc#1164565).
- cifs: remove set but not used variables (bsc#1164565).
- cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
- cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
- cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
- cifs: remove unused variable 'server' (bsc#1192606).
- cifs: remove unused variable 'sid_user' (bsc#1164565).
- cifs: remove unused variable (bsc#1164565).
- cifs: remove various function description warnings (bsc#1192606).
- cifs: rename a variable in SendReceive() (bsc#1164565).
- cifs: rename cifs_common to smbfs_common (bsc#1192606).
- cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
- cifs: rename posix create rsp (bsc#1164565).
- cifs: rename reconn_inval_dfs_target() (bsc#1178270).
- cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
- cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
- cifs: return cached_fid from open_shroot (bsc#1192606).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: returning mount parm processing errors correctly (bsc#1192606).
- cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
- cifs: send workstation name during ntlmssp session setup (bsc#1192606).
- cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
- cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
- cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
- cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
- cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
- cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
- cifs: smbd: Check send queue size before posting a send (bsc#1192606).
- cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
- cifs: smbd: Merge code to track pending packets (bsc#1192606).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
- cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
- cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
- cifs: sort interface list by speed (bsc#1192606).
- cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
- cifs: style: replace one-element array with flexible-array (bsc#1192606).
- cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
- cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
- cifs: switch servers depending on binding state (bsc#1192606).
- cifs: switch to new mount api (bsc#1192606).
- cifs: try harder to open new channels (bsc#1192606).
- cifs: try opening channels after mounting (bsc#1192606).
- cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
- cifs: update FSCTL definitions (bsc#1192606).
- cifs: update ctime and mtime during truncate (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
- cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
- cifs: update super_operations to show_devname (bsc#1192606).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
- cifs: use SPDX-Licence-Identifier (bsc#1192606).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
- cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
- cifs: use echo_interval even when connection not ready (bsc#1192606).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
- cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
- cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
- cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
- cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
- cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
- cifs`: handle ERRBaduid for SMB1 (bsc#1192606).
- clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
- clk: ingenic: Fix bugs with divided dividers (git-fixes).
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
- crypto: pcrypt - Delay write to padata->info (git-fixes).
- crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
- cxgb4: fix eeprom len when diagnostics not implemented (git-fixes).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
- do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
- drm/msm: Do hw_init() before capturing GPU state (git-fixes).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
- drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
- drm/plane-helper: fix uninitialized variable reference (git-fixes).
- drm/vc4: fix error code in vc4_create_object() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
- elfcore: correct reference to CONFIG_UML (git-fixes).
- elfcore: fix building with clang (bsc#1169514).
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- fix memory leak in large read decrypt offload (bsc#1164565).
- fs/cifs/: fix misspellings using codespell tool (bsc#1192606).
- fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1164565).
- fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1164565).
- fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1164565).
- fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1164565).
- fs/cifs: Assign boolean values to a bool variable (bsc#1192606).
- fs/cifs: Fix resource leak (bsc#1192606).
- fs/cifs: Simplify bool comparison (bsc#1192606).
- fs/cifs: fix gcc warning in sid_to_id (bsc#1192606).
- fs: cifs: Fix atime update check vs mtime (bsc#1164565).
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565).
- fs: cifs: Remove repeated struct declaration (bsc#1192606).
- fs: cifs: Remove unnecessary struct declaration (bsc#1192606).
- fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
- fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
- fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
- fuse: release pipe buf after last use (bsc#1193318).
- gve: Add netif_set_xps_queue call (bsc#1176940).
- gve: Add rx buffer pagecnt bias (bsc#1176940).
- gve: Allow pageflips on larger pages (bsc#1176940).
- gve: DQO: avoid unused variable warnings (bsc#1176940).
- gve: Do lazy cleanup in TX path (git-fixes).
- gve: Switch to use napi_complete_done (git-fixes).
- gve: Track RX buffer allocation failures (bsc#1176940).
- i2c: cbus-gpio: set atomic transfer callback (git-fixes).
- i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
- i2c: stm32f7: recover the bus on access timeout (git-fixes).
- i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
- i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
- i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes).
- i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
- i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes).
- i40e: Fix display error code in dmesg (git-fixes).
- i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
- i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
- i40e: Fix pre-set max number of queues for VF (git-fixes).
- i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes).
- iavf: Fix failure to exit out from last all-multicast mode (git-fixes).
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes).
- iavf: Fix reporting when setting descriptor count (git-fixes).
- iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
- iavf: Restore VLAN filters after link down (git-fixes).
- iavf: check for null in iavf_fix_features (git-fixes).
- iavf: do not clear a lock we do not hold (git-fixes).
- iavf: free q_vectors before queues in iavf_disable_vf (git-fixes).
- iavf: prevent accidental free of filter structure (git-fixes).
- iavf: validate pointers (git-fixes).
- ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
- ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
- ice: Delete always true check of PF pointer (git-fixes).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: fix vsi->txq_map sizing (jsc#SLE-7926).
- ice: ignore dropped packets during init (git-fixes).
- igb: fix netpoll exit with traffic (git-fixes).
- igc: Remove _I_PHY_ID checking (bsc#1193169).
- igc: Remove phy->type checking (bsc#1193169).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
- iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
- iommu/amd: Remove iommu_init_ga() (git-fixes).
- iommu: Check if group is NULL before remove device (git-fixes).
- ipmi: Disable some operations during a panic (git-fixes).
- kernel-source.spec: install-kernel-tools also required on 15.4
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
- lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
- libata: fix checking of DMA state (git-fixes).
- linux/parser.h: add include guards (bsc#1192606).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- md: fix a lock order reversal in md_alloc (git-fixes).
- media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
- media: imx: set a media_device bus_info string (git-fixes).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
- media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
- media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
- media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
- media: uvcvideo: Return -EIO for control errors (git-fixes).
- media: uvcvideo: Set capability in s_param (git-fixes).
- media: uvcvideo: Set unique vdev name based in type (git-fixes).
- memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
- mmc: winbond: do not build on M68K (git-fixes).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- mtd: core: do not remove debugfs directory if device is in use (git-fixes).
- mwifiex: Properly initialize private structure on interface type changes (git-fixes).
- mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
- net/mlx5: Update error handler for UCTX and UMEM (git-fixes).
- net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
- net: asix: fix uninit value bugs (git-fixes).
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
- net: delete redundant function declaration (git-fixes).
- net: hso: fix control-request directions (git-fixes).
- net: hso: fix muxed tty registration (git-fixes).
- net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
- net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
- net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
- net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
- nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
- nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
- perf: Correctly handle failed perf_get_aux_event() (git-fixes).
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
- platform/x86: wmi: do not fail if disabling fails (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976).
- powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
- powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
- powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
- powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
- powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
- powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
- powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976).
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- qede: validate non LSO skb length (git-fixes).
- r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
- r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
- ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306)
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd
- rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
- s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
- s390: mm: Fix secure storage access exception handling (git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
- scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
- serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
- serial: core: fix transmit-buffer reset and memleak (git-fixes).
- series.conf: whitespace and comment cleanup No effect on expanded tree.
- smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
- smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
- smb3.1.1: add new module load parm enable_gcm_256 (bsc#1192606).
- smb3.1.1: add new module load parm require_gcm_256 (bsc#1192606).
- smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
- smb3.1.1: allow dumping keys for multiuser mounts (bsc#1192606).
- smb3.1.1: do not fail if no encryption required but server does not support it (bsc#1192606).
- smb3.1.1: enable negotiating stronger encryption by default (bsc#1192606).
- smb3.1.1: fix typo in compression flag (bsc#1192606).
- smb3.1.1: print warning if server does not support requested encryption type (bsc#1192606).
- smb3.1.1: rename nonces used for GCM and CCM encryption (bsc#1192606).
- smb3.1.1: set gcm256 when requested (bsc#1192606).
- smb311: Add support for SMB311 query info (non-compounded) (bsc#1192606).
- smb311: Add support for lookup with posix extensions query info (bsc#1192606).
- smb311: Add tracepoints for new compound posix query info (bsc#1192606).
- smb311: add support for using info level for posix extensions query (bsc#1192606).
- smb311: remove dead code for non compounded posix query info (bsc#1192606).
- smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
- smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
- smb3: Add missing reparse tags (bsc#1164565).
- smb3: Add new parm 'nodelete' (bsc#1192606).
- smb3: Avoid Mid pending list corruption (bsc#1192606).
- smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- smb3: Fix regression in time handling (bsc#1164565).
- smb3: Handle error case during offload read path (bsc#1192606).
- smb3: Incorrect size for netname negotiate context (bsc#1154355).
- smb3: add additional null check in SMB2_ioctl (bsc#1192606).
- smb3: add additional null check in SMB2_open (bsc#1192606).
- smb3: add additional null check in SMB2_tcon (bsc#1192606).
- smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
- smb3: add debug messages for closing unmatched open (bsc#1164565).
- smb3: add defines for new crypto algorithms (bsc#1192606).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: add dynamic trace points for socket connection (bsc#1192606).
- smb3: add dynamic tracepoints for flush and close (bsc#1164565).
- smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
- smb3: add missing flag definitions (bsc#1164565).
- smb3: add missing worker function for SMB3 change notify (bsc#1164565).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
- smb3: add mount option to allow forced caching of read only share (bsc#1164565).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
- smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
- smb3: add some missing definitions from MS-FSCC (bsc#1192606).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
- smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
- smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
- smb3: allow parallelizing decryption of reads (bsc#1164565).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
- smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
- smb3: change noisy error message to FYI (bsc#1192606).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
- smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
- smb3: correct smb3 ACL security descriptor (bsc#1192606).
- smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
- smb3: display max smb3 requests in flight at any one time (bsc#1164565).
- smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
- smb3: do not error on fsync when readonly (bsc#1192606).
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
- smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
- smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
- smb3: enable swap on SMB3 mounts (bsc#1192606).
- smb3: extend fscache mount volume coherency check (bsc#1192606).
- smb3: fix access denied on change notify request to some servers (bsc#1192606).
- smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
- smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
- smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
- smb3: fix performance regression with setting mtime (bsc#1164565).
- smb3: fix posix extensions mount option (bsc#1192606).
- smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
- smb3: fix potential null dereference in decrypt offload (bsc#1164565).
- smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
- smb3: fix signing verification of large reads (bsc#1154355).
- smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
- smb3: fix typo in header file (bsc#1192606).
- smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
- smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
- smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
- smb3: fix unneeded error message on change notify (bsc#1192606).
- smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
- smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
- smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
- smb3: limit noisy error (bsc#1192606).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
- smb3: minor update to compression header definitions (bsc#1192606).
- smb3: missing ACL related flags (bsc#1164565).
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
- smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
- smb3: pass mode bits into create calls (bsc#1164565).
- smb3: prevent races updating CurrentMid (bsc#1192606).
- smb3: query attributes on file close (bsc#1164565).
- smb3: rc uninitialized in one fallocate path (bsc#1192606).
- smb3: remind users that witness protocol is experimental (bsc#1192606).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
- smb3: remove noisy debug message and minor cleanup (bsc#1164565).
- smb3: remove overly noisy debug line in signing errors (bsc#1192606).
- smb3: remove static checker warning (bsc#1192606).
- smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
- smb3: remove two unused variables (bsc#1192606).
- smb3: remove unused flag passed into close functions (bsc#1164565).
- smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
- smb3: smbdirect support can be configured by default (bsc#1192606).
- smb3: update protocol header definitions based to include new flags (bsc#1192606).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
- smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
- spi: spl022: fix Microwire full duplex mode (git-fixes).
- swiotlb-xen: avoid double free (git-fixes).
- swiotlb: Fix the type of index (git-fixes).
- tlb: mmu_gather: add tlb_flush_*_range APIs
- tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634).
- tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes).
- tracing: Add length protection to histogram string copies (git-fixes).
- tracing: Change STR_VAR_MAX_LEN (git-fixes).
- tracing: Check pid filtering when creating events (git-fixes).
- tracing: Fix pid filtering when triggers are attached (git-fixes).
- tracing: use %ps format string to print symbols (git-fixes).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
- update structure definitions from updated protocol documentation (bsc#1192606).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
- usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
- usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- vfs: do not parse forbidden flags (bsc#1192606).
- x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
- x86/pvh: add prototype for xen_pvh_init() (git-fixes).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen/privcmd: fix error handling in mmap-resource processing (git-fixes).
- xen/pvh: add missing prototype to header (git-fixes).
- xen/x86: fix PV trap handling on secondary processors (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
- zram: fix return value on writeback_store (git-fixes).
- zram: off by one in read_block_state() (git-fixes).
ImportantSUSE bug 1071995SUSE bug 1139944SUSE bug 1151927SUSE bug 1152489SUSE bug 1153275SUSE bug 1154353SUSE bug 1154355SUSE bug 1161907SUSE bug 1164565SUSE bug 1166780SUSE bug 1169514SUSE bug 1176242SUSE bug 1176536SUSE bug 1176544SUSE bug 1176545SUSE bug 1176546SUSE bug 1176548SUSE bug 1176558SUSE bug 1176559SUSE bug 1176940SUSE bug 1176956SUSE bug 1177440SUSE bug 1178270SUSE bug 1179211SUSE bug 1179424SUSE bug 1179426SUSE bug 1179427SUSE bug 1179599SUSE bug 1179960SUSE bug 1181148SUSE bug 1181507SUSE bug 1181710SUSE bug 1183534SUSE bug 1183540SUSE bug 1183897SUSE bug 1184209SUSE bug 1185726SUSE bug 1185902SUSE bug 1187541SUSE bug 1189126SUSE bug 1189158SUSE bug 1191271SUSE bug 1191793SUSE bug 1191876SUSE bug 1192267SUSE bug 1192507SUSE bug 1192511SUSE bug 1192569SUSE bug 1192606SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1192969SUSE bug 1192987SUSE bug 1192990SUSE bug 1192998SUSE bug 1193002SUSE bug 1193042SUSE bug 1193169SUSE bug 1193255SUSE bug 1193306SUSE bug 1193318SUSE bug 1193349SUSE bug 1193440SUSE bug 1193442SUSE bug 1193660SUSE bug 1193669SUSE bug 1193727SUSE bug 1193767SUSE bug 1193901SUSE bug 1193927SUSE bug 1194001SUSE bug 1194087SUSE bug 1194094SUSE bug 1194302SUSE bug 1194516SUSE bug 1194517SUSE bug 1194529SUSE bug 1194888SUSE bug 1194985CVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2020-27825 at SUSECVE-2020-27825 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45485 at SUSECVE-2021-45485 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDcpe:/o:suse:suse-microos:5.0Security update for qemu (Low)SUSE Linux Enterprise Micro 5.0
This update for qemu fixes the following issues:
- CVE-2020-13253: Fixed an OOB access that could crash the guest resulting in DoS (bsc#1172033)
- CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361).
LowSUSE bug 1172033SUSE bug 1181361CVE-2020-13253 at SUSECVE-2020-13253 at NVDCVE-2021-20196 at SUSECVE-2021-20196 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
- CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
- CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses (bsc#1194094).
- CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c (bnc#1194087).
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
The following non-security bugs were fixed:
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- kabi/severities: Add a kabi exception for drivers/tee/tee
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901).
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901).
- tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209, bsc#1193660).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
ImportantSUSE bug 1071995SUSE bug 1184209SUSE bug 1191271SUSE bug 1193255SUSE bug 1193660SUSE bug 1193669SUSE bug 1193727SUSE bug 1193767SUSE bug 1193901SUSE bug 1193927SUSE bug 1194001SUSE bug 1194087SUSE bug 1194094SUSE bug 1194302SUSE bug 1194516SUSE bug 1194517SUSE bug 1194529SUSE bug 1194888SUSE bug 1194985CVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45485 at SUSECVE-2021-45485 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDcpe:/o:suse:suse-microos:5.0Security update for containerd, docker (Moderate)SUSE Linux Enterprise Micro 5.0
This update for containerd, docker fixes the following issues:
- CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015).
- CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434).
- CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334).
- CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121).
- CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273).
ModerateSUSE bug 1191015SUSE bug 1191121SUSE bug 1191334SUSE bug 1191434SUSE bug 1193273CVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Critical)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
The following non-security bugs were fixed:
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
- net_sched: avoid resetting active qdisc for multiple times (bsc#1183405).
- net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405).
- net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
CriticalSUSE bug 1177599SUSE bug 1183405SUSE bug 1185377SUSE bug 1188605SUSE bug 1193096SUSE bug 1193506SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194048SUSE bug 1194227SUSE bug 1194880SUSE bug 1195009SUSE bug 1195065SUSE bug 1195184SUSE bug 1195254CVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDcpe:/o:suse:suse-microos:5.0Security update for libvirt (Important)SUSE Linux Enterprise Micro 5.0
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
- CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876)
ImportantSUSE bug 1183411SUSE bug 1191668SUSE bug 1192017SUSE bug 1192876SUSE bug 1193981SUSE bug 1194041CVE-2021-3975 at SUSECVE-2021-3975 at NVDCVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:suse-microos:5.0Security update for xen (Important)SUSE Linux Enterprise Micro 5.0
This update for xen fixes the following issues:
- CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576)
- CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
- CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)
ImportantSUSE bug 1194576SUSE bug 1194581SUSE bug 1194588CVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:suse-microos:5.0Security update for virglrenderer (Important)SUSE Linux Enterprise Micro 5.0
This update for virglrenderer fixes the following issues:
- CVE-2022-0135: Fixed out-of-bonds write in read_transfer_data() (bsc#1195389).
ImportantSUSE bug 1195389CVE-2022-0135 at SUSECVE-2022-0135 at NVDcpe:/o:suse:suse-microos:5.0Security update for expat (Important)SUSE Linux Enterprise Micro 5.0
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
ImportantSUSE bug 1195054SUSE bug 1195217CVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:suse-microos:5.0Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.0
This update for polkit fixes the following issues:
- CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542).
ModerateSUSE bug 1195542CVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux RT Kernel (Critical)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
The following non-security bugs were fixed:
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
- net_sched: avoid resetting active qdisc for multiple times (bsc#1183405).
- net_sched: get rid of unnecessary dev_qdisc_reset() (bsc#1183405).
- net_sched: use qdisc_reset() in qdisc_destroy() (bsc#1183405).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
CriticalSUSE bug 1177599SUSE bug 1183405SUSE bug 1185377SUSE bug 1187428SUSE bug 1188605SUSE bug 1193096SUSE bug 1193506SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194048SUSE bug 1194227SUSE bug 1194880SUSE bug 1195009SUSE bug 1195065SUSE bug 1195184SUSE bug 1195254CVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDcpe:/o:suse:suse-microos:5.0Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.0
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220207 release.
- CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615)
- CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779)
- CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780)
- CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781)
- Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
- Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
ImportantSUSE bug 1192615SUSE bug 1195779SUSE bug 1195780SUSE bug 1195781CVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:suse-microos:5.0Security update for libmspack (Low)SUSE Linux Enterprise Micro 5.0
This update for libmspack fixes the following issues:
- CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040).
LowSUSE bug 1113040CVE-2018-18586 at SUSECVE-2018-18586 at NVDcpe:/o:suse:suse-microos:5.0Security update for cyrus-sasl (Important)SUSE Linux Enterprise Micro 5.0
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
ImportantSUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:suse-microos:5.0Security update for expat (Important)SUSE Linux Enterprise Micro 5.0
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
ImportantSUSE bug 1196025SUSE bug 1196026SUSE bug 1196168SUSE bug 1196169SUSE bug 1196171CVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:suse-microos:5.0Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.0
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732).
- CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733).
ImportantSUSE bug 1194732SUSE bug 1194733CVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:suse-microos:5.0Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.0
This update for gnutls fixes the following issues:
- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).
ModerateSUSE bug 1196167CVE-2021-4209 at SUSECVE-2021-4209 at NVDcpe:/o:suse:suse-microos:5.0Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.0
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
ModerateSUSE bug 1196441CVE-2022-23648 at SUSECVE-2022-23648 at NVDcpe:/o:suse:suse-microos:5.0Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.0
This update for kernel-firmware fixes the following issues:
- Update Intel Wireless firmware for 9xxx (CVE-2021-0161,
CVE-2021-0164,CVE-2021-0165,CVE-2021-0066,CVE-2021-0166,
CVE-2021-0168,CVE-2021-0170,CVE-2021-0172,CVE-2021-0173,
CVE-2021-0174,CVE-2021-0175,CVE-2021-0076,CVE-2021-0176,
CVE-2021-0183,CVE-2021-0072,INTEL-SA-00539,bsc#1196333):
iwlwifi-9000-pu-b0-jf-b0-46.ucode
iwlwifi-9000-pu-b0-jf-b0-46.ucode
- Update Intel Bluetooth firmware (CVE-2021-33139,CVE-2021-33155,
INTEL-SA-00604,bsc#1195786)
ImportantSUSE bug 1195786SUSE bug 1196333CVE-2021-0066 at SUSECVE-2021-0066 at NVDCVE-2021-0072 at SUSECVE-2021-0072 at NVDCVE-2021-0076 at SUSECVE-2021-0076 at NVDCVE-2021-0161 at SUSECVE-2021-0161 at NVDCVE-2021-0164 at SUSECVE-2021-0164 at NVDCVE-2021-0165 at SUSECVE-2021-0165 at NVDCVE-2021-0166 at SUSECVE-2021-0166 at NVDCVE-2021-0168 at SUSECVE-2021-0168 at NVDCVE-2021-0170 at SUSECVE-2021-0170 at NVDCVE-2021-0172 at SUSECVE-2021-0172 at NVDCVE-2021-0173 at SUSECVE-2021-0173 at NVDCVE-2021-0174 at SUSECVE-2021-0174 at NVDCVE-2021-0175 at SUSECVE-2021-0175 at NVDCVE-2021-0176 at SUSECVE-2021-0176 at NVDCVE-2021-0183 at SUSECVE-2021-0183 at NVDCVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDcpe:/o:suse:suse-microos:5.0Security update for vim (Important)SUSE Linux Enterprise Micro 5.0
This update for vim fixes the following issues:
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570).
- CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893).
- CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481).
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294).
- CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298).
- CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556).
- CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066).
- CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126).
- CVE-2022-0361: Fixed buffer overflow (bsc#1195126).
- CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356).
ImportantSUSE bug 1190533SUSE bug 1190570SUSE bug 1191893SUSE bug 1192478SUSE bug 1192481SUSE bug 1193294SUSE bug 1193298SUSE bug 1194216SUSE bug 1194556SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195356CVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
The following non-security bugs were fixed:
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- gve: Add RX context (jsc#SLE-23652).
- gve: Add a jumbo-frame device option (jsc#SLE-23652).
- gve: Add consumed counts to ethtool stats (jsc#SLE-23652).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (jsc#SLE-23652).
- gve: Correct order of processing device options (jsc#SLE-23652).
- gve: Fix GFP flags when allocing pages (jsc#SLE-23652).
- gve: Implement packet continuation for RX (jsc#SLE-23652).
- gve: Implement suspend/resume/shutdown (jsc#SLE-23652).
- gve: Move the irq db indexes out of the ntfy block struct (jsc#SLE-23652).
- gve: Recording rx queue before sending to napi (jsc#SLE-23652).
- gve: Update gve_free_queue_page_list signature (jsc#SLE-23652).
- gve: Use kvcalloc() instead of kvzalloc() (jsc#SLE-23652).
- gve: fix for null pointer dereference (jsc#SLE-23652).
- gve: fix the wrong AdminQ buffer queue index check (jsc#SLE-23652).
- gve: fix unmatched u64_stats_update_end() (jsc#SLE-23652).
- gve: remove memory barrier around seqno (jsc#SLE-23652).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- net: tipc: validate domain record count on input (bsc#1195254).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
ImportantSUSE bug 1189126SUSE bug 1191580SUSE bug 1192483SUSE bug 1194516SUSE bug 1195254SUSE bug 1195286SUSE bug 1195516SUSE bug 1195543SUSE bug 1195612SUSE bug 1195701SUSE bug 1195897SUSE bug 1195905SUSE bug 1195908SUSE bug 1195947SUSE bug 1195949SUSE bug 1195987SUSE bug 1195995SUSE bug 1196079SUSE bug 1196095SUSE bug 1196132SUSE bug 1196155SUSE bug 1196235SUSE bug 1196584SUSE bug 1196601SUSE bug 1196612SUSE bug 1196776CVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDcpe:/o:suse:suse-microos:5.0Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.0
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
The following non-security bugs were fixed:
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
ImportantSUSE bug 1191580SUSE bug 1192483SUSE bug 1195701SUSE bug 1195995SUSE bug 1196584CVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDcpe:/o:suse:suse-microos:5.0Security update for openssh (Important)SUSE Linux Enterprise Micro 5.0
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed a potential privilege escalation for non-default
configuration settings (bsc#1190975).
ImportantSUSE bug 1190975CVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:suse-microos:5.0Security update for glibc (Important)SUSE Linux Enterprise Micro 5.0
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770)
- CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)
- CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625)
Also the following bug was fixed:
- Fix pthread_rwlock_try*lock stalls (bsc#1195560)
ImportantSUSE bug 1193625SUSE bug 1194640SUSE bug 1194768SUSE bug 1194770SUSE bug 1195560CVE-2015-8985 at SUSECVE-2015-8985 at NVDCVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:suse-microos:5.0Security update for expat (Important)SUSE Linux Enterprise Micro 5.0
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:suse-microos:5.0Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.0
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step ModerateSUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1162964SUSE bug 1172113SUSE bug 1173277SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1187906SUSE bug 1190926SUSE bug 1194229CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:suse-microos:5.0Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.0
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-microos:5.0Security update for slirp4netns (Moderate)SUSE Linux Enterprise Micro 5.0
This update for slirp4netns fixes the following issues:
- CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467).
ModerateSUSE bug 1179467CVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:suse-microos:5.0Security update for libesmtp (Important)SUSE Linux Enterprise Micro 5.1
This update for libesmtp fixes the following issues:
- CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).
ImportantSUSE bug 1160462SUSE bug 1189097CVE-2019-19977 at SUSECVE-2019-19977 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Low)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.
Read buffer overruns processing ASN.1 strings (bsc#1189521).
LowSUSE bug 1189521CVE-2021-3712 at SUSECVE-2021-3712 at NVDcpe:/o:suse:suse-microos:5.1Security update for libtpms (Important)SUSE Linux Enterprise Micro 5.1
This update for libtpms fixes the following issues:
- CVE-2021-3746: Fixed out-of-bounds access via specially crafted TPM 2 command packets (bsc#1189935).
ImportantSUSE bug 1189935CVE-2021-3746 at SUSECVE-2021-3746 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for mozilla-nspr, mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:
* implement new socket option PR_SockOpt_DontFrag
* support larger DNS records by increasing the default buffer
size for DNS queries
* Lock access to PRCallOnceType members in PR_CallOnce* for
thread safety bmo#1686138
* PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
information about the operating system build version.
Mozilla NSS was updated to version 3.68:
* bmo#1713562 - Fix test leak.
* bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
* bmo#1693206 - Implement PKCS8 export of ECDSA keys.
* bmo#1712883 - DTLS 1.3 draft-43.
* bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
* bmo#1713562 - Validate ECH public names.
* bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
update to NSS 3.67
* bmo#1683710 - Add a means to disable ALPN.
* bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
* bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
* bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
* bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
update to NSS 3.66
* bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
* bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
* bmo#1708307 - Remove Trustis FPS Root CA from NSS.
* bmo#1707097 - Add Certum Trusted Root CA to NSS.
* bmo#1707097 - Add Certum EC-384 CA to NSS.
* bmo#1703942 - Add ANF Secure Server Root CA to NSS.
* bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
* bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
* bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
* bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
* bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
* bmo#1709291 - Add VerifyCodeSigningCertificateChain.
update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
update to NSS 3.64
* bmo#1705286 - Properly detect mips64.
* bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
disable_crypto_vsx.
* bmo#1698320 - replace __builtin_cpu_supports('vsx') with
ppc_crypto_support() for clang.
* bmo#1613235 - Add POWER ChaCha20 stream cipher vector
acceleration.
Fixed in 3.63
* bmo#1697380 - Make a clang-format run on top of helpful contributions.
* bmo#1683520 - ECCKiila P384, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
scalar multiplication.
* bmo#1683520 - ECCKiila P521, change syntax of nested structs
initialization to prevent build isses with GCC 4.8.
* bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
scalar multiplication.
* bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
* bmo#1694214 - tstclnt can't enable middlebox compat mode.
* bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
profiles.
* bmo#1685880 - Minor fix to prevent unused variable on early return.
* bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
with nss build.
* bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
of root CA changes, CA list version 2.48.
* bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
'Chambers of Commerce' and 'Global Chambersign' roots.
* bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
* bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
* bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
* bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
from NSS.
* bmo#1687822 - Turn off Websites trust bit for the “Staat der
Nederlanden Root CA - G3” root cert in NSS.
* bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
Root - 2008' and 'Global Chambersign Root - 2008’.
* bmo#1694291 - Tracing fixes for ECH.
update to NSS 3.62
* bmo#1688374 - Fix parallel build NSS-3.61 with make
* bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
can corrupt 'cachedCertTable'
* bmo#1690583 - Fix CH padding extension size calculation
* bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
* bmo#1690421 - Install packaged libabigail in docker-builds image
* bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
* bmo#1674819 - Fixup a51fae403328, enum type may be signed
* bmo#1681585 - Add ECH support to selfserv
* bmo#1681585 - Update ECH to Draft-09
* bmo#1678398 - Add Export/Import functions for HPKE context
* bmo#1678398 - Update HPKE to draft-07
update to NSS 3.61
* bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
values under certain conditions.
* bmo#1684300 - Fix default PBE iteration count when NSS is compiled
with NSS_DISABLE_DBM.
* bmo#1651411 - Improve constant-timeness in RSA operations.
* bmo#1677207 - Upgrade Google Test version to latest release.
* bmo#1654332 - Add aarch64-make target to nss-try.
Update to NSS 3.60.1:
Notable changes in NSS 3.60:
* TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
implementation. See bmo#1654332 for more information.
* December 2020 batch of Root CA changes, builtins library updated
to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
for more information.
Update to NSS 3.59.1:
* bmo#1679290 - Fix potential deadlock with certain third-party
PKCS11 modules
Update to NSS 3.59:
Notable changes:
* Exported two existing functions from libnss:
CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
Bugfixes
* bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
* bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
* bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
* bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
* bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
root certs when SHA1 signatures are disabled.
* bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
solve some test intermittents
* bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
our CVE-2020-25648 fix that broke purple-discord
(boo#1179382)
* bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
* bmo#1667989 - Fix gyp linking on Solaris
* bmo#1668123 - Export CERT_AddCertToListHeadWithData and
CERT_AddCertToListTailWithData from libnss
* bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
* bmo#1663091 - Remove unnecessary assertions in the streaming
ASN.1 decoder that affected decoding certain PKCS8
private keys when using NSS debug builds
* bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
update to NSS 3.58
Bugs fixed:
* bmo#1641480 (CVE-2020-25648)
Tighten CCS handling for middlebox compatibility mode.
* bmo#1631890 - Add support for Hybrid Public Key Encryption
(draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
(draft-ietf-tls-esni).
* bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
extensions.
* bmo#1668328 - Handle spaces in the Python path name when using
gyp on Windows.
* bmo#1667153 - Add PK11_ImportDataKey for data object import.
* bmo#1665715 - Pass the embedded SCT list extension (if present)
to TrustDomain::CheckRevocation instead of the notBefore value.
update to NSS 3.57
* The following CA certificates were Added:
bmo#1663049 - CN=Trustwave Global Certification Authority
SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
* The following CA certificates were Removed:
bmo#1651211 - CN=EE Certification Centre Root CA
SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
bmo#1656077 - O=Government Root Certification Authority; C=TW
SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
* Trust settings for the following CA certificates were Modified:
bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
Websites (server authentication) trust bit removed.
* https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
update to NSS 3.56
Notable changes
* bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
* bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
* bmo#1654142 - Add CPU feature detection for Intel SHA extension.
* bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
* bmo#1656986 - Properly detect arm64 during GYP build architecture
detection.
* bmo#1652729 - Add build flag to disable RC2 and relocate to
lib/freebl/deprecated.
* bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
* bmo#1588941 - Send empty certificate message when scheme selection
fails.
* bmo#1652032 - Fix failure to build in Windows arm64 makefile
cross-compilation.
* bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
* bmo#1653975 - Fix 3.53 regression by setting 'all' as the default
makefile target.
* bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
* bmo#1659814 - Fix interop.sh failures with newer tls-interop
commit and dependencies.
* bmo#1656519 - NSPR dependency updated to 4.28
update to NSS 3.55
Notable changes
* P384 and P521 elliptic curve implementations are replaced with
verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
* PK11_FindCertInSlot is added. With this function, a given slot
can be queried with a DER-Encoded certificate, providing performance
and usability improvements over other mechanisms. (bmo#1649633)
* DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
Relevant Bugfixes
* bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
* bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
* bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
* bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
ChaCha20 (which was not functioning correctly) and more strictly
enforce tag length.
* bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
* bmo#1653202 - Fix initialization bug in blapitest when compiled
with NSS_DISABLE_DEPRECATED_SEED.
* bmo#1646594 - Fix AVX2 detection in makefile builds.
* bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
for a DER-encoded certificate.
* bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
* bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
* bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
* bmo#1649226 - Add Wycheproof ECDSA tests.
* bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
* bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
RSA_CheckSignRecover.
* bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
signature_algorithms extension.
update to NSS 3.54
Notable changes
* Support for TLS 1.3 external pre-shared keys (bmo#1603042).
* Use ARM Cryptography Extension for SHA256, when available
(bmo#1528113)
* The following CA certificates were Added:
bmo#1645186 - certSIGN Root CA G2.
bmo#1645174 - e-Szigno Root CA 2017.
bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
* The following CA certificates were Removed:
bmo#1645199 - AddTrust Class 1 CA Root.
bmo#1645199 - AddTrust External CA Root.
bmo#1641718 - LuxTrust Global Root 2.
bmo#1639987 - Staat der Nederlanden Root CA - G2.
bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
* A number of certificates had their Email trust bit disabled.
See bmo#1618402 for a complete list.
Bugs fixed
* bmo#1528113 - Use ARM Cryptography Extension for SHA256.
* bmo#1603042 - Add TLS 1.3 external PSK support.
* bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
* bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
* bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
* bmo#1641716 - Add Microsoft's non-EV root certificates.
* bmo1621151 - Disable email trust bit for 'O=Government
Root Certification Authority; C=TW' root.
* bmo#1645199 - Remove AddTrust root certificates.
* bmo#1641718 - Remove 'LuxTrust Global Root 2' root certificate.
* bmo#1639987 - Remove 'Staat der Nederlanden Root CA - G2' root
certificate.
* bmo#1618402 - Remove Symantec root certificates and disable email trust
bit.
* bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
* bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
* bmo#1642153 - Fix infinite recursion building NSS.
* bmo#1642638 - Fix fuzzing assertion crash.
* bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
* bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
* bmo#1643557 - Fix numerous compile warnings in NSS.
* bmo#1644774 - SSL gtests to use ClearServerCache when resetting
self-encrypt keys.
* bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
* bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ModerateSUSE bug 1029961SUSE bug 1174697SUSE bug 1176206SUSE bug 1176934SUSE bug 1179382SUSE bug 1188891CVE-2020-12400 at SUSECVE-2020-12400 at NVDCVE-2020-12401 at SUSECVE-2020-12401 at NVDCVE-2020-12403 at SUSECVE-2020-12403 at NVDCVE-2020-25648 at SUSECVE-2020-25648 at NVDCVE-2020-6829 at SUSECVE-2020-6829 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).
- Upstream bug fixes (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1189632CVE-2021-28701 at SUSECVE-2021-28701 at NVDcpe:/o:suse:suse-microos:5.1Security update for hivex (Moderate)SUSE Linux Enterprise Micro 5.1
This update for hivex fixes the following issues:
- CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060).
ModerateSUSE bug 1189060CVE-2021-3622 at SUSECVE-2021-3622 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
- CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
- CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
- CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
- CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ).
- CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393).
- CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
The following non-security bugs were fixed:
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
- ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes).
- ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes).
- ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes).
- ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes).
- ALSA: hda/realtek - Add type for ALC287 (git-fixes).
- ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
- ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes).
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ALSA: hda: Fix hang during shutdown due to link reset (git-fixes).
- ALSA: hda: Release controller display power during shutdown/reboot (git-fixes).
- ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
- ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
- ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes).
- ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes).
- ASoC: amd: Fix reference to PCM buffer address (git-fixes).
- ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
- ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes).
- ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
- ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes).
- ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes).
- ASoC: rt5682: Adjust headset volume button threshold (git-fixes).
- ASoC: rt5682: Adjust headset volume button threshold again (git-fixes).
- ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes).
- ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes).
- ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes).
- ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes).
- ASoC: uniphier: Fix reference to PCM buffer address (git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
- ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes).
- Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes).
- Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes).
- Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes).
- Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes).
- Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412)
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
- KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788).
- KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959).
- KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959).
- KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780).
- KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781).
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782).
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783).
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784).
- KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959).
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- NFS: Correct size calculation for create reply length (bsc#1189870).
- NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021)
- NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes).
- NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
- RDMA/bnxt_re: Fix stats counters (bsc#1188231).
- SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924).
- SUNRPC: improve error response to over-size gss credential (bsc#1190022).
- SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021).
- USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- bdi: Do not use freezable workqueue (bsc#1189573).
- blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
- blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503).
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- block: fix trace completion for chained bio (bsc#1189505).
- bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075).
- brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481).
- btrfs: add a trace point for reserve tickets (bsc#1135481).
- btrfs: adjust the flush trace point to include the source (bsc#1135481).
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
- btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- btrfs: implement space clamping for preemptive flushing (bsc#1135481).
- btrfs: improve preemptive background space flushing (bsc#1135481).
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
- btrfs: rename need_do_async_reclaim (bsc#1135481).
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
- btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077).
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481).
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
- btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
- btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481).
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes).
- ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468).
- ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468).
- ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427).
- cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- cpuidle: Consolidate disabled state checks (bsc#1175543)
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
- crypto: qat - use proper type for vf_mask (git-fixes).
- crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes).
- device-dax: Fix default return code of range_parse() (git-fixes).
- dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes).
- dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
- drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes).
- drm/amd/display: Fix comparison error in dcn21 DML (git-fixes).
- drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes).
- drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes).
- drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes).
- drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/amdgpu/display: fix DMUB firmware version info (git-fixes).
- drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes).
- drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes).
- drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes).
- drm/dp_mst: Fix return code on sideband message failure (git-fixes).
- drm/i915/dg1: gmbus pin mapping (bsc#1188700).
- drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700).
- drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700).
- drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700).
- drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700).
- drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700).
- drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700).
- drm/i915: Add VBT AUX CH H and I (bsc#1188700).
- drm/i915: Add VBT DVO ports H and I (bsc#1188700).
- drm/i915: Add more AUX CHs to the enum (bsc#1188700).
- drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700).
- drm/i915: Correct SFC_DONE register offset (git-fixes).
- drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700).
- drm/i915: Move hpd_pin setup to encoder init (bsc#1188700).
- drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700).
- drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes).
- drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes).
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
- drm/msm: Fix error return code in msm_drm_init() (git-fixes).
- drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes).
- drm/of: free the iterator object on failure (git-fixes).
- drm/of: free the right object (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes).
- drm/prime: fix comment on PRIME Helpers (git-fixes).
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568).
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576).
- ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
- ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
- firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes).
- fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428).
- fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes).
- fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes).
- fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
- gpio: eic-sprd: break loop when getting NULL device resource (git-fixes).
- gpio: tqmx86: really make IRQ optional (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time (git-fixes).
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- intel_idle: Annotate init time data structures (bsc#1175543)
- intel_idle: Customize IceLake server support (bsc#1175543)
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- iommu/amd: Fix extended features logging (bsc#1189213).
- iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762).
- iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
- iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215).
- iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216).
- iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
- iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219).
- iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220).
- iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221).
- iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
- ionic: add handling of larger descriptors (jsc#SLE-16649).
- ionic: add new queue features to interface (jsc#SLE-16649).
- ionic: aggregate Tx byte counting calls (jsc#SLE-16649).
- ionic: block actions during fw reset (jsc#SLE-16649).
- ionic: change mtu after queues are stopped (jsc#SLE-16649).
- ionic: check for link after netdev registration (jsc#SLE-16649).
- ionic: code cleanup details (jsc#SLE-16649).
- ionic: fix sizeof usage (jsc#SLE-16649).
- ionic: fix unchecked reference (jsc#SLE-16649).
- ionic: fix up dim accounting for tx and rx (jsc#SLE-16649).
- ionic: generic tx skb mapping (jsc#SLE-16649).
- ionic: implement Rx page reuse (jsc#SLE-16649).
- ionic: make all rx_mode work threadsafe (jsc#SLE-16649).
- ionic: move rx_page_alloc and free (jsc#SLE-16649).
- ionic: optimize fastpath struct usage (jsc#SLE-16649).
- ionic: protect adminq from early destroy (jsc#SLE-16649).
- ionic: rebuild debugfs on qcq swap (jsc#SLE-16649).
- ionic: remove intr coalesce update from napi (jsc#SLE-16649).
- ionic: remove some unnecessary oom messages (jsc#SLE-16649).
- ionic: simplify TSO descriptor mapping (jsc#SLE-16649).
- ionic: simplify rx skb alloc (jsc#SLE-16649).
- ionic: simplify the intr_index use in txq_init (jsc#SLE-16649).
- ionic: simplify tx clean (jsc#SLE-16649).
- ionic: simplify use of completion types (jsc#SLE-16649).
- ionic: start queues before announcing link up (jsc#SLE-16649).
- ionic: stop watchdog when in broken state (jsc#SLE-16649).
- ionic: useful names for booleans (jsc#SLE-16649).
- iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes).
- iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes).
- iwlwifi: skip first element in the WTAS ACPI table (git-fixes).
- kABI fix of usb_dcd_config_params (git-fixes).
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021)
- kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153).
- kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841).
- leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- md/raid10: properly indicate failure when ending a failed write request (git-fixes).
- md: revert io stats accounting (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
- media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
- misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes).
- misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes).
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569).
- mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301).
- mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872).
- mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes).
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes).
- nbd: Aovid double completion of a request (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412)
- net/mlx5: Properly convey driver version to firmware (git-fixes).
- net/mlx5e: Add missing capability check for uplink follow (bsc#1188412)
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes).
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270)
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme: code command_id with a genctr for use-after-free validation (bsc#1181972).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
- ocfs2: fix snprintf() checking (bsc#1189581).
- ocfs2: fix zero out valid data (bsc#1189579).
- ocfs2: initialize ip_next_orphan (bsc#1186731).
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- ovl: allow upperdir inside lowerdir (bsc#1189323).
- ovl: expand warning in ovl_d_real() (bsc#1189323).
- ovl: fix missing revert_creds() on error path (bsc#1189323).
- ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
- ovl: skip getxattr of security labels (bsc#1189323).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225).
- pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes).
- platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes).
- post.sh: detect /usr mountpoint too
- power: supply: max17042: handle fails of reading status register (git-fixes).
- powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
- powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906).
- powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break.
- powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes).
- powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change.
- rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817).
- s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
- scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
- scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970).
- scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- scsi: libfc: Fix array index out of bound exception (bsc#1188616).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385).
- scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385).
- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385).
- scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392).
- scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
- scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392).
- scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392).
- scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Add key update (bsc#1189392).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392).
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392).
- scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392).
- scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes).
- serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes).
- serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes).
- serial: tegra: Only print FIFO error message when an error occurs (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes).
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes).
- spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- spi: stm32h7: fix full duplex irq handler handling (git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes).
- staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
- tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes).
- tracing / histogram: Give calculation hist_fields a size (git-fixes).
- tracing: Reject string operand in the histogram expression (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455).
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes).
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- usb: dwc3: Separate field holding multiple properties (git-fixes).
- usb: dwc3: Stop active transfers before halting the controller (git-fixes).
- usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
- usb: dwc3: Use devres to get clocks (git-fixes).
- usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes).
- usb: dwc3: debug: Remove newline printout (git-fixes).
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes).
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes).
- usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
- usb: dwc3: gadget: Do not setup more than requested (git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes).
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes).
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
- usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes).
- usb: dwc3: support continuous runtime PM with dual role (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes).
- usb: gadget: Export recommended BESL values (git-fixes).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes).
- usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
- usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766).
- virt_wifi: fix error on connect (git-fixes).
- wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
- wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes).
- wireguard: allowedips: remove nodes in O(1) (git-fixes).
- writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
- x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
- x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489).
- x86/fpu: Reset state for all signal restore failures (bsc#1152489).
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337).
- x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337).
- x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337).
- x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489).
- x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959).
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- xprtrdma: Pad optimization, revisited (bsc#1189760).
ImportantSUSE bug 1040364SUSE bug 1127650SUSE bug 1135481SUSE bug 1152489SUSE bug 1160010SUSE bug 1168202SUSE bug 1171420SUSE bug 1174969SUSE bug 1175052SUSE bug 1175543SUSE bug 1177399SUSE bug 1180100SUSE bug 1180141SUSE bug 1180347SUSE bug 1181006SUSE bug 1181148SUSE bug 1181972SUSE bug 1184180SUSE bug 1185902SUSE bug 1186264SUSE bug 1186731SUSE bug 1187211SUSE bug 1187455SUSE bug 1187468SUSE bug 1187483SUSE bug 1187619SUSE bug 1187959SUSE bug 1188067SUSE bug 1188172SUSE bug 1188231SUSE bug 1188270SUSE bug 1188412SUSE bug 1188418SUSE bug 1188616SUSE bug 1188700SUSE bug 1188780SUSE bug 1188781SUSE bug 1188782SUSE bug 1188783SUSE bug 1188784SUSE bug 1188786SUSE bug 1188787SUSE bug 1188788SUSE bug 1188790SUSE bug 1188878SUSE bug 1188885SUSE bug 1188924SUSE bug 1188982SUSE bug 1188983SUSE bug 1188985SUSE bug 1189021SUSE bug 1189057SUSE bug 1189077SUSE bug 1189153SUSE bug 1189197SUSE bug 1189209SUSE bug 1189210SUSE bug 1189212SUSE bug 1189213SUSE bug 1189214SUSE bug 1189215SUSE bug 1189216SUSE bug 1189217SUSE bug 1189218SUSE bug 1189219SUSE bug 1189220SUSE bug 1189221SUSE bug 1189222SUSE bug 1189225SUSE bug 1189229SUSE bug 1189233SUSE bug 1189262SUSE bug 1189291SUSE bug 1189292SUSE bug 1189296SUSE bug 1189298SUSE bug 1189301SUSE bug 1189305SUSE bug 1189323SUSE bug 1189384SUSE bug 1189385SUSE bug 1189392SUSE bug 1189393SUSE bug 1189399SUSE bug 1189400SUSE bug 1189427SUSE bug 1189503SUSE bug 1189504SUSE bug 1189505SUSE bug 1189506SUSE bug 1189507SUSE bug 1189562SUSE bug 1189563SUSE bug 1189564SUSE bug 1189565SUSE bug 1189566SUSE bug 1189567SUSE bug 1189568SUSE bug 1189569SUSE bug 1189573SUSE bug 1189574SUSE bug 1189575SUSE bug 1189576SUSE bug 1189577SUSE bug 1189579SUSE bug 1189581SUSE bug 1189582SUSE bug 1189583SUSE bug 1189585SUSE bug 1189586SUSE bug 1189587SUSE bug 1189706SUSE bug 1189760SUSE bug 1189762SUSE bug 1189832SUSE bug 1189841SUSE bug 1189870SUSE bug 1189872SUSE bug 1189883SUSE bug 1190022SUSE bug 1190025SUSE bug 1190115SUSE bug 1190117SUSE bug 1190412SUSE bug 1190413SUSE bug 1190428CVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3640 at SUSECVE-2021-3640 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3679 at SUSECVE-2021-3679 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38166 at SUSECVE-2021-38166 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-38204 at SUSECVE-2021-38204 at NVDCVE-2021-38205 at SUSECVE-2021-38205 at NVDCVE-2021-38206 at SUSECVE-2021-38206 at NVDCVE-2021-38207 at SUSECVE-2021-38207 at NVDCVE-2021-38209 at SUSECVE-2021-38209 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
- CVE-2021-33574: Fixed use __pthread_attr_copy in mq_notify (bsc#1186489).
- CVE-2021-35942: Fixed wordexp handle overflow in positional parameter number (bsc#1187911).
ModerateSUSE bug 1186489SUSE bug 1187911CVE-2021-33574 at SUSECVE-2021-33574 at NVDCVE-2021-35942 at SUSECVE-2021-35942 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).
ModerateSUSE bug 1190373SUSE bug 1190374CVE-2021-22946 at SUSECVE-2021-22946 at NVDCVE-2021-22947 at SUSECVE-2021-22947 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
The following non-security bugs were fixed:
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/ast: Fix missing conversions to managed API (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878).
- ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ionic: drop useless check of PCI driver data validity (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- optee: Fix memory leak when failing to register shm pages (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).
- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1148868SUSE bug 1152489SUSE bug 1154353SUSE bug 1159886SUSE bug 1167773SUSE bug 1170774SUSE bug 1171688SUSE bug 1173746SUSE bug 1174003SUSE bug 1176447SUSE bug 1176940SUSE bug 1177028SUSE bug 1178134SUSE bug 1184439SUSE bug 1184804SUSE bug 1185302SUSE bug 1185550SUSE bug 1185677SUSE bug 1185726SUSE bug 1185762SUSE bug 1187211SUSE bug 1188067SUSE bug 1188418SUSE bug 1188651SUSE bug 1188986SUSE bug 1189257SUSE bug 1189297SUSE bug 1189841SUSE bug 1189884SUSE bug 1190023SUSE bug 1190062SUSE bug 1190115SUSE bug 1190138SUSE bug 1190159SUSE bug 1190358SUSE bug 1190406SUSE bug 1190432SUSE bug 1190467SUSE bug 1190523SUSE bug 1190534SUSE bug 1190543SUSE bug 1190544SUSE bug 1190561SUSE bug 1190576SUSE bug 1190595SUSE bug 1190596SUSE bug 1190598SUSE bug 1190620SUSE bug 1190626SUSE bug 1190679SUSE bug 1190705SUSE bug 1190717SUSE bug 1190746SUSE bug 1190758SUSE bug 1190784SUSE bug 1190785SUSE bug 1191172SUSE bug 1191193SUSE bug 1191292CVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-3669 at SUSECVE-2021-3669 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)
- CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
- CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
- CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).
- CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
- CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
- CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
- CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
- CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
- CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
- CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
- CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
- CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420).
The following non-security bugs were fixed:
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
- ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes).
- ALSA: hda/realtek: Quirk for HP Spectre x360 14 amp setup (git-fixes).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS ROG Strix G17 (git-fixes).
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800 (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes).
- ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: rt5682: Adjust headset volume button threshold (git-fixes).
- ASoC: rt5682: Adjust headset volume button threshold again (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- Avoid double printing SUSE specific flags in mod->taint (bsc#1190413).
- backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- bdi: Do not use freezable workqueue (bsc#1189573).
- blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503).
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- block: fix trace completion for chained bio (bsc#1189505).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes).
- Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes).
- Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes).
- Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028).
- brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481).
- btrfs: add a trace point for reserve tickets (bsc#1135481).
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- btrfs: adjust the flush trace point to include the source (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- btrfs: do async reclaim for data reservations (bsc#1135481).
- btrfs: do not force commit if we are data (bsc#1135481).
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- btrfs: implement space clamping for preemptive flushing (bsc#1135481).
- btrfs: improve preemptive background space flushing (bsc#1135481).
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481).
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- btrfs: rename need_do_async_reclaim (bsc#1135481).
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
- btrfs: rip out may_commit_transaction (bsc#1135481).
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481).
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
- btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
- btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481).
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- btrfs: use ticketing for data space reservations (bsc#1135481).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes).
- cgroup: verify that source is a string (bsc#1190131).
- cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- cpuidle: Consolidate disabled state checks (bsc#1175543)
- cpuidle: cpuidle_state kABI fix (bsc#1175543)
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128).
- crypto: qat - use proper type for vf_mask (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- device-dax: Fix default return code of range_parse() (git-fixes).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ (git-fixes).
- dmaengine: idxd: clear block on fault flag when clear wq (git-fixes).
- dmaengine: idxd: fix wq slot allocation index check (git-fixes).
- dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm: Copy drm_wait_vblank to user before returning (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes).
- drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes).
- drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes).
- drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/ast: Fix missing conversions to managed API (git-fixes).
- drm/dp_mst: Fix return code on sideband message failure (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/i915: Add more AUX CHs to the enum (bsc#1188700).
- drm/i915: Add VBT AUX CH H and I (bsc#1188700).
- drm/i915: Add VBT DVO ports H and I (bsc#1188700).
- drm/i915: Allow the sysadmin to override security mitigations (git-fixes).
- drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700).
- drm/i915: Introduce HPD_PORT_TC (bsc#1188700).
- drm/i915: Move hpd_pin setup to encoder init (bsc#1188700).
- drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700).
- drm/i915/dg1: gmbus pin mapping (bsc#1188700).
- drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700).
- drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700).
- drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700).
- drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700).
- drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700).
- drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700).
- drm/i915/rkl: Remove require_force_probe protection (bsc#1189257).
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm: Fix error return code in msm_drm_init() (git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes).
- drm/nouveau/disp: power down unused DP links during init (git-fixes).
- drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/of: free the iterator object on failure (git-fixes).
- drm/of: free the right object (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes).
- drm/panfrost: Simplify lock_region calculation (git-fixes).
- drm/panfrost: Use u64 for size in lock_region (git-fixes).
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- drm/prime: fix comment on PRIME Helpers (git-fixes).
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- enetc: Fix uninitialized struct dim_sample field usage (git-fixes).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568).
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576).
- ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
- ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: mpc8xxx: Fix a resources leak in the error handling path of 'mpc8xxx_probe()' (git-fixes).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats (git-fixes).
- gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for (semi)planar U/V formats (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
- HID: input: do not report stylus battery state as 'full' (git-fixes).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878).
- ice: do not remove netdev->dev_addr from uc sync list (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- Improved the warning message.
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- intel_idle: Annotate init time data structures (bsc#1175543)
- intel_idle: Customize IceLake server support (bsc#1175543)
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- intel_idle: Use ACPI _CST on server systems (bsc#1175543)
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ionic: drop useless check of PCI driver data validity (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes).
- iwlwifi: skip first element in the WTAS ACPI table (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- kernel-binary.spec.in: add zstd to BuildRequires if used
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 ('rpm: Define $certs as rpm macro (bsc#1189841).')
- kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153).
- leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- lockd: Fix invalid lockowner cast after vfs_test_lock (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- md: revert io stats accounting (git-fixes).
- md/raid10: properly indicate failure when ending a failed write request (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
- memcg: enable accounting for file lock caches (bsc#1190115).
- mfd: axp20x: Update AXP288 volatile ranges (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error (git-fixes).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872).
- mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569).
- mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes).
- mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes).
- nbd: Aovid double completion of a request (git-fixes).
- nbd: do not update block size after device is started (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270)
- net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412)
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Add missing capability check for uplink follow (bsc#1188412)
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: Correct size calculation for create reply length (bsc#1189870).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nfsd4: Fix forced-expiry locking (git-fixes).
- NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes).
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: code command_id with a genctr for use-after-free validation (bsc#1181972).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
- ocfs2: fix snprintf() checking (bsc#1189581).
- ocfs2: fix zero out valid data (bsc#1189579).
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439).
- optee: Fix memory leak when failing to register shm pages (git-fixes).
- overflow: Correct check_shl_overflow() comment (git-fixes).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: Call Max Payload Size-related fixup quirks early (git-fixes).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- PCI: iproc: Fix BCMA probe resource handling (git-fixes).
- PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI/portdrv: Enable Bandwidth Notification only if port supports it (git-fixes).
- perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225).
- phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes).
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- PM: sleep: core: Avoid setting power.must_resume to false (git-fixes).
- post.sh: detect /usr mountpoint too
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- power: supply: max17042: handle fails of reading status register (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: lpc32xx: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes).
- reset: reset-zynqmp: Fixed the argument data type (git-fixes).
- rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used.
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate.
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately.
- rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla).
- rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
- sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes).
- sched/rt: Fix RT utilization tracking during policy change (git-fixes)
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- scsi: libfc: Fix array index out of bound exception (bsc#1188616).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420 CVE2020-12770).
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576).
- selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes).
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: Fix potential memory corruption (git-fixes).
- SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924).
- SUNRPC: improve error response to over-size gss credential (bsc#1190022).
- SUNRPC: Simplify socket shutdown when not reusing TCP ports (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes).
- tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586).
- ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455).
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes).
- usb: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: Fix error path in gadget registration (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes).
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes).
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- usb: dwc3: debug: Remove newline printout (git-fixes).
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
- usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
- usb: dwc3: gadget: Do not setup more than requested (git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes).
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- usb: dwc3: Separate field holding multiple properties (git-fixes).
- usb: dwc3: support continuous runtime PM with dual role (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: Export recommended BESL values (git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device (git-fixes).
- VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337).
- x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337).
- x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337).
- x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489).
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
- xprtrdma: Pad optimization, revisited (bsc#1189760).
ImportantSUSE bug 1065729SUSE bug 1124431SUSE bug 1127650SUSE bug 1135481SUSE bug 1148868SUSE bug 1152489SUSE bug 1154353SUSE bug 1159886SUSE bug 1167032SUSE bug 1167773SUSE bug 1168202SUSE bug 1170774SUSE bug 1171420SUSE bug 1171688SUSE bug 1173746SUSE bug 1174003SUSE bug 1175543SUSE bug 1176447SUSE bug 1176940SUSE bug 1177028SUSE bug 1177399SUSE bug 1178134SUSE bug 1180141SUSE bug 1180347SUSE bug 1181006SUSE bug 1181972SUSE bug 1184114SUSE bug 1184439SUSE bug 1184611SUSE bug 1184804SUSE bug 1185302SUSE bug 1185550SUSE bug 1185675SUSE bug 1185677SUSE bug 1185726SUSE bug 1185762SUSE bug 1185898SUSE bug 1187211SUSE bug 1187455SUSE bug 1187591SUSE bug 1187619SUSE bug 1188067SUSE bug 1188172SUSE bug 1188270SUSE bug 1188412SUSE bug 1188418SUSE bug 1188439SUSE bug 1188616SUSE bug 1188651SUSE bug 1188694SUSE bug 1188700SUSE bug 1188878SUSE bug 1188924SUSE bug 1188983SUSE bug 1188985SUSE bug 1188986SUSE bug 1189153SUSE bug 1189225SUSE bug 1189257SUSE bug 1189262SUSE bug 1189297SUSE bug 1189301SUSE bug 1189399SUSE bug 1189400SUSE bug 1189503SUSE bug 1189504SUSE bug 1189505SUSE bug 1189506SUSE bug 1189507SUSE bug 1189562SUSE bug 1189563SUSE bug 1189564SUSE bug 1189565SUSE bug 1189566SUSE bug 1189567SUSE bug 1189568SUSE bug 1189569SUSE bug 1189573SUSE bug 1189574SUSE bug 1189575SUSE bug 1189576SUSE bug 1189577SUSE bug 1189579SUSE bug 1189581SUSE bug 1189582SUSE bug 1189583SUSE bug 1189585SUSE bug 1189586SUSE bug 1189587SUSE bug 1189696SUSE bug 1189706SUSE bug 1189760SUSE bug 1189762SUSE bug 1189832SUSE bug 1189841SUSE bug 1189870SUSE bug 1189872SUSE bug 1189883SUSE bug 1189884SUSE bug 1190022SUSE bug 1190023SUSE bug 1190025SUSE bug 1190062SUSE bug 1190115SUSE bug 1190117SUSE bug 1190131SUSE bug 1190138SUSE bug 1190159SUSE bug 1190181SUSE bug 1190358SUSE bug 1190406SUSE bug 1190412SUSE bug 1190413SUSE bug 1190428SUSE bug 1190467SUSE bug 1190523SUSE bug 1190534SUSE bug 1190543SUSE bug 1190544SUSE bug 1190561SUSE bug 1190576SUSE bug 1190595SUSE bug 1190596SUSE bug 1190598SUSE bug 1190620SUSE bug 1190626SUSE bug 1190679SUSE bug 1190705SUSE bug 1190717SUSE bug 1190746SUSE bug 1190758SUSE bug 1190784SUSE bug 1190785SUSE bug 1191172SUSE bug 1191193SUSE bug 1191292SUSE bug 859220CVE-2020-12770 at SUSECVE-2020-12770 at NVDCVE-2020-3702 at SUSECVE-2020-3702 at NVDCVE-2021-34556 at SUSECVE-2021-34556 at NVDCVE-2021-35477 at SUSECVE-2021-35477 at NVDCVE-2021-3653 at SUSECVE-2021-3653 at NVDCVE-2021-3656 at SUSECVE-2021-3656 at NVDCVE-2021-3669 at SUSECVE-2021-3669 at NVDCVE-2021-3732 at SUSECVE-2021-3732 at NVDCVE-2021-3739 at SUSECVE-2021-3739 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-3744 at SUSECVE-2021-3744 at NVDCVE-2021-3752 at SUSECVE-2021-3752 at NVDCVE-2021-3753 at SUSECVE-2021-3753 at NVDCVE-2021-3759 at SUSECVE-2021-3759 at NVDCVE-2021-3764 at SUSECVE-2021-3764 at NVDCVE-2021-38160 at SUSECVE-2021-38160 at NVDCVE-2021-38198 at SUSECVE-2021-38198 at NVDCVE-2021-40490 at SUSECVE-2021-40490 at NVDcpe:/o:suse:suse-microos:5.1Security update for rpm (Important)SUSE Linux Enterprise Micro 5.1
This update for rpm fixes the following issues:
Security issues fixed:
- PGP hardening changes (bsc#1185299)
Maintaince issues fixed:
- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)
ImportantSUSE bug 1183659SUSE bug 1185299SUSE bug 1187670SUSE bug 1188548cpe:/o:suse:suse-microos:5.1Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).
ModerateSUSE bug 1189929CVE-2021-37750 at SUSECVE-2021-37750 at NVDcpe:/o:suse:suse-microos:5.1Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.1
This update for util-linux fixes the following issues:
- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921)
ModerateSUSE bug 1178236SUSE bug 1188921CVE-2021-37600 at SUSECVE-2021-37600 at NVDcpe:/o:suse:suse-microos:5.1Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ncurses fixes the following issues:
- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)
ModerateSUSE bug 1190793CVE-2021-39537 at SUSECVE-2021-39537 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd, docker, runc (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged
/usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355
- CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)
- Install systemd service file as well (bsc#1190826)
Update to runc v1.0.2. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.2
* Fixed a failure to set CPU quota period in some cases on cgroup v1.
* Fixed the inability to start a container with the 'adding seccomp filter
rule for syscall ...' error, caused by redundant seccomp rules (i.e. those
that has action equal to the default one). Such redundant rules are now
skipped.
* Made release builds reproducible from now on.
* Fixed a rare debug log race in runc init, which can result in occasional
harmful 'failed to decode ...' errors from runc run or exec.
* Fixed the check in cgroup v1 systemd manager if a container needs to be
frozen before Set, and add a setting to skip such freeze unconditionally.
The previous fix for that issue, done in runc 1.0.1, was not working.
Update to runc v1.0.1. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.1
* Fixed occasional runc exec/run failure ('interrupted system call') on an
Azure volume.
* Fixed 'unable to find groups ... token too long' error with /etc/group
containing lines longer than 64K characters.
* cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
frozen. This is a regression in 1.0.0, not affecting runc itself but some
of libcontainer users (e.g Kubernetes).
* cgroupv2: bpf: Ignore inaccessible existing programs in case of
permission error when handling replacement of existing bpf cgroup
programs. This fixes a regression in 1.0.0, where some SELinux
policies would block runc from being able to run entirely.
* cgroup/systemd/v2: don't freeze cgroup on Set.
* cgroup/systemd/v1: avoid unnecessary freeze on Set.
- fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704
Update to runc v1.0.0. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.0.0
! The usage of relative paths for mountpoints will now produce a warning
(such configurations are outside of the spec, and in future runc will
produce an error when given such configurations).
* cgroupv2: devices: rework the filter generation to produce consistent
results with cgroupv1, and always clobber any existing eBPF
program(s) to fix runc update and avoid leaking eBPF programs
(resulting in errors when managing containers).
* cgroupv2: correctly convert 'number of IOs' statistics in a
cgroupv1-compatible way.
* cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
* cgroupv2: wait for freeze to finish before returning from the freezing
code, optimize the method for checking whether a cgroup is frozen.
* cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
* cgroups/systemd: fixed returning 'unit already exists' error from a systemd
cgroup manager (regression in rc94)
+ cgroupv2: support SkipDevices with systemd driver
+ cgroup/systemd: return, not ignore, stop unit error from Destroy
+ Make 'runc --version' output sane even when built with go get or
otherwise outside of our build scripts.
+ cgroups: set SkipDevices during runc update (so we don't modify
cgroups at all during runc update).
+ cgroup1: blkio: support BFQ weights.
+ cgroupv2: set per-device io weights if BFQ IO scheduler is available.
Update to runc v1.0.0~rc95. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
This release of runc contains a fix for CVE-2021-30465, and users are
strongly recommended to update (especially if you are providing
semi-limited access to spawn containers to untrusted users). (bsc#1185405)
Update to runc v1.0.0~rc94. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
Breaking Changes:
* cgroupv1: kernel memory limits are now always ignored, as kmemcg has
been effectively deprecated by the kernel. Users should make use of regular
memory cgroup controls.
Regression Fixes:
* seccomp: fix 32-bit compilation errors
* runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
* runc start: fix 'chdir to cwd: permission denied' for some setups
ImportantSUSE bug 1102408SUSE bug 1185405SUSE bug 1187704SUSE bug 1188282SUSE bug 1190826SUSE bug 1191015SUSE bug 1191121SUSE bug 1191334SUSE bug 1191355SUSE bug 1191434CVE-2021-30465 at SUSECVE-2021-30465 at NVDCVE-2021-32760 at SUSECVE-2021-32760 at NVDCVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDcpe:/o:suse:suse-microos:5.1Security update for pcre (Moderate)SUSE Linux Enterprise Micro 5.1
This update for pcre fixes the following issues:
Update pcre to version 8.45:
- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)
ModerateSUSE bug 1172973SUSE bug 1172974CVE-2019-20838 at SUSECVE-2019-20838 at NVDCVE-2020-14155 at SUSECVE-2020-14155 at NVDcpe:/o:suse:suse-microos:5.1Security update for dnsmasq (Moderate)SUSE Linux Enterprise Micro 5.1
This update for dnsmasq fixes the following issues:
Update to version 2.86
- CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709)
- CVE-2020-14312: Set --local-service by default (bsc#1173646).
- Open inotify socket only when used (bsc#1180914).
ModerateSUSE bug 1173646SUSE bug 1180914SUSE bug 1183709CVE-2020-14312 at SUSECVE-2020-14312 at NVDCVE-2021-3448 at SUSECVE-2021-3448 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
- CVE-2021-21996: Exclude the full path of a download URL to prevent injection of malicious code. (bsc#1190265)
ModerateSUSE bug 1190265CVE-2021-21996 at SUSECVE-2021-21996 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938)
Non-security issues fixed:
- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)
ImportantSUSE bug 1189234SUSE bug 1189702SUSE bug 1189938SUSE bug 1190425CVE-2021-3713 at SUSECVE-2021-3713 at NVDCVE-2021-3748 at SUSECVE-2021-3748 at NVDcpe:/o:suse:suse-microos:5.1Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libvirt fixes the following issues:
- lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)
- supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active.
- qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917)
- spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)
- spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695)
- libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)
- libxl: Fix driver reload. (bsc#1190420)
- qemu: Set label on virtual host network device when hotplugging. (bsc#1186398)
- supportconfig: When checking for installed hypervisor drivers,
use the libvirtr-daemon-driver-<hypervisor> package instead of
libvirt-daemon-<hypervisor>. The latter are not required packages
for a functioning hypervisor driver.
ModerateSUSE bug 1177902SUSE bug 1183247SUSE bug 1186398SUSE bug 1190420SUSE bug 1190493SUSE bug 1190693SUSE bug 1190695SUSE bug 1190917cpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 Real Time kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
The following non-security bugs were fixed:
- ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes).
- ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
- ASoC: dapm: use component prefix when checking widget names (git-fixes).
- ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes).
- drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini()
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes).
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472)
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- gpio: pca953x: Improve bias setting (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172).
- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774).
- net: batman-adv: fix error handling (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes).
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757).
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120).
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120).
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: fix I_DONTCACHE (bsc#1192074).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085030SUSE bug 1152472SUSE bug 1152489SUSE bug 1156395SUSE bug 1172073SUSE bug 1173604SUSE bug 1176447SUSE bug 1176774SUSE bug 1176914SUSE bug 1178134SUSE bug 1180100SUSE bug 1181147SUSE bug 1184673SUSE bug 1185762SUSE bug 1186063SUSE bug 1186109SUSE bug 1187167SUSE bug 1188563SUSE bug 1189841SUSE bug 1190006SUSE bug 1190067SUSE bug 1190349SUSE bug 1190351SUSE bug 1190479SUSE bug 1190620SUSE bug 1190642SUSE bug 1190795SUSE bug 1190801SUSE bug 1190941SUSE bug 1191229SUSE bug 1191240SUSE bug 1191241SUSE bug 1191315SUSE bug 1191317SUSE bug 1191349SUSE bug 1191384SUSE bug 1191449SUSE bug 1191450SUSE bug 1191451SUSE bug 1191452SUSE bug 1191455SUSE bug 1191456SUSE bug 1191628SUSE bug 1191645SUSE bug 1191663SUSE bug 1191731SUSE bug 1191800SUSE bug 1191867SUSE bug 1191934SUSE bug 1191958SUSE bug 1192040SUSE bug 1192041SUSE bug 1192074SUSE bug 1192107SUSE bug 1192145CVE-2021-33033 at SUSECVE-2021-33033 at NVDCVE-2021-34866 at SUSECVE-2021-34866 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDcpe:/o:suse:suse-microos:5.1Security update for samba and ldb (Important)SUSE Linux Enterprise Micro 5.1
This update for samba and ldb fixes the following issues:
- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246).
- CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
- CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247).
- CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).
- CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505).
Samba was updated to 4.13.13
* rodc_rwdc test flaps;(bso#14868).
* Backport bronze bit fixes, tests, and selftest improvements;
(bso#14881).
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY]
'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba
with embedded Heimdal;(bso#14642).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* 'in' operator on ldb.Message is case sensitive;(bso#14845).
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
* Allow special chars like '@' in samAccountName when generating
the salt;(bso#14874).
* Fix transit path validation;(bso#12998).
* Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
* rpcclient NetFileEnum and net rpc file both cause lock order
violation: brlock.tdb, share_entries.tdb;(bso#14645).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).
Samba was updated to 4.13.12:
* Address a signifcant performance regression in database access
in the AD DC since Samba 4.12;(bso#14806).
* Fix performance regression in lsa_LookupSids3/LookupNames4
since Samba 4.9 by using an explicit database handle cache;
(bso#14807).
* An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ;(bso#14817).
* Address flapping samba_tool_drs_showrepl test;(bso#14818).
* Address flapping dsdb_schema_attributes test;(bso#14819).
* An unuthenticated user can crash the AD DC KDC by omitting the
server name in a TGS-REQ;(bso#14817).
* Fix CTDB flag/status update race conditions(bso#14784).
Samba was updated to 4.13.11:
* smbd: panic on force-close share during offload write; (bso#14769).
* Fix returned attributes on fake quota file handle and avoid
hitting the VFS;(bso#14731).
* smbd: 'deadtime' parameter doesn't work anymore;(bso#14783).
* net conf list crashes when run as normal user;(bso#14787).
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7;(bso#14607).
* Start the SMB encryption as soon as possible;(bso#14793).
* Winbind should not start if the socket path for the privileged
pipe is too long;(bso#14792).
ldb was updated to 2.2.2:
+ CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558)
+ CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)
Release ldb 2.2.2
+ Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845).
+ Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836)
+ Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
ImportantSUSE bug 1014440SUSE bug 1192214SUSE bug 1192215SUSE bug 1192246SUSE bug 1192247SUSE bug 1192283SUSE bug 1192284SUSE bug 1192505CVE-2016-2124 at SUSECVE-2016-2124 at NVDCVE-2020-25717 at SUSECVE-2020-25717 at NVDCVE-2020-25718 at SUSECVE-2020-25718 at NVDCVE-2020-25719 at SUSECVE-2020-25719 at NVDCVE-2020-25721 at SUSECVE-2020-25721 at NVDCVE-2020-25722 at SUSECVE-2020-25722 at NVDCVE-2021-23192 at SUSECVE-2021-23192 at NVDCVE-2021-3738 at SUSECVE-2021-3738 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The following security bugs were fixed:
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109).
- CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645).
- CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
- CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
The following non-security bugs were fixed:
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes).
- ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes).
- ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
- ALSA: hda: Use position buffer for SKL+ again (git-fixes).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: dapm: use component prefix when checking widget names (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
- ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes).
- ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes).
- ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath6kl: fix division by zero in send path (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of 'meta' errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes).
- driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- drm/amdgpu/display: add quirk handling for stutter mode (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes).
- drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini()
- drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm/msm: potential error pointer dereference in init() (git-fixes).
- drm/msm: uninitialized variable in msm_gem_import() (git-fixes).
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472)
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- drm/ttm: stop calling tt_swapin in vm_access (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
- iwlwifi: mvm: fix some kerneldoc issues (git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
- libertas: Fix possible memory leak in probe and disconnect (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
- media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
- mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes).
- mt76: mt7915: fix possible infinite loop release semaphore (git-fixes).
- mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).
- mwifiex: fix division by zero in fw download path (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
- nvme: add command id quirk for apple controllers (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme-pci: set min_align_mask (bsc#1191851).
- ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- rsi: fix control-message timeout (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757).
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
- scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120).
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120).
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
- scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
- Update patch reference for AMDGPU fix (bsc#1180749)
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- x86/msi: Force affinity setup before startup (bsc#1152489).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
- x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: do not allow log writes if the data device is readonly (bsc#1192229).
- xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
- xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
- xfs: fix I_DONTCACHE (bsc#1192074).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1085030SUSE bug 1089118SUSE bug 1094840SUSE bug 1133021SUSE bug 1152472SUSE bug 1152489SUSE bug 1154353SUSE bug 1156395SUSE bug 1157177SUSE bug 1167773SUSE bug 1172073SUSE bug 1173604SUSE bug 1176447SUSE bug 1176774SUSE bug 1176914SUSE bug 1176940SUSE bug 1178134SUSE bug 1180100SUSE bug 1180749SUSE bug 1181147SUSE bug 1184673SUSE bug 1185762SUSE bug 1186063SUSE bug 1186109SUSE bug 1187167SUSE bug 1188563SUSE bug 1188601SUSE bug 1189841SUSE bug 1190006SUSE bug 1190067SUSE bug 1190349SUSE bug 1190351SUSE bug 1190479SUSE bug 1190620SUSE bug 1190642SUSE bug 1190795SUSE bug 1190801SUSE bug 1190941SUSE bug 1191229SUSE bug 1191240SUSE bug 1191241SUSE bug 1191315SUSE bug 1191317SUSE bug 1191349SUSE bug 1191384SUSE bug 1191449SUSE bug 1191450SUSE bug 1191451SUSE bug 1191452SUSE bug 1191455SUSE bug 1191456SUSE bug 1191628SUSE bug 1191645SUSE bug 1191663SUSE bug 1191731SUSE bug 1191800SUSE bug 1191851SUSE bug 1191867SUSE bug 1191934SUSE bug 1191958SUSE bug 1191980SUSE bug 1192040SUSE bug 1192041SUSE bug 1192074SUSE bug 1192107SUSE bug 1192145SUSE bug 1192229SUSE bug 1192267SUSE bug 1192288SUSE bug 1192549CVE-2021-33033 at SUSECVE-2021-33033 at NVDCVE-2021-34866 at SUSECVE-2021-34866 at NVDCVE-2021-3542 at SUSECVE-2021-3542 at NVDCVE-2021-3655 at SUSECVE-2021-3655 at NVDCVE-2021-3715 at SUSECVE-2021-3715 at NVDCVE-2021-37159 at SUSECVE-2021-37159 at NVDCVE-2021-3760 at SUSECVE-2021-3760 at NVDCVE-2021-3772 at SUSECVE-2021-3772 at NVDCVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-41864 at SUSECVE-2021-41864 at NVDCVE-2021-42008 at SUSECVE-2021-42008 at NVDCVE-2021-42252 at SUSECVE-2021-42252 at NVDCVE-2021-42739 at SUSECVE-2021-42739 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDcpe:/o:suse:suse-microos:5.1Security update for aaa_base (Moderate)SUSE Linux Enterprise Micro 5.1
This update for aaa_base fixes the following issues:
- Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
- Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
- Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
- Support xz compressed kernel (bsc#1162581)
ModerateSUSE bug 1162581SUSE bug 1174504SUSE bug 1191563SUSE bug 1192248cpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:
- CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).
ImportantSUSE bug 1193170CVE-2021-43527 at SUSECVE-2021-43527 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961).
The following non-security bugs were fixed:
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes).
- ALSA: hda: Free card instance properly at probe errors (git-fixes).
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375).
- ALSA: usb-audio: Use int for dB map values (bsc#1192375).
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22574).
- bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574).
- bpf: Fix potential race in tail call compatibility check (git-fixes).
- bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574).
- btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default.
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758).
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
- Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then.
- exfat: fix erroneous discard when clear cluster bit (git-fixes).
- exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
- exfat: properly set s_time_gran (bsc#1192328).
- exfat: truncate atimes to 2s granularity (bsc#1192328).
- Fix problem with missing installkernel on Tumbleweed.
- fuse: fix page stealing (bsc#1192718).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
- gpio/rockchip: add driver for rockchip gpio (bsc#1192217).
- gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217).
- gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217).
- gpio/rockchip: fetch deferred output settings on probe (bsc#1192217).
- gpio/rockchip: fix get_direction value handling (bsc#1192217).
- gpio/rockchip: support next version gpio controller (bsc#1192217).
- gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217).
- HID: u2fzero: clarify error check and length calculations (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- Move upstreamed sound fix into sorted section
- net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
- net/smc: Correct smc link connection counter in case of smc client (git-fixes).
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes).
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- ocfs2: fix data corruption on truncate (bsc#1190795).
- PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
- PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217).
- pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217).
- pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217).
- pinctrl: rockchip: add rk3308 SoC support (bsc#1192217).
- pinctrl: rockchip: add support for rk3568 (bsc#1192217).
- pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217).
- pinctrl: rockchip: clear int status when driver probed (bsc#1192217).
- pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217).
- pinctrl: rockchip: do coding style for mux route struct (bsc#1192217).
- pinctrl/rockchip: drop the gpio related codes (bsc#1192217).
- pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217).
- pinctrl: rockchip: make driver be tristate module (bsc#1192217).
- pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217).
- pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217).
- pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217).
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
- power: supply: rt5033-battery: Change voltage values to 5V (git-fixes).
- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
- printk: handle blank console arguments passed in (bsc#1192753).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- r8152: add a helper function about setting EEE (git-fixes).
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
- r8152: Disable PLA MCU clock speed down (git-fixes).
- r8152: disable U2P3 for RTL8153B (git-fixes).
- r8152: divide the tx and rx bottom functions (git-fixes).
- r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
- r8152: fix runtime resume for linking change (git-fixes).
- r8152: replace array with linking list for rx information (git-fixes).
- r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
- r8152: saving the settings of EEE (git-fixes).
- r8152: separate the rx buffer size (git-fixes).
- r8152: use alloc_pages for rx buffer (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924)
- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
- Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).
- Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
- Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).
- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
- s390/dasd: fix use after free in dasd path handling (git-fixes).
- s390/pci: fix use after free of zpci_dev (git-fixes).
- s390/pci: fix zpci_zdev_put() on reserve (git-fixes).
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
- s390/topology: clear thread/group maps for offline cpus (git-fixes).
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- Update config files: pull BPF configs together
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- USB: iowarrior: fix control-message timeouts (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- xen: Fix implicit type conversion (git-fixes).
ImportantSUSE bug 1152489SUSE bug 1169263SUSE bug 1170269SUSE bug 1184924SUSE bug 1190523SUSE bug 1190795SUSE bug 1191790SUSE bug 1191961SUSE bug 1192045SUSE bug 1192217SUSE bug 1192273SUSE bug 1192328SUSE bug 1192375SUSE bug 1192473SUSE bug 1192718SUSE bug 1192740SUSE bug 1192745SUSE bug 1192750SUSE bug 1192753SUSE bug 1192758SUSE bug 1192781SUSE bug 1192802SUSE bug 1192896SUSE bug 1192906SUSE bug 1192918CVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib-networking (Important)SUSE Linux Enterprise Micro 5.1
This update for glib-networking fixes the following issues:
Update to version 2.62.4:
- CVE-2020-13645: Fixed a connection failure when the server identity is unset (bsc#1172460).
ImportantSUSE bug 1172460CVE-2020-13645 at SUSECVE-2020-13645 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-Babel (Important)SUSE Linux Enterprise Micro 5.1
This update for python-Babel fixes the following issues:
- CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768).
ImportantSUSE bug 1185768CVE-2021-42771 at SUSECVE-2021-42771 at NVDcpe:/o:suse:suse-microos:5.1Security update for gmp (Moderate)SUSE Linux Enterprise Micro 5.1
This update for gmp fixes the following issues:
- CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).
ModerateSUSE bug 1192717CVE-2021-43618 at SUSECVE-2021-43618 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Important)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).
ImportantSUSE bug 1190975CVE-2021-41617 at SUSECVE-2021-41617 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363).
- CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
- CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
- CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).
- Update to Xen 4.14.3 bug fix release (bsc#1027519).
ModerateSUSE bug 1027519SUSE bug 1191363SUSE bug 1192554SUSE bug 1192557SUSE bug 1192559CVE-2021-28702 at SUSECVE-2021-28702 at NVDCVE-2021-28704 at SUSECVE-2021-28704 at NVDCVE-2021-28705 at SUSECVE-2021-28705 at NVDCVE-2021-28706 at SUSECVE-2021-28706 at NVDCVE-2021-28707 at SUSECVE-2021-28707 at NVDCVE-2021-28708 at SUSECVE-2021-28708 at NVDCVE-2021-28709 at SUSECVE-2021-28709 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux RT Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
- CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ).
- CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
- CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
- CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961).
The following non-security bugs were fixed:
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes).
- ALSA: hda: Free card instance properly at probe errors (git-fixes).
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375).
- ALSA: usb-audio: Use int for dB map values (bsc#1192375).
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
- bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574).
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
- bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574)
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22574).
- bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574).
- bpf: Fix potential race in tail call compatibility check (git-fixes).
- btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default.
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758).
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- e1000e: Separate TGP board type from SPT (bsc#1192874).
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
- Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then.
- exfat: fix erroneous discard when clear cluster bit (git-fixes).
- exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
- exfat: properly set s_time_gran (bsc#1192328).
- exfat: truncate atimes to 2s granularity (bsc#1192328).
- Fix problem with missing installkernel on Tumbleweed.
- fuse: fix page stealing (bsc#1192718).
- gpio/rockchip: add driver for rockchip gpio (bsc#1192217).
- gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217).
- gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217).
- gpio/rockchip: fetch deferred output settings on probe (bsc#1192217).
- gpio/rockchip: fix get_direction value handling (bsc#1192217).
- gpio/rockchip: support next version gpio controller (bsc#1192217).
- gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
- HID: u2fzero: clarify error check and length calculations (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- Move upstreamed sound fix into sorted section
- net/smc: Correct smc link connection counter in case of smc client (git-fixes).
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes).
- net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
- net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add EHL PSE0 and PSE1 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691).
- net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691).
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- ocfs2: fix data corruption on truncate (bsc#1190795).
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
- PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
- pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217).
- pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217).
- pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217).
- pinctrl/rockchip: drop the gpio related codes (bsc#1192217).
- pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217).
- pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217).
- pinctrl: rockchip: add rk3308 SoC support (bsc#1192217).
- pinctrl: rockchip: add support for rk3568 (bsc#1192217).
- pinctrl: rockchip: clear int status when driver probed (bsc#1192217).
- pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217).
- pinctrl: rockchip: do coding style for mux route struct (bsc#1192217).
- pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217).
- pinctrl: rockchip: make driver be tristate module (bsc#1192217).
- pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217).
- pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217).
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
- power: supply: rt5033-battery: Change voltage values to 5V (git-fixes).
- printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
- printk: handle blank console arguments passed in (bsc#1192753).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- r8152: add a helper function about setting EEE (git-fixes).
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
- r8152: Disable PLA MCU clock speed down (git-fixes).
- r8152: disable U2P3 for RTL8153B (git-fixes).
- r8152: divide the tx and rx bottom functions (git-fixes).
- r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
- r8152: fix runtime resume for linking change (git-fixes).
- r8152: replace array with linking list for rx information (git-fixes).
- r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
- r8152: saving the settings of EEE (git-fixes).
- r8152: separate the rx buffer size (git-fixes).
- r8152: use alloc_pages for rx buffer (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924)
- Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
- Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).
- Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
- Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).
- Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
- s390/dasd: fix use after free in dasd path handling (git-fixes).
- s390/pci: fix use after free of zpci_dev (git-fixes).
- s390/pci: fix zpci_zdev_put() on reserve (git-fixes).
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
- s390/topology: clear thread/group maps for offline cpus (git-fixes).
- scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
- Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- Update config files: pull BPF configs together
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- USB: iowarrior: fix control-message timeouts (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- xen: Fix implicit type conversion (git-fixes).
ImportantSUSE bug 1152489SUSE bug 1169263SUSE bug 1170269SUSE bug 1184924SUSE bug 1190523SUSE bug 1190795SUSE bug 1191790SUSE bug 1191961SUSE bug 1192045SUSE bug 1192217SUSE bug 1192273SUSE bug 1192328SUSE bug 1192375SUSE bug 1192473SUSE bug 1192691SUSE bug 1192718SUSE bug 1192740SUSE bug 1192745SUSE bug 1192750SUSE bug 1192753SUSE bug 1192758SUSE bug 1192781SUSE bug 1192802SUSE bug 1192874SUSE bug 1192896SUSE bug 1192906SUSE bug 1192918CVE-2021-0941 at SUSECVE-2021-0941 at NVDCVE-2021-20322 at SUSECVE-2021-20322 at NVDCVE-2021-31916 at SUSECVE-2021-31916 at NVDCVE-2021-34981 at SUSECVE-2021-34981 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241)
- CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287)
- CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374)
- Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338).
ModerateSUSE bug 1180125SUSE bug 1183374SUSE bug 1183858SUSE bug 1185588SUSE bug 1187338SUSE bug 1187668SUSE bug 1189241SUSE bug 1189287CVE-2021-3426 at SUSECVE-2021-3426 at NVDCVE-2021-3733 at SUSECVE-2021-3733 at NVDCVE-2021-3737 at SUSECVE-2021-3737 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Important)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137).
ImportantSUSE bug 1183137CVE-2021-28041 at SUSECVE-2021-28041 at NVDcpe:/o:suse:suse-microos:5.1Security update for p11-kit (Important)SUSE Linux Enterprise Micro 5.1
This update for p11-kit fixes the following issues:
- CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)
- Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).
ImportantSUSE bug 1180064SUSE bug 1187993CVE-2020-29361 at SUSECVE-2020-29361 at NVDcpe:/o:suse:suse-microos:5.1Security update for runc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for runc fixes the following issues:
Update to runc v1.0.3.
* CVE-2021-43784: Fixed a potential vulnerability related to the internal usage
of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
* Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
* Fixed inability to start when read-only /dev in set in spec.
* Fixed not removing sub-cgroups upon container delete, when rootless cgroup
v2 is used with older systemd.
* Fixed returning error from GetStats when hugetlb is unsupported (which
causes excessive logging for kubernetes).
ModerateSUSE bug 1193436CVE-2021-43784 at SUSECVE-2021-43784 at NVDcpe:/o:suse:suse-microos:5.1Security update for permissions (Moderate)SUSE Linux Enterprise Micro 5.1
This update for permissions fixes the following issues:
- Update to version 20181225:
* drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)
ModerateSUSE bug 1174504cpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2022-27223: In drivers/usb/gadget/udc/udc-xilinx.c the endpoint index was not validated and could have been manipulated by the host for out-of-array access (bsc#1197245).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836).
- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
- CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
The following non-security bugs were fixed:
- ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
- batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
- blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787).
- Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
- bonding: force carrier update when releasing slave (git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
- cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
- cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- constraints: Also adjust disk requirement for x86 and s390.
- constraints: Increase disk space for aarch64
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- EDAC/altera: Fix deferred probing (bsc#1178134).
- EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134).
- efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files (git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gtp: remove useless rcu_read_lock() (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- Hand over the maintainership to SLE15-SP3 maintainers
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection (git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- mask out added spinlock in rndis_params (git-fixes).
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes).
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447).
- net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).
- net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172).
- net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
- net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes).
- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172).
- netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
- net: sfc: Replace in_interrupt() usage (git-fixes).
- net: tipc: validate domain record count on input (bsc#1195254).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete (git-fixes).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- nvme: fix a possible use-after-free in controller reset during load (git-fixes).
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes).
- nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes).
- powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278).
- powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449).
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
- powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).
- RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes).
- RDMA/core: Do not infoleak GRH fields (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- README.BRANCH: Add Frederic Weisbecker as branch maintainer
- README.BRANCH: Remove Davidlohr Bueso as a branch maintainer
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- sched/core: Mitigate race (git-fixes)
- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- scsi: ufs: Fix race conditions related to driver data (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
- sr9700: sanity check for packet length (bsc#1196836).
- staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes).
- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
- tracing: Fix return value of __setup handlers (git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
- tty: n_gsm: fix proper link termination after failed open (git-fixes).
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- usb: dwc2: use well defined macros for power_down (git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
- usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- USB: gadget: validate interface OS descriptor requests (git-fixes).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- USB: hub: Clean up use of port initialization schemes and retries (git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set (git-fixes).
ImportantSUSE bug 1176447SUSE bug 1176774SUSE bug 1178134SUSE bug 1179439SUSE bug 1181147SUSE bug 1191428SUSE bug 1192273SUSE bug 1193787SUSE bug 1194516SUSE bug 1194943SUSE bug 1195051SUSE bug 1195211SUSE bug 1195353SUSE bug 1195403SUSE bug 1195516SUSE bug 1195612SUSE bug 1195897SUSE bug 1195908SUSE bug 1195947SUSE bug 1195949SUSE bug 1195987SUSE bug 1196079SUSE bug 1196095SUSE bug 1196130SUSE bug 1196155SUSE bug 1196299SUSE bug 1196301SUSE bug 1196403SUSE bug 1196468SUSE bug 1196472SUSE bug 1196488SUSE bug 1196627SUSE bug 1196723SUSE bug 1196776SUSE bug 1196779SUSE bug 1196830SUSE bug 1196866SUSE bug 1196868SUSE bug 1197300SUSE bug 922815SUSE bug 998635CVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDCVE-2022-27223 at SUSECVE-2022-27223 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299).
- CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830).
- CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516).
- CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612).
- CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079)
- CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155)
- CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096).
- CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905).
- CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897).
- CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987).
- CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731).
- CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864).
- CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836).
- CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956)
- CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130).
- CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488)
The following non-security bugs were fixed:
- ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes).
- ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound (git-fixes).
- Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779).
- EDAC/altera: Fix deferred probing (bsc#1178134).
- EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134).
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Hand over the maintainership to SLE15-SP3 maintainers
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes).
- RDMA/core: Do not infoleak GRH fields (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes).
- SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- USB: gadget: validate interface OS descriptor requests (git-fixes).
- USB: hub: Clean up use of port initialization schemes and retries (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes).
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes).
- batman-adv: Do not expect inter-netns unique iflink indices (git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check (git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes).
- blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes).
- bonding: force carrier update when releasing slave (git-fixes).
- build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones.
- can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes).
- cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723).
- cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- constraints: Also adjust disk requirement for x86 and s390.
- constraints: Increase disk space for aarch64
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866).
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278).
- dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files (git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes).
- fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes).
- gtp: remove useless rcu_read_lock() (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes).
- ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes).
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051).
- kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.')
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17
- kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided.
- kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build.
- mac80211: fix forwarded mesh frames AC & queue selection (git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- mask out added spinlock in rndis_params (git-fixes).
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes).
- net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172).
- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172).
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes).
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes).
- net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447).
- net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
- net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes).
- net: sfc: Replace in_interrupt() usage (git-fixes).
- net: tipc: validate domain record count on input (bsc#1195254).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447).
- netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes).
- nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during load (git-fixes).
- powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files.
- powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038).
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449).
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449).
- powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278).
- rpm/*.spec.in: Use https:// urls
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares.
- rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages.
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- sched/core: Mitigate race (git-fixes)
- scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer (git-fixes).
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- scsi: ufs: Fix race conditions related to driver data (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes).
- sr9700: sanity check for packet length (bsc#1196836).
- staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes).
- tracing: Fix return value of __setup handlers (git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes).
- tty: n_gsm: fix proper link termination after failed open (git-fixes).
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- usb: dwc2: use well defined macros for power_down (git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes).
- usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- usb: gadget: rndis: add spinlock for rndis response list (git-fixes).
- usb: host: xen-hcd: add missing unlock in error path (git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race (git-fixes).
- vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes).
- xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set (git-fixes).
ImportantSUSE bug 1176447SUSE bug 1176774SUSE bug 1178134SUSE bug 1179439SUSE bug 1181147SUSE bug 1191428SUSE bug 1192273SUSE bug 1193731SUSE bug 1193787SUSE bug 1193864SUSE bug 1194463SUSE bug 1194516SUSE bug 1194943SUSE bug 1195051SUSE bug 1195211SUSE bug 1195254SUSE bug 1195353SUSE bug 1195403SUSE bug 1195612SUSE bug 1195897SUSE bug 1195905SUSE bug 1195939SUSE bug 1195949SUSE bug 1195987SUSE bug 1196079SUSE bug 1196095SUSE bug 1196130SUSE bug 1196132SUSE bug 1196155SUSE bug 1196299SUSE bug 1196301SUSE bug 1196433SUSE bug 1196468SUSE bug 1196472SUSE bug 1196488SUSE bug 1196627SUSE bug 1196723SUSE bug 1196779SUSE bug 1196830SUSE bug 1196836SUSE bug 1196866SUSE bug 1196868SUSE bug 1196956SUSE bug 1196959CVE-2021-0920 at SUSECVE-2021-0920 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-44879 at SUSECVE-2021-44879 at NVDCVE-2021-45402 at SUSECVE-2021-45402 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-0617 at SUSECVE-2022-0617 at NVDCVE-2022-0644 at SUSECVE-2022-0644 at NVDCVE-2022-23036 at SUSECVE-2022-23036 at NVDCVE-2022-23037 at SUSECVE-2022-23037 at NVDCVE-2022-23038 at SUSECVE-2022-23038 at NVDCVE-2022-23039 at SUSECVE-2022-23039 at NVDCVE-2022-23040 at SUSECVE-2022-23040 at NVDCVE-2022-23041 at SUSECVE-2022-23041 at NVDCVE-2022-23042 at SUSECVE-2022-23042 at NVDCVE-2022-24448 at SUSECVE-2022-24448 at NVDCVE-2022-24958 at SUSECVE-2022-24958 at NVDCVE-2022-24959 at SUSECVE-2022-24959 at NVDCVE-2022-25258 at SUSECVE-2022-25258 at NVDCVE-2022-25636 at SUSECVE-2022-25636 at NVDCVE-2022-26490 at SUSECVE-2022-26490 at NVDCVE-2022-26966 at SUSECVE-2022-26966 at NVDcpe:/o:suse:suse-microos:5.1Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.1
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
ModerateSUSE bug 1195258CVE-2021-22570 at SUSECVE-2021-22570 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Important)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
- CVE-2022-22935: Sign authentication replies to prevent MiTM (bsc#1197417)
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks. (bsc#1197417)
- CVE-2022-22936: Prevent job and fileserver replays (bsc#1197417)
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth. (bsc#1197417)
ImportantSUSE bug 1197417CVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDcpe:/o:suse:suse-microos:5.1Security update for zlib (Important)SUSE Linux Enterprise Micro 5.1
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:suse-microos:5.1Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.1
This update for kernel-firmware fixes the following issues:
Update Intel Wireless firmware for 9xxx (INTEL-SA-00539, bsc#1196333):
CVE-2021-0161: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0164: Improper access control in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVE-2021-0165: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-0066: Improper input validation in firmware for Intel PROSet/Wireless Wi-Fi and Killer Wi-Fi may allow an unauthenticated user to potentially enable escalation of privilege via local access.
CVE-2021-0166: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0168: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-0170: Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-0172: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-0173: Improper Validation of Consistency within input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-0174: Improper Use of Validation Framework in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-0175: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-0076: Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-0176: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable denial of service via local access.
CVE-2021-0183: Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-0072: Improper input validation in firmware for some Intel PROSet/Wireless Wi-Fi and some Killer Wi-Fi may allow a privileged user to potentially enable information disclosure via local access.
CVE-2021-0071: Improper input validation in firmware for some Intel PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Update Intel Bluetooth firmware (INTEL-SA-00604,bsc#1195786):
- CVE-2021-33139: Improper conditions check in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access.
- CVE-2021-33155: Improper input validation in firmware for some Intel Wireless Bluetooth and Killer Bluetooth products before may allow an authenticated user to potentially enable denial of service via adjacent access.
Bug fixes:
- Updated the AMD SEV firmware (bsc#1186938)
- Reduced the LZMA2 dictionary size (bsc#1188662)
ImportantSUSE bug 1186938SUSE bug 1188662SUSE bug 1192953SUSE bug 1195786SUSE bug 1196333CVE-2021-0066 at SUSECVE-2021-0066 at NVDCVE-2021-0071 at SUSECVE-2021-0071 at NVDCVE-2021-0072 at SUSECVE-2021-0072 at NVDCVE-2021-0076 at SUSECVE-2021-0076 at NVDCVE-2021-0161 at SUSECVE-2021-0161 at NVDCVE-2021-0164 at SUSECVE-2021-0164 at NVDCVE-2021-0165 at SUSECVE-2021-0165 at NVDCVE-2021-0166 at SUSECVE-2021-0166 at NVDCVE-2021-0168 at SUSECVE-2021-0168 at NVDCVE-2021-0170 at SUSECVE-2021-0170 at NVDCVE-2021-0172 at SUSECVE-2021-0172 at NVDCVE-2021-0173 at SUSECVE-2021-0173 at NVDCVE-2021-0174 at SUSECVE-2021-0174 at NVDCVE-2021-0175 at SUSECVE-2021-0175 at NVDCVE-2021-0176 at SUSECVE-2021-0176 at NVDCVE-2021-0183 at SUSECVE-2021-0183 at NVDCVE-2021-33139 at SUSECVE-2021-33139 at NVDCVE-2021-33155 at SUSECVE-2021-33155 at NVDcpe:/o:suse:suse-microos:5.1Security update for yaml-cpp (Moderate)SUSE Linux Enterprise Micro 5.1
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
ModerateSUSE bug 1121227SUSE bug 1121230SUSE bug 1122004SUSE bug 1122021CVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:suse-microos:5.1Security update for opensc (Important)SUSE Linux Enterprise Micro 5.1
This update for opensc fixes the following issues:
Security issues fixed:
- CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957).
- CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000).
- CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005).
- CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992).
Non-security issues fixed:
- Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649)
ImportantSUSE bug 1114649SUSE bug 1191957SUSE bug 1191992SUSE bug 1192000SUSE bug 1192005CVE-2021-42779 at SUSECVE-2021-42779 at NVDCVE-2021-42780 at SUSECVE-2021-42780 at NVDCVE-2021-42781 at SUSECVE-2021-42781 at NVDCVE-2021-42782 at SUSECVE-2021-42782 at NVDcpe:/o:suse:suse-microos:5.1Security update for libsolv, libzypp, zypper (Important)SUSE Linux Enterprise Micro 5.1
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
ImportantSUSE bug 1184501SUSE bug 1194848SUSE bug 1195999SUSE bug 1196061SUSE bug 1196317SUSE bug 1196368SUSE bug 1196514SUSE bug 1196925SUSE bug 1197134cpe:/o:suse:suse-microos:5.1Security update for xz (Important)SUSE Linux Enterprise Micro 5.1
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
- CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
- CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
- CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
- ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- block: update io_ticks when io hang (bsc#1197817).
- block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
- bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
- btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
- btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
- btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
- btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
- btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
- btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
- btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
- btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
- btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
- btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
- btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
- crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
- crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
- driver core: dd: fix return value of __setup handler (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
- drm/doc: overview before functions for drm_writeback.c (git-fixes).
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- drm/i915/gem: add missing boundary check in vm_access (git-fixes).
- drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
- drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
- drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- ecryptfs: Fix typo in message (bsc#1197811).
- ext2: correct max file size computing (bsc#1197820).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
- fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
- HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
- iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
- iio: inkern: make a best effort on offset calculation (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- iwlwifi: do not advertise TWT support (git-fixes).
- KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- mac80211: refuse aggregations sessions before authorized (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: hantro: Fix overfill bottom register field name (git-fixes).
- media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
- media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- memory: emif: Add check for setup_interrupts (git-fixes).
- memory: emif: check the pointer temp in get_device_details() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
- mm_zone: add function to check if managed dma zone exists (bsc#1197501).
- mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes).
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes).
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes).
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
- net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: watchdog: hold device global xmit lock during tx disable (git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- net/smc: Reset conn->lgr when link group registration fails (git-fixes).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
- NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
- pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
- pinctrl: samsung: drop pin banks references on error paths (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).
- s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352).
- s390/kexec_file: fix error handling when applying relocations (git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
- s390/module: fix loading modules with a lot of relocations (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
- Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes).
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- usb: bdc: remove duplicated error message (git-fixes).
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes).
- usb: dwc3: qcom: add IRQ check (git-fixes).
- usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
- x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134).
- x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1175667SUSE bug 1177028SUSE bug 1178134SUSE bug 1179639SUSE bug 1180153SUSE bug 1189562SUSE bug 1194649SUSE bug 1195640SUSE bug 1195926SUSE bug 1196018SUSE bug 1196196SUSE bug 1196478SUSE bug 1196761SUSE bug 1196823SUSE bug 1197227SUSE bug 1197243SUSE bug 1197300SUSE bug 1197302SUSE bug 1197331SUSE bug 1197343SUSE bug 1197366SUSE bug 1197389SUSE bug 1197462SUSE bug 1197501SUSE bug 1197534SUSE bug 1197661SUSE bug 1197675SUSE bug 1197702SUSE bug 1197811SUSE bug 1197812SUSE bug 1197815SUSE bug 1197817SUSE bug 1197819SUSE bug 1197820SUSE bug 1197888SUSE bug 1197889SUSE bug 1197894SUSE bug 1197914SUSE bug 1198027SUSE bug 1198028SUSE bug 1198029SUSE bug 1198030SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-microos:5.1Security update for swtpm (Low)SUSE Linux Enterprise Micro 5.1
This update for swtpm fixes the following issues:
- Update to version 0.5.3
- CVE-2022-23645: Check header size indicator against expected size (bsc#1196240).
LowSUSE bug 1196240CVE-2022-23645 at SUSECVE-2022-23645 at NVDcpe:/o:suse:suse-microos:5.1Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.1
This update for dnsmasq fixes the following issues:
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1197872CVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated
- Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)
You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0)
The following security bugs were fixed:
- CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
- CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087).
- CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990)
- CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
- CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
- CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
- CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
- CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
- CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404)
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845)
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599)
The following non-security bugs were fixed:
- ACPI: battery: Accept charges over the design capacity as full (git-fixes).
- ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes).
- ACPICA: Avoid evaluating methods too early during system resume (git-fixes).
- Add SMB 2 support for getting and setting SACLs (bsc#1192606).
- Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4
- ALSA: ctxfi: Fix out-of-range access (git-fixes).
- ALSA: gus: fix null pointer dereference on pointer block (git-fixes).
- ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
- ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
- ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
- ALSA: ISA: not for M68K (git-fixes).
- ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
- ALSA: timer: Fix use-after-free problem (git-fixes).
- ALSA: timer: Unconditionally unlink slave instances, too (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
- ARM: 8970/1: decompressor: increase tag size (git-fixes).
- ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
- ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
- ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
- ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
- ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
- ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
- ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
- ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
- ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
- ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
- ARM: 9134/1: remove duplicate memcpy() definition (git-fixes)
- ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
- ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes)
- ARM: 9155/1: fix early early_iounmap() (git-fixes)
- ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
- ARM: at91: pm: of_node_put() after its usage (git-fixes)
- ARM: at91: pm: use proper master clock register offset (git-fixes)
- ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
- ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
- ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
- ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
- ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
- ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes)
- ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
- ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
- ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
- ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
- ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes)
- ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
- ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
- ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
- ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
- ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
- ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
- ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
- ARM: dts: at91: sama5d2: map securam as device (git-fixes)
- ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
- ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
- ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
- ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes)
- ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
- ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
- ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
- ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
- ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
- ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
- ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes)
- ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
- ARM: dts: dra76x: m_can: fix order of clocks (git-fixes)
- ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
- ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
- ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
- ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
- ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
- ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
- ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
- ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
- ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
- ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes)
- ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
- ARM: dts: gose: Fix ports node name for adv7180 (git-fixes)
- ARM: dts: gose: Fix ports node name for adv7612 (git-fixes)
- ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
- ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
- ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
- ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
- ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
- ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
- ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
- ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes)
- ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
- ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
- ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
- ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
- ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
- ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
- ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
- ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
- ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
- ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
- ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
- ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
- ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
- ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
- ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
- ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
- ARM: dts: imx6sl: fix rng node (git-fixes)
- ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
- ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
- ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
- ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
- ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes)
- ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
- ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
- ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
- ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
- ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
- ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes)
- ARM: dts: imx7d: fix opp-supported-hw (git-fixes)
- ARM: dts: imx7ulp: Correct gpio ranges (git-fixes)
- ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
- ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
- ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
- ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
- ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
- ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
- ARM: dts: meson: fix PHY deassert timing requirements (git-fixes)
- ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
- ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
- ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
- ARM: dts: mt7623: add missing pause for switchport (git-fixes)
- ARM: dts: N900: fix onenand timings (git-fixes).
- ARM: dts: NSP: Correct FA2 mailbox node (git-fixes)
- ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
- ARM: dts: NSP: Fixed QSPI compatible string (git-fixes)
- ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
- ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes)
- ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
- ARM: dts: oxnas: Fix clear-mask property (git-fixes)
- ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
- ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
- ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
- ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
- ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
- ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
- ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
- ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
- ARM: dts: renesas: Fix IOMMU device node names (git-fixes)
- ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
- ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
- ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
- ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
- ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
- ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
- ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
- ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
- ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
- ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
- ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
- ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
- ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
- ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
- ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
- ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes)
- ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
- ARM: dts: turris-omnia: add SFP node (git-fixes)
- ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
- ARM: dts: turris-omnia: describe switch interrupt (git-fixes)
- ARM: dts: turris-omnia: enable HW buffer management (git-fixes)
- ARM: dts: turris-omnia: fix hardware buffer management (git-fixes)
- ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
- ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
- ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
- ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
- ARM: exynos: add missing of_node_put for loop iteration (git-fixes)
- ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
- ARM: footbridge: fix PCI interrupt mapping (git-fixes)
- ARM: imx: add missing clk_disable_unprepare() (git-fixes)
- ARM: imx: add missing iounmap() (git-fixes)
- ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes)
- ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
- ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
- ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
- ARM: mvebu: drop pointless check for coherency_base (git-fixes)
- ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes)
- ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
- ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
- ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes)
- ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
- ARM: s3c24xx: fix missing system reset (git-fixes)
- ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes)
- ARM: samsung: do not build plat/pm-common for Exynos (git-fixes)
- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
- ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
- ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes).
- ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
- ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
- ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
- ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
- ath10k: fix invalid dma_addr_t token assignment (git-fixes).
- ath10k: high latency fixes for beacon buffer (git-fixes).
- Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655).
- bfq: Limit number of requests consumed by each cgroup (bsc#1184318).
- bfq: Store full bitmap depth in bfq_data (bsc#1184318).
- bfq: Track number of allocated requests in bfq_entity (bsc#1184318).
- block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
- block: Provide blk_mq_sched_get_icq() (bsc#1184318).
- Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655).
- Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655).
- Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655).
- Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655).
- Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655).
- Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
- bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
- bpf, s390: Fix potential memory leak about jit_data (git-fixes).
- bpf, x86: Fix 'no previous prototype' warning (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
- btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
- btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
- btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
- btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
- btrfs: make checksum item extension more efficient (bsc#1193002).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
- cifs use true,false for bool variable (bsc#1164565).
- cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
- cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
- cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
- cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
- cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
- cifs: add files to host new mount api (bsc#1192606).
- cifs: add fs_context param to parsing helpers (bsc#1192606).
- cifs: Add get_security_type_str function to return sec type (bsc#1192606).
- cifs: add initial reconfigure support (bsc#1192606).
- cifs: add missing mount option to /proc/mounts (bsc#1164565).
- cifs: add missing parsing of backupuid (bsc#1192606).
- cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
- cifs: add mount parameter tcpnodelay (bsc#1192606).
- cifs: add multichannel mount options and data structs (bsc#1192606).
- cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
- cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
- cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: add passthrough for smb2 setinfo (bsc#1164565).
- cifs: add server param (bsc#1192606).
- cifs: add shutdown support (bsc#1192606).
- cifs: add smb2 POSIX info level (bsc#1164565).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
- cifs: add SMB3 change notification support (bsc#1164565).
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
- cifs: add support for flock (bsc#1164565).
- cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
- cifs: Add witness information to debug data dump (bsc#1192606).
- cifs: add witness mount option and data structs (bsc#1192606).
- cifs: added WARN_ON for all the count decrements (bsc#1192606).
- cifs: Adjust indentation in smb2_open_file (bsc#1164565).
- cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
- cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
- cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
- cifs: Allocate encryption header through kmalloc (bsc#1192606).
- cifs: allow chmod to set mode bits using special sid (bsc#1164565).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
- cifs: Always update signing key of first channel (bsc#1192606).
- cifs: ask for more credit on async read/write code paths (bsc#1192606).
- cifs: Assign boolean values to a bool variable (bsc#1192606).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
- cifs: Avoid error pointer dereference (bsc#1192606).
- cifs: avoid extra calls in posix_info_parse (bsc#1192606).
- cifs: Avoid field over-reading memcpy() (bsc#1192606).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
- cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565).
- cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
- cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: check new file size when extending file by fallocate (bsc#1192606).
- cifs: check pointer before freeing (bsc#1183534).
- cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
- cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
- cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
- cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
- cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
- cifs: Clarify SMB1 code for delete (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX Create (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606).
- cifs: Clarify SMB1 code for rename open file (bsc#1192606).
- cifs: Clarify SMB1 code for SetFileSize (bsc#1192606).
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
- cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
- cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
- cifs: Clean up DFS referral cache (bsc#1164565).
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
- cifs: cleanup misc.c (bsc#1192606).
- cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
- cifs: Close cached root handle only if it had a lease (bsc#1164565).
- cifs: Close open handle after interrupted close (bsc#1164565).
- cifs: close the shared root handle on tree disconnect (bsc#1164565).
- cifs: compute full_path already in cifs_readdir() (bsc#1192606).
- cifs: connect individual channel servers to primary channel server (bsc#1192606).
- cifs: connect: style: Simplify bool comparison (bsc#1192606).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: constify path argument of ->make_node() (bsc#1192606).
- cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
- cifs: Constify static struct genl_ops (bsc#1192606).
- cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
- cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
- cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
- cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
- cifs: convert to use be32_add_cpu() (bsc#1192606).
- cifs: Convert to use the fallthrough macro (bsc#1192606).
- cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
- cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
- cifs: create a helper to find a writeable handle by path name (bsc#1154355).
- cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
- cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
- cifs: create sd context must be a multiple of 8 (bsc#1192606).
- cifs: Deal with some warnings from W=1 (bsc#1192606).
- cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
- cifs: delete duplicated words in header files (bsc#1192606).
- cifs: detect dead connections only when echoes are enabled (bsc#1192606).
- cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
- cifs: do d_move in rename (bsc#1164565).
- cifs: do not allow changing posix_paths during remount (bsc#1192606).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
- cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
- cifs: Do not display RDMA transport on reconnect (bsc#1164565).
- cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
- cifs: Do not miss cancelled OPEN responses (bsc#1164565).
- cifs: do not negotiate session if session already exists (bsc#1192606).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcons with DFS (bsc#1178270).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
- cifs: Do not use iov_iter::type directly (bsc#1192606).
- cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
- cifs: document and cleanup dfs mount (bsc#1178270).
- cifs: dump channel info in DebugData (bsc#1192606).
- cifs: dump Security Type info in DebugData (bsc#1192606).
- cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
- cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
- cifs: enable extended stats by default (bsc#1192606).
- cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
- cifs: ensure correct super block for DFS reconnect (bsc#1178270).
- cifs: escape spaces in share names (bsc#1192606).
- cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
- cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606).
- cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
- cifs: fix a memleak with modefromsid (bsc#1192606).
- cifs: fix a sign extension bug (bsc#1192606).
- cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
- cifs: fix allocation size on newly created files (bsc#1192606).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
- cifs: Fix atime update check vs mtime (bsc#1164565).
- cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606).
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
- cifs: fix channel signing (bsc#1192606).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
- cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
- cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
- cifs: fix credit accounting for extra channel (bsc#1192606).
- cifs: fix dereference on ses before it is null checked (bsc#1164565).
- cifs: fix dfs domain referrals (bsc#1192606).
- cifs: fix DFS failover (bsc#1192606).
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
- cifs: fix dfs-links (bsc#1192606).
- cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
- cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
- cifs: fix double free error on share and prefix (bsc#1178270).
- cifs: Fix fall-through warnings for Clang (bsc#1192606).
- cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
- cifs: fix gcc warning in sid_to_id (bsc#1192606).
- cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
- cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Fix inconsistent indenting (bsc#1192606).
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
- cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
- cifs: fix incorrect kernel doc comments (bsc#1192606).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs: fix leaked reference on requeued write (bsc#1178270).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
- cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
- cifs: fix max ea value size (bnc#1151927 5.3.4).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
- cifs: fix minor typos in comments and log messages (bsc#1192606).
- cifs: Fix missed free operations (bnc#1151927 5.3.8).
- cifs: fix missing null session check in mount (bsc#1192606).
- cifs: fix missing spinlock around update to ses->status (bsc#1192606).
- cifs: fix misspellings using codespell tool (bsc#1192606).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
- cifs: Fix mode output in debugging statements (bsc#1164565).
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- cifs: Fix mount options set in automount (bsc#1164565).
- cifs: fix mounts to subdirectories of target (bsc#1192606).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: fix NULL dereference in match_prepath (bsc#1164565).
- cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
- cifs: Fix null pointer check in cifs_read (bsc#1192606).
- cifs: Fix NULL pointer dereference in mid callback (bsc#1164565).
- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
- cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
- cifs: fix potential mismatch of UNC paths (bsc#1164565).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
- cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
- cifs: fix reference leak for tlink (bsc#1192606).
- cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
- cifs: Fix resource leak (bsc#1192606).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
- cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
- cifs: Fix return value in __update_cache_entry (bsc#1164565).
- cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
- cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
- cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
- cifs: Fix spelling of 'security' (bsc#1192606).
- cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
- cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
- cifs: Fix task struct use-after-free on reconnect (bsc#1164565).
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
- cifs: Fix the target file was deleted when rename failed (bsc#1192606).
- cifs: fix trivial typo (bsc#1192606).
- cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
- cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
- cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
- cifs: fix unneeded null check (bsc#1192606).
- cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
- cifs: Fix use after free of file info structures (bnc#1151927 5.3.8).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
- cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
- cifs: for compound requests, use open handle if possible (bsc#1192606).
- cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
- cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
- cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
- cifs: get mode bits from special sid on stat (bsc#1164565).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: get rid of cifs_sb->mountdata (bsc#1192606).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
- cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
- cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
- cifs: handle -EINTR in cifs_setattr (bsc#1192606).
- cifs: handle 'guest' mount parameter (bsc#1192606).
- cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
- cifs: handle prefix paths in reconnect (bsc#1164565).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
- cifs: Handle witness client move notification (bsc#1192606).
- cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
- cifs: Identify a connection by a conn_id (bsc#1192606).
- cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
- cifs: ignore auto and noauto options if given (bsc#1192606).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: improve fallocate emulation (bsc#1192606).
- cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606).
- cifs: In the new mount api we get the full devname as source= (bsc#1192606).
- cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
- cifs: Initialize filesystem timestamp ranges (bsc#1164565).
- cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: Introduce helpers for finding TCP connection (bsc#1164565).
- cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: log mount errors using cifs_errorf() (bsc#1192606).
- cifs: log warning message (once) if out of disk space (bsc#1164565).
- cifs: make build_path_from_dentry() return const char * (bsc#1192606).
- cifs: make const array static, makes object smaller (bsc#1192606).
- cifs: Make extract_hostname function public (bsc#1192606).
- cifs: Make extract_sharename function public (bsc#1192606).
- cifs: make fs_context error logging wrapper (bsc#1192606).
- cifs: make locking consistent around the server session status (bsc#1192606).
- cifs: make multichannel warning more visible (bsc#1192606).
- cifs: Make SMB2_notify_init static (bsc#1164565).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
- cifs: minor fix to two debug messages (bsc#1192606).
- cifs: minor kernel style fixes for comments (bsc#1192606).
- cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
- cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
- cifs: minor updates to Kconfig (bsc#1192606).
- cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
- cifs: missed ref-counting smb session in find (bsc#1192606).
- cifs: missing null check for newinode pointer (bsc#1192606).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: modefromsid: make room for 4 ACE (bsc#1164565).
- cifs: modefromsid: write mode ACE first (bsc#1164565).
- cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
- cifs: move cache mount options to fs_context.ch (bsc#1192606).
- cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
- cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
- cifs: move debug print out of spinlock (bsc#1192606).
- cifs: Move more definitions into the shared area (bsc#1192606).
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
- cifs: move security mount options into fs_context.ch (bsc#1192606).
- cifs: move SMB FSCTL definitions to common code (bsc#1192606).
- cifs: move smb version mount options into fs_context.c (bsc#1192606).
- cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
- cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
- cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
- cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
- cifs: move update of flags into a separate function (bsc#1192606).
- cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
- cifs: multichannel: move channel selection above transport layer (bsc#1192606).
- cifs: multichannel: move channel selection in function (bsc#1192606).
- cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
- cifs: multichannel: use pointer for binding channel (bsc#1192606).
- cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
- cifs: New optype for session operations (bsc#1181507).
- cifs: nosharesock should be set on new server (bsc#1192606).
- cifs: nosharesock should not share socket with future sessions (bsc#1192606).
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
- cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
- cifs: Optimize readdir on reparse points (bsc#1164565).
- cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
- cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
- cifs: populate server_hostname for extra channels (bsc#1192606).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
- cifs: print warning mounting with vers=1.0 (bsc#1164565).
- cifs: properly invalidate cached root handle when closing it (bsc#1192606).
- cifs: Properly process SMB3 lease breaks (bsc#1164565).
- cifs: protect session channel fields with chan_lock (bsc#1192606).
- cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
- cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
- cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
- cifs: reduce stack use in smb2_compound_op (bsc#1192606).
- cifs: refactor cifs_get_inode_info() (bsc#1164565).
- cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
- cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
- cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
- cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
- cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
- cifs: remove actimeo from cifs_sb (bsc#1192606).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
- cifs: remove duplicated prototype (bsc#1192606).
- cifs: remove old dead code (bsc#1192606).
- cifs: remove pathname for file from SPDX header (bsc#1192606).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
- cifs: remove redundant assignment to variable rc (bsc#1164565).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: Remove repeated struct declaration (bsc#1192606).
- cifs: Remove set but not used variable 'capabilities' (bsc#1164565).
- cifs: remove set but not used variable 'server' (bsc#1164565).
- cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
- cifs: remove set but not used variables (bsc#1164565).
- cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
- cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
- cifs: Remove the superfluous break (bsc#1192606).
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
- cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
- cifs: Remove unnecessary struct declaration (bsc#1192606).
- cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: remove unused variable 'server' (bsc#1192606).
- cifs: remove unused variable 'sid_user' (bsc#1164565).
- cifs: remove unused variable (bsc#1164565).
- cifs: Remove useless variable (bsc#1192606).
- cifs: remove various function description warnings (bsc#1192606).
- cifs: rename a variable in SendReceive() (bsc#1164565).
- cifs: rename cifs_common to smbfs_common (bsc#1192606).
- cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
- cifs: rename posix create rsp (bsc#1164565).
- cifs: rename reconn_inval_dfs_target() (bsc#1178270).
- cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
- cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
- cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
- cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
- cifs: return cached_fid from open_shroot (bsc#1192606).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: returning mount parm processing errors correctly (bsc#1192606).
- cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
- cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
- cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
- cifs: send workstation name during ntlmssp session setup (bsc#1192606).
- cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
- cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
- cifs: Silently ignore unknown oplock break handle (bsc#1192606).
- cifs: Simplify bool comparison (bsc#1192606).
- cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
- cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
- cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
- cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
- cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
- cifs: smbd: Check send queue size before posting a send (bsc#1192606).
- cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
- cifs: smbd: Merge code to track pending packets (bsc#1192606).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
- cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
- cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
- cifs: sort interface list by speed (bsc#1192606).
- cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606).
- cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: Standardize logging output (bsc#1192606).
- cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
- cifs: style: replace one-element array with flexible-array (bsc#1192606).
- cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
- cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
- cifs: switch servers depending on binding state (bsc#1192606).
- cifs: switch to new mount api (bsc#1192606).
- cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- cifs: try harder to open new channels (bsc#1192606).
- cifs: try opening channels after mounting (bsc#1192606).
- cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
- cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
- cifs: update ctime and mtime during truncate (bsc#1192606).
- cifs: update FSCTL definitions (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
- cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
- cifs: update super_operations to show_devname (bsc#1192606).
- cifs: Use #define in cifs_dbg (bsc#1164565).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
- cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
- cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
- cifs: use echo_interval even when connection not ready (bsc#1192606).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
- cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
- cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
- cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
- cifs: use SPDX-Licence-Identifier (bsc#1192606).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
- cifs: use true,false for bool variable (bsc#1164565).
- cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
- cifs: Warn less noisily on default mount (bsc#1192606).
- cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- cifs`: handle ERRBaduid for SMB1 (bsc#1192606).
- clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
- clk: ingenic: Fix bugs with divided dividers (git-fixes).
- config: refresh BPF configs (jsc#SLE-22574) The SUSE-commit 9a413cc7eb56 ('config: disable unprivileged BPF by default (jsc#SLE-22573)') inherited from SLE15-SP2 puts the BPF config into the wrong place due to SLE15-SP3 additionally backported b24abcff918a ('bpf, kconfig: Add consolidated menu entry for bpf with core options'), and leads to duplicate CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config. Also, disable unprivileged BPF for armv7hl, which did not inherit the config change from SLE15-SP2.
- constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder.
- Convert trailing spaces and periods in path components (bsc#1179424).
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
- crypto: pcrypt - Delay write to padata->info (git-fixes).
- crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
- cxgb4: fix eeprom len when diagnostics not implemented (git-fixes).
- dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320).
- dm: fix deadlock when swapping to encrypted device (bsc#1186332).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
- do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
- drm/amd/display: Set plane update flags for all planes in reset (git-fixes).
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
- drm/msm: Do hw_init() before capturing GPU state (git-fixes).
- drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
- drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes).
- drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes).
- drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
- drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes).
- drm/plane-helper: fix uninitialized variable reference (git-fixes).
- drm/vc4: fix error code in vc4_create_object() (git-fixes).
- drop superfluous empty lines
- e1000e: Separate TGP board type from SPT (bsc#1192874).
- EDAC/amd64: Handle three rank interleaving mode (bsc#1152489).
- elfcore: correct reference to CONFIG_UML (git-fixes).
- elfcore: fix building with clang (bsc#1169514).
- ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075).
- firmware: qcom_scm: Mark string array const (git-fixes).
- fuse: release pipe buf after last use (bsc#1193318).
- gve: Add netif_set_xps_queue call (bsc#1176940).
- gve: Add rx buffer pagecnt bias (bsc#1176940).
- gve: Allow pageflips on larger pages (bsc#1176940).
- gve: Do lazy cleanup in TX path (git-fixes).
- gve: DQO: avoid unused variable warnings (bsc#1176940).
- gve: Switch to use napi_complete_done (git-fixes).
- gve: Track RX buffer allocation failures (bsc#1176940).
- hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- i2c: cbus-gpio: set atomic transfer callback (git-fixes).
- i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
- i2c: stm32f7: recover the bus on access timeout (git-fixes).
- i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
- i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes).
- i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
- i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes).
- i40e: Fix display error code in dmesg (git-fixes).
- i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
- i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
- i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
- i40e: Fix pre-set max number of queues for VF (git-fixes).
- i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes).
- iavf: check for null in iavf_fix_features (git-fixes).
- iavf: do not clear a lock we do not hold (git-fixes).
- iavf: Fix failure to exit out from last all-multicast mode (git-fixes).
- iavf: Fix for setting queues to 0 (jsc#SLE-12877).
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes).
- iavf: Fix reporting when setting descriptor count (git-fixes).
- iavf: Fix return of set the new channel count (jsc#SLE-12877).
- iavf: free q_vectors before queues in iavf_disable_vf (git-fixes).
- iavf: prevent accidental free of filter structure (git-fixes).
- iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
- iavf: Restore VLAN filters after link down (git-fixes).
- iavf: validate pointers (git-fixes).
- ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
- ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: Delete always true check of PF pointer (git-fixes).
- ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926).
- ice: Fix VF true promiscuous mode (jsc#SLE-12878).
- ice: fix vsi->txq_map sizing (jsc#SLE-7926).
- ice: ignore dropped packets during init (git-fixes).
- ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878).
- igb: fix netpoll exit with traffic (git-fixes).
- igc: Remove _I_PHY_ID checking (bsc#1193169).
- igc: Remove phy->type checking (bsc#1193169).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
- Input: iforce - fix control-message timeout (git-fixes).
- iommu: Check if group is NULL before remove device (git-fixes).
- iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
- iommu/amd: Remove iommu_init_ga() (git-fixes).
- iommu/mediatek: Fix out-of-range warning with clang (git-fixes).
- iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes).
- iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes).
- iommu/vt-d: Update the virtual command related registers (git-fixes).
- ipmi: Disable some operations during a panic (git-fixes).
- kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332).
- kabi: hide changes to struct uv_info (git-fixes).
- kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise.
- kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging.
- kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore.
- kernel-source.spec: install-kernel-tools also required on 15.4
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
- lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
- libata: fix checking of DMA state (git-fixes).
- linux/parser.h: add include guards (bsc#1192606).
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320).
- md: fix a lock order reversal in md_alloc (git-fixes).
- md/raid10: extend r10bio devs to raid disks (bsc#1192320).
- md/raid10: improve discard request for far layout (bsc#1192320).
- md/raid10: improve raid10 discard request (bsc#1192320).
- md/raid10: initialize r10_bio->read_slot before use (bsc#1192320).
- md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320).
- md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320).
- mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447).
- media: imx: set a media_device bus_info string (git-fixes).
- media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
- media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
- media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
- media: uvcvideo: Return -EIO for control errors (git-fixes).
- media: uvcvideo: Set capability in s_param (git-fixes).
- media: uvcvideo: Set unique vdev name based in type (git-fixes).
- memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
- MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
- mmc: winbond: do not build on M68K (git-fixes).
- mtd: core: do not remove debugfs directory if device is in use (git-fixes).
- mwifiex: Properly initialize private structure on interface type changes (git-fixes).
- mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
- net: asix: fix uninit value bugs (git-fixes).
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
- net: delete redundant function declaration (git-fixes).
- net: hns3: change affinity_mask to numa node range (bsc#1154353).
- net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353).
- net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353).
- net: hso: fix control-request directions (git-fixes).
- net: hso: fix muxed tty registration (git-fixes).
- net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
- net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
- net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
- net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
- net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691).
- net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691).
- net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
- net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
- net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172).
- net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
- net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774).
- netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447).
- netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447).
- netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447).
- NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
- NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
- NFC: reorder the logic in nfc_{un,}register_device (git-fixes).
- NFC: reorganize the functions in nci_request (git-fixes).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
- NFS: do not take i_rwsem for swap IO (bsc#1191876).
- NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
- NFS: Fix up commit deadlocks (git-fixes).
- NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
- nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
- NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
- nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes).
- perf: Correctly handle failed perf_get_aux_event() (git-fixes).
- perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
- perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes).
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
- platform/x86: wmi: do not fail if disabling fails (git-fixes).
- PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
- PM: hibernate: use correct mode for swsusp_close() (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
- powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
- powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes).
- powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
- powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
- powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes).
- powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
- powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
- powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
- powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- qede: validate non LSO skb length (git-fixes).
- r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
- r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
- RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649).
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
- ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
- rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files.
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well.
- rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
- s390: mm: Fix secure storage access exception handling (git-fixes).
- s390/bpf: Fix branch shortening during codegen pass (bsc#1193993).
- s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
- scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
- scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
- scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
- serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
- serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes).
- serial: core: fix transmit-buffer reset and memleak (git-fixes).
- smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
- smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
- smb3: add additional null check in SMB2_ioctl (bsc#1192606).
- smb3: add additional null check in SMB2_open (bsc#1192606).
- smb3: add additional null check in SMB2_tcon (bsc#1192606).
- smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
- smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
- smb3: add debug messages for closing unmatched open (bsc#1164565).
- smb3: add defines for new crypto algorithms (bsc#1192606).
- smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
- smb3: add defines for new signing negotiate context (bsc#1192606).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: add dynamic trace points for socket connection (bsc#1192606).
- smb3: add dynamic tracepoints for flush and close (bsc#1164565).
- smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
- smb3: add missing flag definitions (bsc#1164565).
- smb3: Add missing reparse tags (bsc#1164565).
- smb3: add missing worker function for SMB3 change notify (bsc#1164565).
- smb3: add mount option to allow forced caching of read only share (bsc#1164565).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
- smb3: Add new compression flags (bsc#1192606).
- smb3: Add new info level for query directory (bsc#1192606).
- smb3: add new module load parm enable_gcm_256 (bsc#1192606).
- smb3: add new module load parm require_gcm_256 (bsc#1192606).
- smb3: Add new parm 'nodelete' (bsc#1192606).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
- smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
- smb3: add some missing definitions from MS-FSCC (bsc#1192606).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
- smb3: Add support for getting and setting SACLs (bsc#1192606).
- smb3: Add support for lookup with posix extensions query info (bsc#1192606).
- smb3: Add support for negotiating signing algorithm (bsc#1192606).
- smb3: Add support for query info using posix extensions (level 100) (bsc#1192606).
- smb3: add support for recognizing WSL reparse tags (bsc#1192606).
- smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606).
- smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
- smb3: add support for using info level for posix extensions query (bsc#1192606).
- smb3: Add tracepoints for new compound posix query info (bsc#1192606).
- smb3: Additional compression structures (bsc#1192606).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
- smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
- smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
- smb3: allow dumping keys for multiuser mounts (bsc#1192606).
- smb3: allow parallelizing decryption of reads (bsc#1164565).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
- smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
- smb3: avoid confusing warning message on mount to Azure (bsc#1192606).
- smb3: Avoid Mid pending list corruption (bsc#1192606).
- smb3: Backup intent flag missing from some more ops (bsc#1164565).
- smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
- smb3: change noisy error message to FYI (bsc#1192606).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
- smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
- smb3: correct smb3 ACL security descriptor (bsc#1192606).
- smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
- smb3: display max smb3 requests in flight at any one time (bsc#1164565).
- smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
- smb3: do not error on fsync when readonly (bsc#1192606).
- smb3: do not fail if no encryption required but server does not support it (bsc#1192606).
- smb3: do not log warning message if server does not populate salt (bsc#1192606).
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
- smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
- smb3: enable negotiating stronger encryption by default (bsc#1192606).
- smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
- smb3: enable swap on SMB3 mounts (bsc#1192606).
- smb3: extend fscache mount volume coherency check (bsc#1192606).
- smb3: fix access denied on change notify request to some servers (bsc#1192606).
- smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
- smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
- smb3: Fix ids returned in POSIX query dir (bsc#1192606).
- smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
- smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
- smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
- smb3: fix mount failure to some servers when compression enabled (bsc#1192606).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- smb3: fix performance regression with setting mtime (bsc#1164565).
- smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
- smb3: fix posix extensions mount option (bsc#1192606).
- smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
- smb3: fix potential null dereference in decrypt offload (bsc#1164565).
- smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
- smb3: fix readpage for large swap cache (bsc#1192606).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
- smb3: Fix regression in time handling (bsc#1164565).
- smb3: fix signing verification of large reads (bsc#1154355).
- smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
- smb3: fix typo in compression flag (bsc#1192606).
- smb3: fix typo in header file (bsc#1192606).
- smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
- smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
- smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
- smb3: fix unneeded error message on change notify (bsc#1192606).
- smb3: Handle error case during offload read path (bsc#1192606).
- smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- smb3: Honor lease disabling for multiuser mounts (git-fixes).
- smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
- smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
- smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
- smb3: incorrect file id in requests compounded with open (bsc#1192606).
- smb3: Incorrect size for netname negotiate context (bsc#1154355).
- smb3: limit noisy error (bsc#1192606).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
- smb3: Minor cleanup of protocol definitions (bsc#1192606).
- smb3: minor update to compression header definitions (bsc#1192606).
- smb3: missing ACL related flags (bsc#1164565).
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
- smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
- smb3: pass mode bits into create calls (bsc#1164565).
- smb3: prevent races updating CurrentMid (bsc#1192606).
- smb3: print warning if server does not support requested encryption type (bsc#1192606).
- smb3: print warning once if posix context returned on open (bsc#1164565).
- smb3: query attributes on file close (bsc#1164565).
- smb3: rc uninitialized in one fallocate path (bsc#1192606).
- smb3: remind users that witness protocol is experimental (bsc#1192606).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
- smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
- smb3: remove dead code for non compounded posix query info (bsc#1192606).
- smb3: remove noisy debug message and minor cleanup (bsc#1164565).
- smb3: remove overly noisy debug line in signing errors (bsc#1192606).
- smb3: remove static checker warning (bsc#1192606).
- smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
- smb3: remove two unused variables (bsc#1192606).
- smb3: remove unused flag passed into close functions (bsc#1164565).
- smb3: rename nonces used for GCM and CCM encryption (bsc#1192606).
- smb3: Resolve data corruption of TCP server info fields (bsc#1192606).
- smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
- smb3: set gcm256 when requested (bsc#1192606).
- smb3: smbdirect support can be configured by default (bsc#1192606).
- smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
- smb3: update protocol header definitions based to include new flags (bsc#1192606).
- smb3: update structures for new compression protocol definitions (bsc#1192606).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
- smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
- spi: spl022: fix Microwire full duplex mode (git-fixes).
- SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
- SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
- SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
- SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
- supported.conf: add pwm-rockchip References: jsc#SLE-22615
- swiotlb: avoid double free (git-fixes).
- swiotlb: Fix the type of index (git-fixes).
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606).
- tlb: mmu_gather: add tlb_flush_*_range APIs
- tracing: Add length protection to histogram string copies (git-fixes).
- tracing: Change STR_VAR_MAX_LEN (git-fixes).
- tracing: Check pid filtering when creating events (git-fixes).
- tracing: Fix pid filtering when triggers are attached (git-fixes).
- tracing: use %ps format string to print symbols (git-fixes).
- tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
- usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
- usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
- usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
- usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
- usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
- vfs: do not parse forbidden flags (bsc#1192606).
- x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
- x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes).
- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134).
- x86/mpx: Disable MPX for 32-bit userland (bsc#1193139).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
- x86/pvh: add prototype for xen_pvh_init() (git-fixes).
- x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes).
- x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134).
- x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
- x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen/privcmd: fix error handling in mmap-resource processing (git-fixes).
- xen/pvh: add missing prototype to header (git-fixes).
- xen/x86: fix PV trap handling on secondary processors (git-fixes).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
- zram: fix return value on writeback_store (git-fixes).
- zram: off by one in read_block_state() (git-fixes).
ImportantSUSE bug 1139944SUSE bug 1151927SUSE bug 1152489SUSE bug 1153275SUSE bug 1154353SUSE bug 1154355SUSE bug 1161907SUSE bug 1164565SUSE bug 1166780SUSE bug 1169514SUSE bug 1176242SUSE bug 1176447SUSE bug 1176536SUSE bug 1176544SUSE bug 1176545SUSE bug 1176546SUSE bug 1176548SUSE bug 1176558SUSE bug 1176559SUSE bug 1176774SUSE bug 1176940SUSE bug 1176956SUSE bug 1177440SUSE bug 1178134SUSE bug 1178270SUSE bug 1179211SUSE bug 1179424SUSE bug 1179426SUSE bug 1179427SUSE bug 1179599SUSE bug 1181148SUSE bug 1181507SUSE bug 1181710SUSE bug 1182404SUSE bug 1183534SUSE bug 1183540SUSE bug 1183897SUSE bug 1184318SUSE bug 1185726SUSE bug 1185902SUSE bug 1186332SUSE bug 1187541SUSE bug 1189126SUSE bug 1189158SUSE bug 1191793SUSE bug 1191876SUSE bug 1192267SUSE bug 1192320SUSE bug 1192507SUSE bug 1192511SUSE bug 1192569SUSE bug 1192606SUSE bug 1192691SUSE bug 1192845SUSE bug 1192847SUSE bug 1192874SUSE bug 1192946SUSE bug 1192969SUSE bug 1192987SUSE bug 1192990SUSE bug 1192998SUSE bug 1193002SUSE bug 1193042SUSE bug 1193139SUSE bug 1193169SUSE bug 1193306SUSE bug 1193318SUSE bug 1193349SUSE bug 1193440SUSE bug 1193442SUSE bug 1193655SUSE bug 1193993SUSE bug 1194087SUSE bug 1194094CVE-2020-24504 at SUSECVE-2020-24504 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-45485 at SUSECVE-2021-45485 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for salt (Important)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
- Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions processed at the same time (bsc#1197637)
- Fix salt-ssh opts poisoning. (bsc#1197637)
- Clear network interfaces cache on grains request. (bsc#1196050)
- Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432)
- Restrict 'state.orchestrate_single' to pass a pillar value if it exists. (bsc#1194632)
ImportantSUSE bug 1182851SUSE bug 1194632SUSE bug 1196050SUSE bug 1196432SUSE bug 1197417SUSE bug 1197533SUSE bug 1197637CVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
- CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
- CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
- CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
- ACPI: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
- ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- block: update io_ticks when io hang (bsc#1197817).
- block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
- bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
- btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
- btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
- btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
- btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
- btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
- btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
- btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
- btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
- btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
- btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
- btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
- crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
- crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
- driver core: dd: fix return value of __setup handler (git-fixes).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
- drm/doc: overview before functions for drm_writeback.c (git-fixes).
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- drm/i915/gem: add missing boundary check in vm_access (git-fixes).
- drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
- drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
- drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- ecryptfs: Fix typo in message (bsc#1197811).
- ext2: correct max file size computing (bsc#1197820).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
- fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
- HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
- iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
- iio: inkern: make a best effort on offset calculation (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- iwlwifi: do not advertise TWT support (git-fixes).
- KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- mac80211: refuse aggregations sessions before authorized (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: hantro: Fix overfill bottom register field name (git-fixes).
- media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
- media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- memory: emif: Add check for setup_interrupts (git-fixes).
- memory: emif: check the pointer temp in get_device_details() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
- mm_zone: add function to check if managed dma zone exists (bsc#1197501).
- mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes).
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes).
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes).
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
- net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: watchdog: hold device global xmit lock during tx disable (git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- net/smc: Reset conn->lgr when link group registration fails (git-fixes).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
- NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
- pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
- pinctrl: samsung: drop pin banks references on error paths (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).
- s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352).
- s390/kexec_file: fix error handling when applying relocations (git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
- s390/module: fix loading modules with a lot of relocations (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- team: protect features update by RCU to avoid deadlock (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes).
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- usb: bdc: remove duplicated error message (git-fixes).
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes).
- usb: dwc3: qcom: add IRQ check (git-fixes).
- usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
- x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134).
- x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1175667SUSE bug 1177028SUSE bug 1178134SUSE bug 1179639SUSE bug 1180153SUSE bug 1189562SUSE bug 1194625SUSE bug 1194649SUSE bug 1195640SUSE bug 1195926SUSE bug 1196018SUSE bug 1196196SUSE bug 1196478SUSE bug 1196761SUSE bug 1196823SUSE bug 1197227SUSE bug 1197243SUSE bug 1197300SUSE bug 1197302SUSE bug 1197331SUSE bug 1197343SUSE bug 1197366SUSE bug 1197389SUSE bug 1197462SUSE bug 1197501SUSE bug 1197534SUSE bug 1197661SUSE bug 1197675SUSE bug 1197677SUSE bug 1197702SUSE bug 1197811SUSE bug 1197812SUSE bug 1197815SUSE bug 1197817SUSE bug 1197819SUSE bug 1197820SUSE bug 1197888SUSE bug 1197889SUSE bug 1197894SUSE bug 1198027SUSE bug 1198028SUSE bug 1198029SUSE bug 1198030SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033SUSE bug 1198077CVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-microos:5.1Security update for permissions (Moderate)SUSE Linux Enterprise Micro 5.1
This update for permissions fixes the following issues:
- Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).
ModerateSUSE bug 1169614cpe:/o:suse:suse-microos:5.1Security update for firewalld, golang-github-prometheus-prometheus (Important)SUSE Linux Enterprise Micro 5.1
This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:
Security fixes for golang-github-prometheus-prometheus:
- CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling
requests with non-standard HTTP methods (bsc#1196338).
Other non security changes for golang-github-prometheus-prometheus:
- Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`.
- Only recommends `firewalld-prometheus-config` as prometheus does not require it to run.
- Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)
Other non security changes for firewalld:
- Provide dummy `firewalld-prometheus-config` package (bsc#1197042)
ImportantSUSE bug 1196338SUSE bug 1197042CVE-2022-21698 at SUSECVE-2022-21698 at NVDcpe:/o:suse:suse-microos:5.1Security update for cryptsetup (Moderate)SUSE Linux Enterprise Micro 5.1
This update for cryptsetup fixes the following issues:
- CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469).
ModerateSUSE bug 1194469CVE-2021-4122 at SUSECVE-2021-4122 at NVDcpe:/o:suse:suse-microos:5.1Security update for libslirp (Important)SUSE Linux Enterprise Micro 5.1
This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
ImportantSUSE bug 1187364SUSE bug 1187366SUSE bug 1187367SUSE bug 1198773CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:suse-microos:5.1Security update for aide (Important)SUSE Linux Enterprise Micro 5.1
This update for aide fixes the following issues:
- CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735)
ImportantSUSE bug 1194735CVE-2021-45417 at SUSECVE-2021-45417 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
ModerateSUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:suse-microos:5.1Security update for tar (Moderate)SUSE Linux Enterprise Micro 5.1
This update for tar fixes the following issues:
- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).
- Update to GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- Update to GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- prepare usrmerge (bsc#1029961)
- Update to GNU 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- Update to GNU 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the '-K NAME' option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
ModerateSUSE bug 1029961SUSE bug 1120610SUSE bug 1130496SUSE bug 1181131CVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:suse-microos:5.1Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libvirt fixes the following issues:
- CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636).
The following non-security bugs were fixed:
- qemu: Improve save operation by increasing pipe size
c61d1e9b-virfile-set-pipe-size.patch,
47d6d185-virfile-fix-indent.patch,
cd7acb33-virfile-report-error.patch
bsc#1196625
- qemu: Directly query KVM for TSC scaling support
5df2c492-use-kvm-for-tsc-scaling.patch
bsc#1193364
ModerateSUSE bug 1193364SUSE bug 1196625SUSE bug 1197636CVE-2022-0897 at SUSECVE-2022-0897 at NVDcpe:/o:suse:suse-microos:5.1Security update for ldb (Low)SUSE Linux Enterprise Micro 5.1
This update for ldb fixes the following issues:
- Update to version 2.4.2
- CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value
would not be honoured (bsc#1198397).
LowSUSE bug 1198397CVE-2021-3670 at SUSECVE-2021-3670 at NVDcpe:/o:suse:suse-microos:5.1Security update for gzip (Important)SUSE Linux Enterprise Micro 5.1
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
ImportantSUSE bug 1198062SUSE bug 1198922CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
ModerateSUSE bug 1198614SUSE bug 1198723SUSE bug 1198766CVE-2022-22576 at SUSECVE-2022-22576 at NVDCVE-2022-27775 at SUSECVE-2022-27775 at NVDCVE-2022-27776 at SUSECVE-2022-27776 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).
- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
- ACPI: processor idle: Check for architectural support for LPI (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
- ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- arm64: dts: ls1028a: fix memory node (git-fixes)
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
- bnx2x: fix napi API usage sequence (bsc#1198217).
- bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
- cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: fix bad fids sent over wire (bsc#1197157).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
- direct-io: defer alignment check until after the EOF check (bsc#1197656).
- direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
- dma-debug: fix return value of __setup handlers (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
- dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
- Documentation: add link to stable release candidate tree (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd: Add USBC connector ID (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: check basic audio support on CEA extension block (git-fixes).
- drm/edid: Do not clear formats if using deep color (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
- drm/mediatek: Add AAL output size configuration (git-fixes).
- drm/mediatek: Fix aal size config (git-fixes).
- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- fibmap: Reject negative block numbers (bsc#1198448).
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
- livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
- media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
- mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
- power: supply: axp20x_battery: properly report current when discharging (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
- random: check for signal_pending() outside of need_resched() check (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
- RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
- rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
- rpm: Use bash for %() expansion (jsc#SLE-18234).
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Handle low memory situations in call_status() (git-fixes).
- USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- USB: dwc3: gadget: Return proper request status (git-fixes).
- USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- video: fbdev: w100fb: Reset global state (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- x86/pm: Save the MSR validity status at context setup (bsc#1198400).
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
- xen: fix is_xen_pmu() (git-fixes).
- xen/blkfront: fix comment for need_copy (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
ImportantSUSE bug 1028340SUSE bug 1071995SUSE bug 1137728SUSE bug 1152472SUSE bug 1152489SUSE bug 1177028SUSE bug 1179878SUSE bug 1182073SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1193556SUSE bug 1193842SUSE bug 1194625SUSE bug 1195651SUSE bug 1195926SUSE bug 1196018SUSE bug 1196114SUSE bug 1196367SUSE bug 1196514SUSE bug 1196639SUSE bug 1196942SUSE bug 1197157SUSE bug 1197391SUSE bug 1197656SUSE bug 1197660SUSE bug 1197677SUSE bug 1197914SUSE bug 1197926SUSE bug 1198077SUSE bug 1198217SUSE bug 1198330SUSE bug 1198400SUSE bug 1198413SUSE bug 1198437SUSE bug 1198448SUSE bug 1198484SUSE bug 1198515SUSE bug 1198516SUSE bug 1198534SUSE bug 1198742SUSE bug 1198825SUSE bug 1198989SUSE bug 1199012SUSE bug 1199024CVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-0707 at SUSECVE-2021-0707 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-4154 at SUSECVE-2021-4154 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDcpe:/o:suse:suse-microos:5.1Security update for openldap2 (Important)SUSE Linux Enterprise Micro 5.1
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
ImportantSUSE bug 1199240CVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).
- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
- ACPI: processor idle: Check for architectural support for LPI (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
- ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- arm64: dts: ls1028a: fix memory node (git-fixes)
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
- bnx2x: fix napi API usage sequence (bsc#1198217).
- bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
- cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: fix bad fids sent over wire (bsc#1197157).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
- direct-io: defer alignment check until after the EOF check (bsc#1197656).
- direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
- dma-debug: fix return value of __setup handlers (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
- dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
- Documentation: add link to stable release candidate tree (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd: Add USBC connector ID (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: check basic audio support on CEA extension block (git-fixes).
- drm/edid: Do not clear formats if using deep color (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
- drm/mediatek: Add AAL output size configuration (git-fixes).
- drm/mediatek: Fix aal size config (git-fixes).
- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- fibmap: Reject negative block numbers (bsc#1198448).
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
- livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
- media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
- mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
- power: supply: axp20x_battery: properly report current when discharging (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
- random: check for signal_pending() outside of need_resched() check (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
- RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
- rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
- rpm: Use bash for %() expansion (jsc#SLE-18234).
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Handle low memory situations in call_status() (git-fixes).
- USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- USB: dwc3: gadget: Return proper request status (git-fixes).
- USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- video: fbdev: w100fb: Reset global state (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- x86/pm: Save the MSR validity status at context setup (bsc#1198400).
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
- xen: fix is_xen_pmu() (git-fixes).
- xen/blkfront: fix comment for need_copy (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
ImportantSUSE bug 1028340SUSE bug 1071995SUSE bug 1137728SUSE bug 1152472SUSE bug 1152489SUSE bug 1177028SUSE bug 1179878SUSE bug 1182073SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1193556SUSE bug 1193842SUSE bug 1194625SUSE bug 1195651SUSE bug 1195926SUSE bug 1196018SUSE bug 1196114SUSE bug 1196367SUSE bug 1196514SUSE bug 1196639SUSE bug 1196942SUSE bug 1197157SUSE bug 1197391SUSE bug 1197656SUSE bug 1197660SUSE bug 1197677SUSE bug 1197914SUSE bug 1197926SUSE bug 1198077SUSE bug 1198217SUSE bug 1198330SUSE bug 1198400SUSE bug 1198413SUSE bug 1198437SUSE bug 1198448SUSE bug 1198484SUSE bug 1198515SUSE bug 1198516SUSE bug 1198534SUSE bug 1198742SUSE bug 1198825SUSE bug 1198989SUSE bug 1199012SUSE bug 1199024CVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-0707 at SUSECVE-2021-0707 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-4154 at SUSECVE-2021-4154 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDcpe:/o:suse:suse-microos:5.1Security update for e2fsprogs (Important)SUSE Linux Enterprise Micro 5.1
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd, docker (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd, docker fixes the following issues:
- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).
ImportantSUSE bug 1193930SUSE bug 1196441SUSE bug 1197284SUSE bug 1197517CVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423)
Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).
ModerateSUSE bug 1198717SUSE bug 1199423CVE-2022-21151 at SUSECVE-2022-21151 at NVDcpe:/o:suse:suse-microos:5.1Security update for libslirp (Important)SUSE Linux Enterprise Micro 5.1
This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
ImportantSUSE bug 1187364SUSE bug 1187366SUSE bug 1187367SUSE bug 1198773CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
ImportantSUSE bug 1196490SUSE bug 1199132CVE-2022-23308 at SUSECVE-2022-23308 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Low)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2021-20196: Fixed null pointer dereference that may lead to guest crash (bsc#1181361).
LowSUSE bug 1181361CVE-2021-20196 at SUSECVE-2021-20196 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
- CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
- CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
- CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
- CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
- CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
- CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
- CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).
ImportantSUSE bug 1194251SUSE bug 1194362SUSE bug 1194474SUSE bug 1194476SUSE bug 1194477SUSE bug 1194478SUSE bug 1194479SUSE bug 1194480CVE-2021-45960 at SUSECVE-2021-45960 at NVDCVE-2021-46143 at SUSECVE-2021-46143 at NVDCVE-2022-22822 at SUSECVE-2022-22822 at NVDCVE-2022-22823 at SUSECVE-2022-22823 at NVDCVE-2022-22824 at SUSECVE-2022-22824 at NVDCVE-2022-22825 at SUSECVE-2022-22825 at NVDCVE-2022-22826 at SUSECVE-2022-22826 at NVDCVE-2022-22827 at SUSECVE-2022-22827 at NVDcpe:/o:suse:suse-microos:5.1Security update for json-c (Important)SUSE Linux Enterprise Micro 5.1
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)
ImportantSUSE bug 1171479CVE-2020-12762 at SUSECVE-2020-12762 at NVDcpe:/o:suse:suse-microos:5.1Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.1
This update for kernel-firmware fixes the following issues:
Update AMD ucode and SEV firmware
- (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744,
bsc#1199459, bsc#1199470)
ModerateSUSE bug 1199459SUSE bug 1199470CVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Important)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
ImportantSUSE bug 1199223SUSE bug 1199224CVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDcpe:/o:suse:suse-microos:5.1Security update for pcre2 (Important)SUSE Linux Enterprise Micro 5.1
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-microos:5.1Security update for polkit (Important)SUSE Linux Enterprise Micro 5.1
This update for polkit fixes the following issues:
- CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).
ImportantSUSE bug 1194568CVE-2021-4034 at SUSECVE-2021-4034 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
- CVE-2021-46283: nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace (bnc#1194518).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
- CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529)
- CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4 (bnc#1193727).
- CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001).
- CVE-2021-45485: In the IPv6 implementation in net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094).
- CVE-2021-45486: In the IPv4 implementation in net/ipv4/route.c has an information leak because the hash table is very small (bnc#1194087).
The following non-security bugs were fixed:
- ACPI: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes).
- ACPI: Add stubs for wakeup handler functions (git-fixes).
- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes).
- ALSA: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ALSA: ctl: Fix copy of updated id with element read/write (git-fixes).
- ALSA: drivers: opl3: Fix incorrect use of vp->state (git-fixes).
- ALSA: hda/hdmi: Disable silent stream on GLK (git-fixes).
- ALSA: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes).
- ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes).
- ALSA: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes).
- ALSA: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes).
- ALSA: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes).
- ALSA: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes).
- ALSA: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ALSA: hda: Make proper use of timecounter (git-fixes).
- ALSA: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ALSA: jack: Check the return value of kstrdup() (git-fixes).
- ALSA: oss: fix compile error when OSS_DEBUG is enabled (git-fixes).
- ALSA: pcm: oss: Fix negative period/buffer sizes (git-fixes).
- ALSA: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes).
- ALSA: pcm: oss: Limit the period size to 16MB (git-fixes).
- ALSA: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes).
- ALSA: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes).
- ASoC: codecs: wcd934x: handle channel mappping list correctly (git-fixes).
- ASoC: codecs: wcd934x: return correct value from mixer put (git-fixes).
- ASoC: codecs: wcd934x: return error code correctly from hw_params (git-fixes).
- ASoC: codecs: wsa881x: fix return values from kcontrol put (git-fixes).
- ASoC: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes).
- ASoC: cs42l42: Disable regulators if probe fails (git-fixes).
- ASoC: cs42l42: Use device_property API instead of of_property (git-fixes).
- ASoC: fsl_asrc: refine the check of available clock divider (git-fixes).
- ASoC: fsl_mqs: fix MODULE_ALIAS (git-fixes).
- ASoC: mediatek: Check for error clk pointer (git-fixes).
- ASoC: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes).
- ASoC: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes).
- ASoC: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes).
- ASoC: rt5663: Handle device_property_read_u32_array error codes (git-fixes).
- ASoC: samsung: idma: Check of ioremap return value (git-fixes).
- ASoC: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes).
- ASoC: sunxi: fix a sound binding broken reference (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in ADMAIF (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in AHUB (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in DMIC (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in DSPK (git-fixes).
- ASoC: tegra: Fix kcontrol put callback in I2S (git-fixes).
- ASoC: tegra: Fix wrong value type in ADMAIF (git-fixes).
- ASoC: tegra: Fix wrong value type in DMIC (git-fixes).
- ASoC: tegra: Fix wrong value type in DSPK (git-fixes).
- ASoC: tegra: Fix wrong value type in I2S (git-fixes).
- ASoC: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes).
- Add cherry-picked IDs for qemu fw_cfg patches
- Bluetooth: L2CAP: Fix using wrong mode (git-fixes).
- Bluetooth: bfusb: fix division by zero in send path (git-fixes).
- Bluetooth: btmtksdio: fix resume failure (git-fixes).
- Bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes).
- Bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes).
- Bluetooth: hci_bcm: Check for error irq (git-fixes).
- Bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes).
- Bluetooth: stop proccessing malicious adv data (git-fixes).
- Documentation: ACPI: Fix data node reference documentation (git-fixes).
- Documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes).
- Documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes).
- HID: add USB_HID dependancy to hid-chicony (git-fixes).
- HID: add USB_HID dependancy to hid-prodikeys (git-fixes).
- HID: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes).
- HID: bigbenff: prevent null pointer dereference (git-fixes).
- HID: google: add eel USB id (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes).
- HID: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes).
- HID: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes).
- Input: appletouch - initialize work before device registration (git-fixes).
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes).
- Input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes).
- Input: i8042 - add deferred probe support (bsc#1190256).
- Input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256).
- Input: max8925_onkey - do not mark comment as kernel-doc (git-fixes).
- Input: spaceball - fix parsing of movement data packets (git-fixes).
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- Input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
- Move upstreamed patches into sorted section
- NFC: st21nfca: Fix memory leak in device probe and remove (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- NFSv42: Do not fail clone() unless the OP_CLONE operation failed (git-fixes).
- NFSv42: Fix pagecache invalidation after COPY/CLONE (git-fixes).
- PCI/ACPI: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes).
- PCI/MSI: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
- PCI/MSI: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes).
- PCI/MSI: Mask MSI-X vectors only on success (git-fixes).
- PCI: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes).
- PCI: dwc: Do not remap invalid res (git-fixes).
- PCI: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes).
- PCI: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes).
- PCI: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes).
- PCI: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes).
- PCI: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes).
- PCI: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes).
- PCI: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes).
- PCI: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes).
- PCI: xgene: Fix IB window setup (git-fixes).
- PM: runtime: Defer suspending suppliers (git-fixes).
- PM: sleep: Do not assume that 'mem' is always present (git-fixes).
- RDMA/hns: Replace kfree() with kvfree() (jsc#SLE-14777).
- Revert 'PM: sleep: Do not assume that 'mem' is always present' (git-fixes).
- Revert 'USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set' (git-fixes).
- Revert 'net/mlx5: Add retry mechanism to the command entry index allocation' (jsc#SLE-15172).
- USB: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (git-fixes).
- USB: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes).
- USB: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes).
- USB: cdc-acm: fix break reporting (git-fixes).
- USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
- USB: chipidea: fix interrupt deadlock (git-fixes).
- USB: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes).
- USB: gadget: bRequestType is a bitfield, not a enum (git-fixes).
- USB: gadget: detect too-big endpoint 0 requests (git-fixes).
- USB: gadget: zero allocate endpoint 0 buffers (git-fixes).
- USB: serial: cp210x: fix CP2105 GPIO registration (git-fixes).
- USB: serial: option: add Telit FN990 compositions (git-fixes).
- Update patches.suse/tpm-fix-potential-NULL-pointer-access-in-tpm_del_cha.patch (git-fixes bsc#1193660 ltc#195634).
- Updated mpi3mr entry in supported.conf (bsc#1194578 jsc#SLE-18120) Moving this driver into the 'supported' package.
- amd/display: downgrade validation failure log level (git-fixes).
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes).
- atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes).
- ax25: NPD bug when detaching AX25 device (git-fixes).
- backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes).
- backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes).
- backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes).
- backlight: qcom-wled: Validate enabled string indices in DT (git-fixes).
- batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes).
- blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584).
- block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes).
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes).
- can: kvaser_usb: get CAN clock frequency from device (git-fixes).
- can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes).
- can: softing: softing_startstop(): fix set but not used variable warning (git-fixes).
- can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes).
- can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes).
- can: xilinx_can: xcan_probe(): check for error irq (git-fixes).
- char/mwave: Adjust io port register size (git-fixes).
- clk: Do not parent clks until the parent is fully registered (git-fixes).
- clk: Gemini: fix struct name in kernel-doc (git-fixes).
- clk: bcm-2835: Pick the closest clock rate (git-fixes).
- clk: bcm-2835: Remove rounding up the dividers (git-fixes).
- clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes).
- clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes).
- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes).
- clk: qcom: regmap-mux: fix parent clock lookup (git-fixes).
- clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes).
- crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes).
- crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes).
- crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes).
- crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes).
- crypto: qat - fix reuse of completion variable (git-fixes).
- crypto: qat - handle both source of interrupt in VF ISR (git-fixes).
- crypto: qce - fix uaf on qce_ahash_register_one (git-fixes).
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes).
- crypto: stm32/cryp - fix double pm exit (git-fixes).
- crypto: stm32/cryp - fix lrw chaining mode (git-fixes).
- crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes).
- debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328 ltc#195566).
- device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes).
- dm crypt: document encrypted keyring key option (git-fixes).
- dm writecache: add 'cleaner' and 'max_age' to Documentation (git-fixes).
- dm writecache: advance the number of arguments when reporting max_age (git-fixes).
- dm writecache: fix performance degradation in ssd mode (git-fixes).
- dm writecache: flush origin device when writing and cache is full (git-fixes).
- dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes).
- dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes).
- dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes).
- dmaengine: at_xdmac: Fix lld view setting (git-fixes).
- dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes).
- dmaengine: bestcomm: fix system boot lockups (git-fixes).
- dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931).
- dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931).
- dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes).
- dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes).
- drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes).
- drm/amd/display: Update bounding box states (v2) (git-fixes).
- drm/amd/display: Update number of DCN3 clock states (git-fixes).
- drm/amd/display: add connector type check for CRC source set (git-fixes).
- drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes).
- drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes).
- drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes).
- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes).
- drm/amdgpu: Fix a printing message (git-fixes).
- drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes).
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes).
- drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' (git-fixes).
- drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes).
- drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes).
- drm/ast: potential dereference of null pointer (git-fixes).
- drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes).
- drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes).
- drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes).
- drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes).
- drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes).
- drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes).
- drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes).
- drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes).
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes).
- drm/mediatek: Check plane visibility in atomic_update (git-fixes).
- drm/msm/dpu: fix safe status debugfs file (git-fixes).
- drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes).
- drm/msm/dsi: set default num_data_lanes (git-fixes).
- drm/msm/mdp5: fix cursor-related warnings (git-fixes).
- drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes).
- drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes).
- drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes).
- drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes).
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes).
- drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes).
- drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes).
- drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes).
- drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes).
- drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes).
- drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes).
- drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes).
- drm/tegra: vic: Fix DMA API misuse (git-fixes).
- drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes).
- drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes).
- drm/vc4: hdmi: Set a default HSM rate (git-fixes).
- drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes).
- drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes).
- drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes).
- eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes).
- eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes).
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- firmware: Update Kconfig help text for Google firmware (git-fixes).
- firmware: arm_scmi: pm: Propagate return value to caller (git-fixes).
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes).
- firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes).
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes).
- firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes).
- firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes).
- firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes).
- firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes).
- firmware: tegra: Fix error application of sizeof() to pointer (git-fixes).
- firmware: tegra: Reduce stack usage (git-fixes).
- firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353).
- fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes).
- gpu: host1x: Add back arm_iommu_detach_device() (git-fixes).
- hwmon: (lm90) Add basic support for TI TMP461 (git-fixes).
- hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes).
- hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes).
- hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes).
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes).
- hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes).
- i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes).
- i2c: validate user data in compat ioctl (git-fixes).
- i3c: fix incorrect address slot lookup on 64-bit (git-fixes).
- i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes).
- i40e: Fix for displaying message regarding NVM version (git-fixes).
- i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
- i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes).
- i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes).
- iavf: Fix limit of total number of queues to active queues of VF (git-fixes).
- iavf: restore MSI state on reset (git-fixes).
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes).
- ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes).
- ieee802154: fix error return code in ieee802154_add_iface() (git-fixes).
- ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes).
- ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes).
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes).
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes).
- igb: Fix removal of unicast MAC filters of VFs (git-fixes).
- igbvf: fix double free in `igbvf_probe` (git-fixes).
- igc: Fix typo in i225 LTR functions (jsc#SLE-13533).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes).
- iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes).
- iio: at91-sama5d2: Fix incorrect sign extension (git-fixes).
- iio: dln2-adc: Fix lockdep complaint (git-fixes).
- iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes).
- iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes).
- iio: kxsd9: Do not return error code in trigger handler (git-fixes).
- iio: ltr501: Do not return error code in trigger handler (git-fixes).
- iio: mma8452: Fix trigger reference couting (git-fixes).
- iio: stk3310: Do not return error code in interrupt handler (git-fixes).
- iio: trigger: Fix reference counting (git-fixes).
- iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes).
- ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773).
- isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).
- iwlwifi: fw: correctly limit to monitor dump (git-fixes).
- iwlwifi: mvm: Fix scan channel flags settings (git-fixes).
- iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes).
- iwlwifi: mvm: avoid static queue number aliasing (git-fixes).
- iwlwifi: mvm: disable RX-diversity in powersave (git-fixes).
- iwlwifi: mvm: fix 32-bit build in FTM (git-fixes).
- iwlwifi: mvm: fix access to BSS elements (git-fixes).
- iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes).
- iwlwifi: pcie: free RBs during configure (git-fixes).
- ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
- kmod: make request_module() return an error when autoloading is disabled (git-fixes).
- kobject: Restore old behaviour of kobject_del(NULL) (git-fixes).
- kobject_uevent: remove warning in init_uevent_argv() (git-fixes).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- libata: add horkage for ASMedia 1092 (git-fixes).
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- lockdown: Allow unprivileged users to see lockdown status (git-fixes).
- mISDN: change function names to avoid conflicts (git-fixes).
- mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes).
- mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes).
- mac80211: do not access the IV when it was stripped (git-fixes).
- mac80211: fix lookup when adding AddBA extension element (git-fixes).
- mac80211: fix regression in SSN handling of addba tx (git-fixes).
- mac80211: initialize variable have_higher_than_11mbit (git-fixes).
- mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes).
- mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes).
- mac80211: track only QoS data frames for admission control (git-fixes).
- mac80211: validate extended element ID is present (git-fixes).
- mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes).
- media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
- media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes).
- media: aspeed: fix mode-detect always time out at 2nd run (git-fixes).
- media: cpia2: fix control-message timeouts (git-fixes).
- media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
- media: dw2102: Fix use after free (git-fixes).
- media: em28xx: fix control-message timeouts (git-fixes).
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- media: hantro: Fix probe func error path (git-fixes).
- media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes).
- media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes).
- media: imx-pxp: Initialize the spinlock prior to using it (git-fixes).
- media: mceusb: fix control-message timeouts (git-fixes).
- media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes).
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes).
- media: pvrusb2: fix control-message timeouts (git-fixes).
- media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes).
- media: rcar-csi2: Optimize the selection PHTW register (git-fixes).
- media: redrat3: fix control-message timeouts (git-fixes).
- media: s2255: fix control-message timeouts (git-fixes).
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes).
- media: si2157: Fix 'warm' tuner state detection (git-fixes).
- media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes).
- media: stk1160: fix control-message timeouts (git-fixes).
- media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes).
- media: uvcvideo: fix division by zero at stream start (git-fixes).
- media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes).
- memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes).
- memory: emif: Remove bogus debugfs error handling (git-fixes).
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes).
- misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes).
- misc: fastrpc: fix improper packet size calculation (git-fixes).
- misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes).
- mmc: meson-mx-sdio: add IRQ check (git-fixes).
- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes).
- mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes).
- mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes).
- mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes).
- move to 'mainline soon' section: - patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes).
- mt76: mt7915: fix an off-by-one bound check (git-fixes).
- mtd: rawnand: fsmc: Fix timing computation (git-fixes).
- mtd: rawnand: fsmc: Take instruction delay into account (git-fixes).
- mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes).
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes).
- mwifiex: Fix possible ABBA deadlock (git-fixes).
- mwifiex: Try waking the firmware until we get an interrupt (git-fixes).
- net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464).
- net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172).
- net/mlx5e: Fix wrong features assignment in case of error (git-fixes).
- net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172).
- net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172).
- net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774).
- net: create netdev->dev_addr assignment helpers (git-fixes).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1154492).
- net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492).
- net: ena: Fix wrong rx request id by resetting device (git-fixes).
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777).
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes).
- net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
- netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes).
- nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes).
- nfsd: Fix nsfd startup race (again) (git-fixes).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447).
- nvme-tcp: block BH in sk state_change sk callback (git-fixes).
- nvme-tcp: can't set sk_user_data without write_lock (git-fixes).
- nvme-tcp: check sgl supported by target (git-fixes).
- nvme-tcp: do not update queue count when failing to set io queues (git-fixes).
- nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes).
- nvme-tcp: fix crash triggered with a dataless request submission (git-fixes).
- nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes).
- nvme-tcp: fix io_work priority inversion (git-fixes).
- nvme-tcp: fix possible data corruption with bio merges (git-fixes).
- nvme-tcp: fix possible req->offset corruption (git-fixes).
- nvme-tcp: fix wrong setting of request iov_iter (git-fixes).
- nvme-tcp: get rid of unused helper function (git-fixes).
- nvme-tcp: pair send_mutex init with destroy (git-fixes).
- nvme-tcp: pass multipage bvec to request iov_iter (git-fixes).
- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes).
- pcmcia: fix setting of kthread task states (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes).
- pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
- pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes).
- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes).
- pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes).
- pipe: increase minimum default pipe size to 2 pages (bsc#1194587).
- platform/x86: apple-gmux: use resource_size() with res (git-fixes).
- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes).
- power: reset: ltc2952: Fix use of floating point literals (git-fixes).
- power: supply: core: Break capacity loop (git-fixes).
- power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes).
- powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976).
- powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395).
- powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729).
- powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729).
- powerpc/pseries/cpuhp: cache node corrections (bsc#1065729).
- powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729).
- powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729).
- powerpc/traps: do not enable irqs in _exception (bsc#1065729).
- powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 ltc#188522 jsc#SLE-13294 git-fixes).
- powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729).
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976).
- pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes).
- pwm: tiecap: Drop .free() callback (git-fixes).
- qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes).
- quota: check block number when reading the block in quota file (bsc#1194589).
- quota: correct error number in free_dqentry() (bsc#1194590).
- random: fix data race on crng init time (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes).
- rndis_host: support Hytera digital radios (git-fixes).
- rpmsg: core: Clean up resources on announce_create failure (git-fixes).
- rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes).
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes).
- rtw88: use read_poll_timeout instead of fixed sleep (git-fixes).
- rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes).
- rtw88: wow: fix size access error of probe request (git-fixes).
- sata: nv: fix debug format string mismatch (git-fixes).
- scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266).
- scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266).
- scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266).
- scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266).
- scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266).
- scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266).
- scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes).
- scsi: qla2xxx: Format log strings only if needed (git-fixes).
- scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
- scsi: qla2xxx: edif: Fix app start delay (git-fixes).
- scsi: qla2xxx: edif: Fix app start fail (git-fixes).
- scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes).
- scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
- select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027).
- selftests: KVM: Explicitly use movq to read xmm registers (git-fixes).
- selinux: fix potential memleak in selinux_add_opt() (git-fixes).
- seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes).
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes).
- serial: pl011: Add ACPI SBSA UART match id (git-fixes).
- serial: tty: uartlite: fix console setup (git-fixes).
- sfc: Check null pointer of rx_queue->page_ring (git-fixes).
- sfc: The RX page_ring is optional (git-fixes).
- sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes).
- sfc_ef100: potential dereference of null pointer (jsc#SLE-16683).
- shmem: shmem_writepage() split unlikely i915 THP (git-fixes).
- slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes).
- soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes).
- soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes).
- soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes).
- soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes).
- soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes).
- soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes).
- spi: change clk_disable_unprepare to clk_unprepare (git-fixes).
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes).
- spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes).
- staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes).
- staging: fbtft: Do not spam logs when probe is deferred (git-fixes).
- staging: fbtft: Rectify GPIO handling (git-fixes).
- staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes).
- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes).
- staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes).
- staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes).
- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes).
- string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes).
- thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes).
- thermal: core: Reset previous low and high trip during thermal zone init (git-fixes).
- tpm: add request_locality before write TPM_INT_ENABLE (git-fixes).
- tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes).
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes).
- tracing: Add test for user space strings when filtering on string pointers (git-fixes).
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes).
- tty: max310x: fix flexible_array.cocci warnings (git-fixes).
- tty: serial: atmel: Call dma_async_issue_pending() (git-fixes).
- tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes).
- tty: serial: earlycon dependency (git-fixes).
- tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes).
- tty: serial: uartlite: allow 64 bit address (git-fixes).
- tty: synclink_gt: rename a conflicting function name (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- uio: uio_dmem_genirq: Catch the Exception (git-fixes).
- usb: core: config: fix validation of wMaxPacketValue entries (git-fixes).
- usb: core: config: using bit mask instead of individual bits (git-fixes).
- usb: dwc2: check return value after calling platform_get_resource() (git-fixes).
- usb: dwc3: gadget: Continue to process pending requests (git-fixes).
- usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes).
- usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes).
- usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes).
- usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes).
- usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes).
- usb: dwc3: ulpi: fix checkpatch warning (git-fixes).
- usb: ftdi-elan: fix memory leak on device disconnect (git-fixes).
- usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes).
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes).
- usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes).
- usb: mtu3: add memory barrier before set GPD's HWO (git-fixes).
- usb: mtu3: fix interval value for intr and isoc (git-fixes).
- usb: mtu3: fix list_head check warning (git-fixes).
- usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes).
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
- usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes).
- usermodehelper: reset umask to default before executing user process (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- video: backlight: Drop maximum brightness override for brightness zero (git-fixes).
- watchdog: Fix OMAP watchdog early handling (git-fixes).
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes).
- wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes).
- wcn36xx: Release DMA channel descriptor allocations (git-fixes).
- wcn36xx: handle connection loss indication (git-fixes).
- wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes).
- wireguard: device: reset peer src endpoint when netns exits (git-fixes).
- wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes).
- wireguard: receive: drop handshakes if queue lock is contended (git-fixes).
- wireguard: receive: use ring buffer for incoming handshakes (git-fixes).
- wireguard: selftests: actually test for routing loops (git-fixes).
- wireguard: selftests: increase default dmesg log size (git-fixes).
- wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes).
- x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493).
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes).
- xhci: avoid race between disable slot command and host runtime suspend (git-fixes).
- xhci: fix unsafe memory usage in xhci tracing (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1154353SUSE bug 1154492SUSE bug 1156395SUSE bug 1167773SUSE bug 1176447SUSE bug 1176774SUSE bug 1177437SUSE bug 1190256SUSE bug 1191271SUSE bug 1191929SUSE bug 1192931SUSE bug 1193255SUSE bug 1193328SUSE bug 1193660SUSE bug 1193669SUSE bug 1193727SUSE bug 1193901SUSE bug 1193927SUSE bug 1194001SUSE bug 1194027SUSE bug 1194087SUSE bug 1194094SUSE bug 1194266SUSE bug 1194302SUSE bug 1194493SUSE bug 1194516SUSE bug 1194517SUSE bug 1194518SUSE bug 1194529SUSE bug 1194578SUSE bug 1194580SUSE bug 1194584SUSE bug 1194586SUSE bug 1194587SUSE bug 1194589SUSE bug 1194590SUSE bug 1194591SUSE bug 1194592SUSE bug 1194888SUSE bug 1194953SUSE bug 1194985CVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-45485 at SUSECVE-2021-45485 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDCVE-2021-46283 at SUSECVE-2021-46283 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426)
- CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965)
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966)
ImportantSUSE bug 1027519SUSE bug 1197426SUSE bug 1199965SUSE bug 1199966CVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDcpe:/o:suse:suse-microos:5.1Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.1
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
Other bugs fixed:
- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
- Fix grub-install error when efi system partition is created as mdadm software raid1 device (bsc#1179981) (bsc#1195204)
- Fix error in grub-install when linux root device is on lvm thin volume (bsc#1192622) (bsc#1191974)
- Fix wrong default entry when booting snapshot (bsc#1159205)
- Add support for simplefb (boo#1193532).
- Fix error lvmid disk cannot be found after second disk added to the root volume group (bsc#1189874) (bsc#1071559)
- Fix error /boot/grub2/locale/POSIX.gmo not found (bsc#1189769)
- Fix unknown TPM error on buggy uefi firmware (bsc#1191504)
- Fix arm64 kernel image not aligned on 64k boundary (bsc#1192522)
ImportantSUSE bug 1071559SUSE bug 1159205SUSE bug 1179981SUSE bug 1189769SUSE bug 1189874SUSE bug 1191184SUSE bug 1191185SUSE bug 1191186SUSE bug 1191504SUSE bug 1191974SUSE bug 1192522SUSE bug 1192622SUSE bug 1193282SUSE bug 1193532SUSE bug 1195204SUSE bug 1197948SUSE bug 1198460SUSE bug 1198493SUSE bug 1198495SUSE bug 1198496SUSE bug 1198581CVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28735 at SUSECVE-2022-28735 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472)
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
- ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
- dim: initialize all struct fields (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
- driver: core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register (bsc#1178134).
- firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
- firewire: remove check of list iterator against head past the loop body (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured (git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals (git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
- mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- net: korina: fix return value (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- NFS: Do not invalidate inode attributes on delegation return (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections (bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
- revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
ImportantSUSE bug 1055117SUSE bug 1061840SUSE bug 1065729SUSE bug 1103269SUSE bug 1118212SUSE bug 1153274SUSE bug 1154353SUSE bug 1156395SUSE bug 1158266SUSE bug 1167773SUSE bug 1176447SUSE bug 1178134SUSE bug 1180100SUSE bug 1183405SUSE bug 1188885SUSE bug 1195826SUSE bug 1196426SUSE bug 1196478SUSE bug 1196570SUSE bug 1196840SUSE bug 1197446SUSE bug 1197472SUSE bug 1197601SUSE bug 1197675SUSE bug 1198438SUSE bug 1198577SUSE bug 1198971SUSE bug 1198989SUSE bug 1199035SUSE bug 1199052SUSE bug 1199063SUSE bug 1199114SUSE bug 1199314SUSE bug 1199505SUSE bug 1199507SUSE bug 1199564SUSE bug 1199626SUSE bug 1199631SUSE bug 1199650SUSE bug 1199670SUSE bug 1199839SUSE bug 1200019SUSE bug 1200045SUSE bug 1200046SUSE bug 1200192SUSE bug 1200216CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDcpe:/o:suse:suse-microos:5.1Security update for libvirt (Important)SUSE Linux Enterprise Micro 5.1
This update for libvirt fixes the following issues:
- CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041)
ImportantSUSE bug 1191668SUSE bug 1192017SUSE bug 1193623SUSE bug 1193719SUSE bug 1193981SUSE bug 1194041CVE-2021-4147 at SUSECVE-2021-4147 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).
ImportantSUSE bug 1070955SUSE bug 1191770SUSE bug 1192167SUSE bug 1192902SUSE bug 1192903SUSE bug 1192904SUSE bug 1193466SUSE bug 1193905SUSE bug 1194093SUSE bug 1194216SUSE bug 1194217SUSE bug 1194388SUSE bug 1194872SUSE bug 1194885SUSE bug 1195004SUSE bug 1195203SUSE bug 1195332SUSE bug 1195354SUSE bug 1196361SUSE bug 1198596SUSE bug 1198748SUSE bug 1199331SUSE bug 1199333SUSE bug 1199334SUSE bug 1199651SUSE bug 1199655SUSE bug 1199693SUSE bug 1199745SUSE bug 1199747SUSE bug 1199936SUSE bug 1200010SUSE bug 1200011SUSE bug 1200012CVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
-
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).
- devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
ImportantSUSE bug 1177282SUSE bug 1199365SUSE bug 1200015SUSE bug 1200143SUSE bug 1200144SUSE bug 1200206SUSE bug 1200207SUSE bug 1200249SUSE bug 1200259SUSE bug 1200263SUSE bug 1200268SUSE bug 1200529CVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472)
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-20141: Fixwed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- ARM: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: avoid fixmap race condition when create pud mapping (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
- ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
- dim: initialize all struct fields (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register (bsc#1178134).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
- firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
- firewire: remove check of list iterator against head past the loop body (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured (git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver.
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals (git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
- mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- net: korina: fix return value (git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFC: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
- NFC: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- NFC: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections (bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
- serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
- serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
ImportantSUSE bug 1055117SUSE bug 1061840SUSE bug 1065729SUSE bug 1103269SUSE bug 1118212SUSE bug 1153274SUSE bug 1154353SUSE bug 1156395SUSE bug 1158266SUSE bug 1167773SUSE bug 1176447SUSE bug 1177282SUSE bug 1178134SUSE bug 1180100SUSE bug 1183405SUSE bug 1188885SUSE bug 1195826SUSE bug 1196426SUSE bug 1196478SUSE bug 1196570SUSE bug 1196840SUSE bug 1197446SUSE bug 1197472SUSE bug 1197601SUSE bug 1197675SUSE bug 1198438SUSE bug 1198577SUSE bug 1198971SUSE bug 1198989SUSE bug 1199035SUSE bug 1199052SUSE bug 1199063SUSE bug 1199114SUSE bug 1199314SUSE bug 1199365SUSE bug 1199505SUSE bug 1199507SUSE bug 1199564SUSE bug 1199626SUSE bug 1199631SUSE bug 1199650SUSE bug 1199670SUSE bug 1199839SUSE bug 1200015SUSE bug 1200019SUSE bug 1200045SUSE bug 1200046SUSE bug 1200143SUSE bug 1200144SUSE bug 1200192SUSE bug 1200206SUSE bug 1200207SUSE bug 1200216SUSE bug 1200249SUSE bug 1200259SUSE bug 1200263SUSE bug 1200529SUSE bug 1200549SUSE bug 1200604CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Important)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
- CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566)
ImportantSUSE bug 1200566CVE-2022-22967 at SUSECVE-2022-22967 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1185637SUSE bug 1199166SUSE bug 1200550CVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712)
- CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037)
- CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035)
ImportantSUSE bug 1197084SUSE bug 1198035SUSE bug 1198037SUSE bug 1198712SUSE bug 1199018SUSE bug 1199924CVE-2021-4206 at SUSECVE-2021-4206 at NVDCVE-2021-4207 at SUSECVE-2021-4207 at NVDCVE-2022-26354 at SUSECVE-2022-26354 at NVDcpe:/o:suse:suse-microos:5.1Security update for conmon, libcontainers-common, libseccomp, podman (Moderate)SUSE Linux Enterprise Micro 5.1
This update for conmon, libcontainers-common, libseccomp, podman fixes the following issues:
podman was updated to 3.4.4.
Security issues fixed:
- fix CVE-2021-41190 [bsc#1193273], opencontainers: OCI manifest and index parsing confusion
- fix CVE-2021-4024 [bsc#1193166], podman machine spawns gvproxy with port binded to all IPs
- fix CVE-2021-20199 [bsc#1181640], Remote traffic to rootless containers is seen as orginating from localhost
- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
path from podman < 3.1.2
Update to version 3.4.4:
* Bugfixes
- Fixed a bug where the podman exec command would, under some circumstances,
print a warning message about failing to move conmon to the appropriate cgroup (#12535).
- Fixed a bug where named volumes created as part of container creation
(e.g. podman run --volume avolume:/a/mountpoint or similar) would be
mounted with incorrect permissions (#12523).
- Fixed a bug where the podman-remote create and podman-remote run commands
did not properly handle the --entrypoint='' option (to clear the container's entrypoint) (#12521).
- Update to version 3.4.3:
* Security
- This release addresses CVE-2021-4024, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
* Features
- The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).
* Bugfixes
- Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
- Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
- Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
- Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
- Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
- Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
- Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
- Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
- Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
- Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
- Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
- Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
- Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
- Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
- Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra ' (#11416).
* API
- The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.
- Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842).
- Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419).
- Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420).
- Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378).
- Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392).
- Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409).
- Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453).
- Update to version 3.4.2:
* Fixed a bug where podman tag could not tag manifest lists (#12046).
* Fixed a bug where built-in volumes specified by images would not be
created correctly under some circumstances.
* Fixed a bug where, when using Podman Machine on OS X, containers in pods
did not have working port forwarding from the host (#12207).
* Fixed a bug where the podman network reload command command on containers
using the slirp4netns network mode and the rootlessport port forwarding
driver would make an unnecessary attempt to restart rootlessport
on containers that did not forward ports.
* Fixed a bug where the podman generate kube command would generate YAML
including some unnecessary (set to default) fields (e.g. empty SELinux and
DNS configuration blocks, and the privileged flag when set to false) (#11995).
* Fixed a bug where the podman pod rm command could, if interrupted at the right moment,
leave a reference to an already-removed infra container behind (#12034).
* Fixed a bug where the podman pod rm command would not remove pods with
more than one container if all containers save for the infra container
were stopped unless --force was specified (#11713).
* Fixed a bug where the --memory flag to podman run and podman create did
not accept a limit of 0 (which should specify unlimited memory) (#12002).
* Fixed a bug where the remote Podman client's podman build command could
attempt to build a Dockerfile in the working directory of the podman
system service instance instead of the Dockerfile specified by the user (#12054).
* Fixed a bug where the podman logs --tail command could function improperly
(printing more output than requested) when the journald log driver was used.
* Fixed a bug where containers run using the slirp4netns network mode with
IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).
* Fixed a bug where some Podman commands could cause an extra dbus-daemon
process to be created (#9727).
* Fixed a bug where rootless Podman would sometimes print warnings
about a failure to move the pause process into a given CGroup (#12065).
* Fixed a bug where the checkpointed field in podman inspect on a container
was not set to false after a container was restored.
* Fixed a bug where the podman system service command would print
overly-verbose logs about request IDs (#12181).
* Fixed a bug where Podman could, when creating a new container without a name
explicitly specified by the user, sometimes use an auto-generated name already
in use by another container if multiple containers were being created in parallel (#11735).
Update to version 3.4.1:
* Bugfixes
- Fixed a bug where podman machine init could, under some circumstances,
create invalid machine configurations which could not be started (#11824).
- Fixed a bug where the podman machine list command would not properly
populate some output fields.
- Fixed a bug where podman machine rm could leave dangling sockets from
the removed machine (#11393).
- Fixed a bug where podman run --pids-limit=-1 was not supported (it now
sets the PID limit in the container to unlimited) (#11782).
- Fixed a bug where podman run and podman attach could throw errors about
a closed network connection when STDIN was closed by the client (#11856).
- Fixed a bug where the podman stop command could fail when run on a
container that had another podman stop command run on it previously.
- Fixed a bug where the --sync flag to podman ps was nonfunctional.
- Fixed a bug where the Windows and OS X remote clients' podman stats
command would fail (#11909).
- Fixed a bug where the podman play kube command did not properly handle
environment variables whose values contained an = (#11891).
- Fixed a bug where the podman generate kube command could generate
invalid annotations when run on containers with volumes that use SELinux
relabelling (:z or :Z) (#11929).
- Fixed a bug where the podman generate kube command would generate YAML
including some unnecessary (set to default) fields (e.g. user and group,
entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).
- Fixed a bug where the podman generate kube command could, under some
circumstances, generate YAML including an invalid targetPort field for
forwarded ports (#11930).
- Fixed a bug where rootless Podman's podman info command could, under
some circumstances, not read available CGroup controllers (#11931).
- Fixed a bug where podman container checkpoint --export would fail to
checkpoint any container created with --log-driver=none (#11974).
* API
- Fixed a bug where the Compat Create endpoint for Containers could panic
when no options were passed to a bind mount of tmpfs (#11961).
Update to version 3.4.0:
* Features
- Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: 'always', which always run before the pod is started, and 'once', which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
- Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
- The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
- The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
- The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.
- A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
- Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
- The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
- Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
- The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
- The podman image scp command has been added. This command allows images to be transferred between different hosts.
- The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
- The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
- The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
- Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
- The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
- The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.
- The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.
- The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.
- The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).
* Changes
- The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
- Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
- The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
- Podman no longer depends on ip for removing networks (#11403).
- The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
- The podman machine start command now prints a message when the VM is successfully started.
- The podman stats command can now be used on containers that are paused.
- The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
- Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
- As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.
* Bugfixes
- Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
- Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
- Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
- Fixed a bug where images created by podman commit did not include ports exposed by the container.
- Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
- Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
- Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
- Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
- Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
- Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
- Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
- Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
- Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
- Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
- Fixed a bug where the podman info command could segfault when accessing cgroup information.
- Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
- Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
- Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
- Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732).
- Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
- Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
- Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
- Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
- Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
- Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
- Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
- Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
- Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
- Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
- Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
- Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
- Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557).
- Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output.
- Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687).
- Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).
- Fixed a bug where the podman generate kube command would add default environment variables to generated YAML.
- Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672).
- Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207).
- Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731).
- Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740).
- Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).
* API
- The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
- The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
- The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623).
- The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
- The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831).
- The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered.
- The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
- The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
- Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
- Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
- Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).
Update to version 3.3.1:
* Bugfixes
- Fixed a bug where unit files created by podman generate systemd could
not cleanup shut down containers when stopped by systemctl stop (#11304).
- Fixed a bug where podman machine commands would not properly locate
the gvproxy binary in some circumstances.
- Fixed a bug where containers created as part of a pod using the
--pod-id-file option would not join the pod's network namespace (#11303).
- Fixed a bug where Podman, when using the systemd cgroups driver,
could sometimes leak dbus sessions.
- Fixed a bug where the until filter to podman logs and podman events
was improperly handled, requiring input to be negated (#11158).
- Fixed a bug where rootless containers using CNI networking run on
systems using systemd-resolved for DNS would fail to start if resolved
symlinked /etc/resolv.conf to an absolute path (#11358).
* API
- A large number of potential file descriptor leaks from improperly closing
client connections have been fixed.
Update to version 3.3.0:
* Fix network aliases with network id
* machine: compute sha256 as we read the image file
* machine: check for file exists instead of listing directory
* pkg/bindings/images.nTar(): slashify hdr.Name values
* Volumes: Only remove from DB if plugin removal succeeds
* For compatibility, ignore Content-Type
* [v3.3] Bump c/image 5.15.2, buildah v1.22.3
* Implement SD-NOTIFY proxy in conmon
* Fix rootless cni dns without systemd stub resolver
* fix rootlessport flake
* Skip stats test in CGv1 container environments
* Fix AVC denials in tests of volume mounts
* Restore buildah-bud test requiring new images
* Revert '.cirrus.yml: use fresh images for all VMs'
* Fix device tests using ls test files
* Enhance priv. dev. check
* Workaround host availability of /dev/kvm
* Skip cgroup-parent test due to frequent flakes
* Cirrus: Fix not uploading logformatter html
Switch to crun (bsc#1188914)
Update to version 3.2.3:
* Bump to v3.2.3
* Update release notes for v3.2.3
* vendor containers/common@v0.38.16
* vendor containers/buildah@v1.21.3
* Fix race conditions in rootless cni setup
* CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
* Make rootless-cni setup more robust
* Support uid,gid,mode options for secrets
* vendor containers/common@v0.38.15
* [CI:DOCS] podman search: clarify that results depend on implementation
* vendor containers/common@v0.38.14
* vendor containers/common@v0.38.13
* [3.2] vendor containers/common@v0.38.12
* Bump README to v3.2.2
* Bump to v3.2.3-dev
- Update to version 3.2.2:
* Bump to v3.2.2
* fix systemcontext to use correct TMPDIR
* Scrub podman commands to use report package
* Fix volumes with uid and gid options
* Vendor in c/common v0.38.11
* Initial release notes for v3.2.2
* Fix restoring of privileged containers
* Fix handling of podman-remote build --device
* Add support for podman remote build -f - .
* Fix panic condition in cgroups.getAvailableControllers
* Fix permissions on initially created named volumes
* Fix building static podman-remote
* add correct slirp ip to /etc/hosts
* disable tty-size exec checks in system tests
* Fix resize race with podman exec -it
* Fix documentation of the --format option of podman push
* Fix systemd-resolved detection.
* Health Check is not handled in the compat LibpodToContainerJSON
* Do not use inotify for OCICNI
* getContainerNetworkInfo: lock netNsCtr before sync
* [NO TESTS NEEDED] Create /etc/mtab with the correct ownership
* Create the /etc/mtab file if does not exists
* [v3.2] cp: do not allow dir->file copying
* create: support images with invalid platform
* vendor containers/common@v0.38.10
* logs: k8s-file: restore poll sleep
* logs: k8s-file: fix spurious error logs
* utils: move message from warning to debug
* Bump to v3.2.2-dev
- Update to version 3.2.1:
* Bump to v3.2.1
* Updated release notes for v3.2.1
* Fix network connect race with docker-compose
* Revert 'Ensure minimum API version is set correctly in tests'
* Fall back to string for dockerfile parameter
* remote events: fix --stream=false
* [CI:DOCS] fix incorrect network remove api doc
* remote: always send resize before the container starts
* remote events: support labels
* remote pull: cancel pull when connection is closed
* Fix network prune api docs
* Improve systemd-resolved detection
* logs: k8s-file: fix race
* Fix image prune --filter cmd behavior
* Several shell completion fixes
* podman-remote build should handle -f option properly
* System tests: deal with crun 0.20.1
* Fix build tags for pkg/machine...
* Fix pre-checkpointing
* container: ignore named hierarchies
* [v3.2] vendor containers/common@v0.38.9
* rootless: fix fast join userns path
* [v3.2] vendor containers/common@v0.38.7
* [v3.2] vendor containers/common@v0.38.6
* Correct qemu options for Intel macs
* Ensure minimum API version is set correctly in tests
* Bump to v3.2.1-dev
- Update to version 3.2.0:
* Bump to v3.2.0
* Fix network create macvlan with subnet option
* Final release notes updates for v3.2.0
* add ipv6 nameservers only when the container has ipv6 enabled
* Use request context instead of background
* [v.3.2] events: support disjunctive filters
* System tests: add :Z to volume mounts
* generate systemd: make mounts portable
* vendor containers/storage@v1.31.3
* vendor containers/common@v0.38.5
* Bump to v3.2.0-dev
* Bump to v3.2.0-RC3
* Update release notes for v3.2.0-RC3
* Fix race on podman start --all
* Fix race condition in running ls container in a pod
* docs: --cert-dir: point to containers-certs.d(5)
* Handle hard links in different directories
* Improve OCI Runtime error
* Handle hard links in remote builds
* Podman info add support for status of cgroup controllers
* Drop container does not exist on removal to debugf
* Downgrade API service routing table logging
* add libimage events
* docs: generate systemd: XDG_RUNTIME_DIR
* Fix problem copying files when container is in host pid namespace
* Bump to v3.2.0-dev
* Bump to v3.2.0-RC2
* update c/common
* Update Cirrus DEST_BRANCH to v3.2
* Updated vendors of c/image, c/storage, Buildah
* Initial release notes for v3.2.0-RC2
* Add script for identifying commits in release branches
* Add host.containers.internal entry into container's etc/hosts
* image prune: remove unused images only with `--all`
* podman network reload add rootless support
* Use more recent `stale` release...
* network tutorial: update with rootless cni changes
* [CI:DOCS] Update first line in intro page
* Use updated VM images + updated automation tooling
* auto-update service: prune images
* make vendor
* fix system upgrade tests
* Print 'extracting' only on compressed file
* podman image tree: restore previous behavior
* fix network restart always test
* fix incorrect log driver in podman container image
* Add support for cli network prune --filter flag
* Move filter parsing to common utils
* Bump github.com/containers/storage from 1.30.2 to 1.30.3
* Update nix pin with `make nixpkgs`
* [CI:DOCS] hack/bats - new helper for running system tests
* fix restart always with slirp4netns
* Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
* Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
* Add host.serviceIsRemote to podman info results
* Add client disconnect to build handler loop
* Remove obsolete skips
* Fix podman-remote build --rm=false ...
* fix: improved 'containers/{name}/wait' endpoint
* Bump github.com/containers/storage from 1.30.1 to 1.30.2
* Add envars to the generated systemd unit
* fix: use UTC Time Stamps in response JSON
* fix container startup for empty pidfile
* Kube like pods should share ipc,net,uts by default
* fix: compat API 'images/get' for multiple images
* Revert escaped double dash man page flag syntax
* Report Download complete in Compatibility mode
* Add documentation on short-names
* Bump github.com/docker/docker
* Adds support to preserve auto update labels in generate and play kube
* [CI:DOCS] Stop conversion of `--` into en dash
* Revert Patch to relabel if selinux not enabled
* fix per review request
* Add support for environment variable secrets
* fix pre review request
* Fix infinite loop in isPathOnVolume
* Add containers.conf information for changing defaults
* CI: run rootless tests under ubuntu
* Fix wrong macvlan PNG in networking doc.
* Add restart-policy to container filters & --filter to podman start
* Fixes docker-compose cannot set static ip when use ipam
* channel: simplify implementation
* build: improve regex for iidfile
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
* cgroup: fix rootless --cgroup-parent with pods
* fix: docker APIv2 `images/get`
* codespell cleanup
* Minor podmanimage docs updates.
* Fix handling of runlabel IMAGE and NAME
* Bump to v3.2.0-dev
* Bump to v3.2.0-rc1
* rootless: improve automatic range split
* podman: set volatile storage flag for --rm containers
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
* migrate Podman to containers/common/libimage
* Add filepath glob support to --security-opt unmask
* Force log_driver to k8s-file for containers in containers
* add --mac-address to podman play kube
* compat api: Networks must be empty instead of null
* System tests: honor $OCI_RUNTIME (for CI)
* is this a bug?
* system test image: add arm64v8 image
* Fix troubleshooting documentation on handling sublemental groups.
* Add --all to podman start
* Fix variable reference typo. in multi-arch image action
* cgroup: always honor --cgroup-parent with cgroupfs
* Bump github.com/uber/jaeger-client-go
* Don't require tests for github-actions & metadata
* Detect if in podman machine virtual vm
* Fix multi-arch image workflow typo
* [CI:DOCS] Add titles to remote docs (windows)
* Remove unused VolumeList* structs
* Cirrus: Update F34beta -> F34
* Update container image docs + fix unstable execution
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
* TODO complete
* Docker returns 'die' status rather then 'died' status
* Check if another VM is running on machine start
* [CI:DOCS] Improve titles of command HTML pages
* system tests: networking: fix another race condition
* Use seccomp_profile as default profile if defined in containers.conf
* Bump github.com/json-iterator/go from 1.1.10 to 1.1.11
* Vendored
* Autoupdate local label functional
* System tests: fix two race conditions
* Add more documentation on conmon
* Allow docker volume create API to pass without name
* Cirrus: Update Ubuntu images to 21.04
* Skip blkio-weight test when no kernel BFQ support
* rootless: Tell the user what was led to the error, not just what it is
* Add troubleshooting advice about the --userns option.
* Fix images prune filter until
* Fix logic for pushing stable multi-arch images
* Fixes generate kube incorrect when bind-mounting '/' and '/root'
* libpod/image: unit tests: don't use system's registries.conf.d
* runtime: create userns when CAP_SYS_ADMIN is not present
* rootless: attempt to copy current mappings first
* [CI:DOCS] Restore missing content to manpages
* [CI:DOCS] Fix Markdown layout bugs
* Fix podman ps --filter ancestor to match exact ImageName/ImageID
* Add machine-enabled to containers.conf for machine
* Several multi-arch image build/push fixes
* Add podman run --timeout option
* Parse slirp4netns net options with compat api
* Fix rootlesskit port forwarder with custom slirp cidr
* Fix removal race condition in ListContainers
* Add github-action workflow to build/push multi-arch
* rootless: if root is not sub?id raise a debug message
* Bump github.com/containers/common from 0.36.0 to 0.37.0
* Add go template shell completion for --format
* Add --group-add keep-groups: suplimentary groups into container
* Fixes from make codespell
* Typo fix to usage text of --compress option
* corrupt-image test: fix an oops
* Add --noheading flag to all list commands
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
* Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1
* [CI:DOCS] Fix Markdown table layout bugs
* podman-remote should show podman.sock info
* rmi: don't break when the image is missing a manifest
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
* Add support for CDI device configuration
* [CI:DOCS] Add missing dash to verbose option
* Bump github.com/uber/jaeger-client-go
* Remove an advanced layer diff function
* Ensure mount destination is clean, no trailing slash
* add it for inspect pidfile
* [CI:DOCS] Fix introduction page typo
* support pidfile on container restore
* fix start it
* skip pidfile test on remote
* improve document
* set pidfile default value int containerconfig
* add pidfile in inspection
* add pidfile it for container start
* skip pidfile it on remote
* Modify according to comments
* WIP: drop test requirement
* runtime: bump required conmon version
* runtime: return findConmon to libpod
* oci: drop ExecContainerCleanup
* oci: use `--full-path` option for conmon
* use AttachSocketPath when removing conmon files
* hide conmon-pidfile flag on remote mode
* Fix possible panic in libpod/image/prune.go
* add --ip to podman play kube
* add flag autocomplete
* add ut
* add flag '--pidfile' for podman create/run
* Add network bindings tests: remove and list
* Fix build with GO111MODULE=off
* system tests: build --pull-never: deal with flakes
* compose test: diagnose flakes v3
* podman play kube apply correct log driver
* Fixes podman-remote save to directories does not work
* Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2
* Update documentation of podman-run to reflect volume 'U' option
* Fix flake on failed podman-remote build : try 2
* compose test: ongoing efforts to diagnose flakes
* Test that we don't error out on advertised --log-level values
* At trace log level, print error text using %+v instead of %v
* pkg/errorhandling.JoinErrors: don't throw away context for lone errors
* Recognize --log-level=trace
* Fix flake on failed podman-remote build
* System tests: fix racy podman-inspect
* Fixes invalid expression in save command
* Bump github.com/containers/common from 0.35.4 to 0.36.0
* Update nix pin with `make nixpkgs`
* compose test: try to get useful data from flakes
* Remove in-memory state implementation
* Fix message about runtime to show only the actual runtime
* System tests: setup: better cleanup of stray images
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
* Reflect current state of prune implementation in docs
* Do not delete container twice
* [CI:DOCS] Correct status code for /pods/create
* vendor in containers/storage v1.29.0
* cgroup: do not set cgroup parent when rootless and cgroupfs
* Overhaul Makefile binary and release worflows
* Reorganize Makefile with sections and guide
* Simplify Makefile help target
* Don't shell to obtain current directory
* Remove unnecessary/not-needed release.txt target
* Fix incorrect version number output
* Exclude .gitignore from test req.
* Fix handling of $NAME and $IMAGE in runlabel
* Update podman image Dockerfile to support Podman in container
* Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0
* Fix slashes in socket URLs
* Add network prune filters support to bindings
* Add support for play/generate kube volumes
* Update manifest API endpoints
* Fix panic when not giving a machine name for ssh
* cgroups: force 64 bits to ParseUint
* Bump k8s.io/api from 0.20.5 to 0.21.0
* [CI:DOCS] Fix formatting of podman-build man page
* buildah-bud tests: simplify
* Add missing return
* Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1
* speed up CI handling of images
* Volumes prune endpoint should use only prune filters
* Cirrus: Use Fedora 34beta images
* Bump go.sum + Makefile for golang 1.16
* Exempt Makefile changes from test requirements
* Adjust libpod API Container Wait documentation to the code
* [CI:DOCS] Update swagger definition of inspect manifest
* use updated ubuntu images
* podman unshare: add --rootless-cni to join the ns
* Update swagger-check
* swagger: remove name wildcards
* Update buildah-bud diffs
* Handle podman-remote --arch, --platform, --os
* buildah-bud tests: handle go pseudoversions, plus...
* Fix flaking rootless compose test
* rootless cni add /usr/sbin to PATH if not present
* System tests: special case for RHEL: require runc
* Add --requires flag to podman run/create
* [CI:DOCS] swagger-check: compare operations
* [CI:DOCS] Polish swagger OpertionIDs
* [NO TESTS NEEDED] Update nix pin with `make nixpkgs`
* Ensure that `--userns=keep-id` sets user in config
* [CI:DOCS] Set all operation id to be compatibile
* Move operationIds to swagger:operation line
* swagger: add operationIds that match with docker
* Cirrus: Make use of shared get_ci_vm container
* Don't relabel volumes if running in a privileged container
* Allow users to override default storage opts with --storage-opt
* Add support for podman --context default
* Verify existence of auth file if specified
* fix machine naming conventions
* Initial network bindings tests
* Update release notes to indicate CVE fix
* Move socket activation check into init() and set global condition.
* Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0
* Http api tests for network prune with until filter
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
* Fix typos --uidmapping and --gidmapping
* Add transport and destination info to manifest doc
* Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1
* Add default template functions
* Fix missing podman-remote build options
* Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1
* Add ssh connection to root user
* Add rootless docker-compose test to the CI
* Use the slrip4netns dns in the rootless cni ns
* Cleanup the rootless cni namespace
* Add new docker-compose test for two networks
* Make the docker-compose test work rootless
* Remove unused rootless-cni-infra container files
* Only use rootless RLK when the container has ports
* Fix dnsname test
* Enable rootless network connect/disconnect
* Move slirp4netns functions into an extra file
* Fix pod infra container cni network setup
* Add rootless support for cni and --uidmap
* rootless cni without infra container
* Recreate until container prune tests for bindings
* Remove --execute from podman machine ssh
* Fixed podman-remote --network flag
* Makefile: introduce install.docker-full
* Makefile: ensure install.docker creates BINDIR
* Fix unmount doc reference in image.rst
* Should send the OCI runtime path not just the name to buildah
* podman machine shell completion
* Fix handling of remove --log-rusage param
* Fix bindings prune containers flaky test
* [CI:DOCS] Add local html build info to docs/README.md
* Add podman machine list
* Trim white space from /top endpoint results
* Remove semantic version suffices from API calls
* podman machine init --ignition-path
* Document --volume from podman-remote run/create client
* Update main branch to reflect the release of v3.1.0
* Silence podman network reload errors with iptables-nft
* Containers prune endpoint should use only prune filters
* resolve proper aarch64 image names
* APIv2 basic test: relax APIVersion check
* Add machine support for qemu-system-aarch64
* podman machine init user input
* manpage xref: helpful diagnostic for unescaped dash-dash
* Bump to v3.2.0-dev
* swagger: update system version response body
* buildah-bud tests: reenable pull-never test
* [NO TESTS NEEDED] Shrink the size of podman-remote
* Add powershell completions
* [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted
* Fix long option format on docs.podman.io
* system tests: friendier messages for 2-arg is()
* service: use LISTEN_FDS
* man pages: correct seccomp-policy label
* rootless: use is_fd_inherited
* podman generate systemd --new do not duplicate params
* play kube: add support for env vars defined from secrets
* play kube: support optional/mandatory env var from config map
* play kube: prepare supporting other env source than config maps
* Add machine support for more Linux distros
* [NO TESTS NEEDED] Use same function podman-remote rmi as podman
* Podman machine enhancements
* Add problematic volume name to kube play error messages
* Fix podman build --pull-never
* [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
* [NO TESTS NEEDED] Turn on podman-remote build --isolation
* Fix list pods filter handling in libpod api
* Remove resize race condition
* [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
* Use TMPDIR when commiting images
* Add RequiresMountsFor= to systemd generate
* Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3
* Fix swapped dimensions from terminal.GetSize
* Rename podman machine create to init and clean up
* Correct json field name
* system tests: new interactive tests
* Improvements for machine
* libpod/image: unit tests: use a `registries.conf` for aliases
* libpod/image: unit tests: defer cleanup
* libpod/image: unit tests: use `require.NoError`
* Add --execute flag to podman machine ssh
* introduce podman machine
* Podman machine CLI and interface stub
* Support multi doc yaml for generate/play kube
* Fix filters in image http compat/libpod api endpoints
* Bump github.com/containers/common from 0.35.3 to 0.35.4
* Bump github.com/containers/storage from 1.28.0 to 1.28.1
* Check if stdin is a term in --interactive --tty mode
* [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
* [NO TESTS NEEDED] Fix rootless volume plugins
* Ensure manually-created volumes have correct ownership
* Bump github.com/rootless-containers/rootlesskit
* Unification of until filter across list/prune endpoints
* Unification of label filter across list/prune endpoints
* fixup
* fix: build endpoint for compat API
* [CI:DOCS] Add note to mappings for user/group userns in build
* Bump k8s.io/api from 0.20.1 to 0.20.5
* Validate passed in timezone from tz option
* WIP: run buildah bud tests using podman
* Fix containers list/prune http api filter behaviour
* Generate Kubernetes PersistentVolumeClaims from named volumes
- Update to version 3.1.2:
* Bump to v3.1.2
* Update release notes for v3.1.2
* Ensure mount destination is clean, no trailing slash
* Fixes podman-remote save to directories does not work
* [CI:DOCS] Add missing dash to verbose option
* [CI:DOCS] Fix Markdown table layout bugs
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
* rmi: don't break when the image is missing a manifest
* Bump containers/image to v5.11.1
* Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1
* Fix lint
* Bump to v3.1.2-dev
- Split podman-remote into a subpackage
- Add missing scriptlets for systemd units
- Escape macros in comments
- Drop some obsolete workarounds, including %{go_nostrip}
- Update to version 3.1.1:
* Bump to v3.1.1
* Update release notes for v3.1.1
* podman play kube apply correct log driver
* Fix build with GO111MODULE=off
* [CI:DOCS] Set all operation id to be compatibile
* Move operationIds to swagger:operation line
* swagger: add operationIds that match with docker
* Fix missing podman-remote build options
* [NO TESTS NEEDED] Shrink the size of podman-remote
* Move socket activation check into init() and set global condition.
* rootless: use is_fd_inherited
* Recreate until container prune tests for bindings
* System tests: special case for RHEL: require runc
* Document --volume from podman-remote run/create client
* Containers prune endpoint should use only prune filters
* Trim white space from /top endpoint results
* Fix unmount doc reference in image.rst
* Fix handling of remove --log-rusage param
* Makefile: introduce install.docker-full
* Makefile: ensure install.docker creates BINDIR
* Should send the OCI runtime path not just the name to buildah
* Fixed podman-remote --network flag
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
* Fix typos --uidmapping and --gidmapping
* Add default template functions
* Don't relabel volumes if running in a privileged container
* Allow users to override default storage opts with --storage-opt
* Add transport and destination info to manifest doc
* Verify existence of auth file if specified
* Ensure that `--userns=keep-id` sets user in config
* [CI:DOCS] Update swagger definition of inspect manifest
* Volumes prune endpoint should use only prune filters
* Adjust libpod API Container Wait documentation to the code
* Add missing return
* [CI:DOCS] Fix formatting of podman-build man page
* cgroups: force 64 bits to ParseUint
* Fix slashes in socket URLs
* [CI:DOCS] Correct status code for /pods/create
* cgroup: do not set cgroup parent when rootless and cgroupfs
* Reflect current state of prune implementation in docs
* Do not delete container twice
* Test that we don't error out on advertised --log-level values
* At trace log level, print error text using %+v instead of %v
* pkg/errorhandling.JoinErrors: don't throw away context for lone errors
* Recognize --log-level=trace
* Fix message about runtime to show only the actual runtime
* Fix handling of $NAME and $IMAGE in runlabel
* Fix flake on failed podman-remote build : try 2
* Fix flake on failed podman-remote build
* Update documentation of podman-run to reflect volume 'U' option
* Fixes invalid expression in save command
* Fix possible panic in libpod/image/prune.go
* Update all containers/ project vendors
* Fix tests
* Bump to v3.1.1-dev
- Update to version 3.1.0:
* Bump to v3.1.0
* Fix test failure
* Update release notes for v3.1.0 final release
* [NO TESTS NEEDED] Turn on podman-remote build --isolation
* Fix long option format on docs.podman.io
* Fix containers list/prune http api filter behaviour
* [CI:DOCS] Add note to mappings for user/group userns in build
* Validate passed in timezone from tz option
* Generate Kubernetes PersistentVolumeClaims from named volumes
* libpod/image: unit tests: use a `registries.conf` for aliases
- Require systemd 241 or newer due to podman dependency go-systemd v22,
otherwise build will fail with unknown C name errors
- Create docker subpackage to allow replacing docker with
corresponding aliases to podman.
- Update to v3.0.1
* Changes
- Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.
Bugfixes
- Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).
- Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output.
- Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems.
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393).
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415).
- Fixed a bug where Podman would treat the --entrypoint=[''] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).
- Fixed a bug where Podman would set the HOME environment variable to '' when the container ran as a user without an assigned home directory (#9378).
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374).
- Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365).
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387).
- Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191).
- Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247).
* API
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351).
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232).
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library.
* Misc
- Updated Buildah to v1.19.4
- Updated the containers/storage library to v1.24.6
- Changes from v3.0.0
* Features
- Podman now features initial support for Docker Compose.
- Added the podman rename command, which allows containers to be renamed after they are created (#1925).
- The Podman remote client now supports the podman copy command.
- A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
- Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
- Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
- The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
- The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
- The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
- The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
- The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
- The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
- The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
- The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
- The podman pod create command now supports the --net=none option (#9165).
- The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
- The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
- The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
- The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
- The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
- The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
- The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
- The podman volume prune commands now supports filtering what volumes will be pruned.
- The podman system prune command now includes information on space reclaimed (#8658).
- The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
- The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
- The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
- The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
- Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
- The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).
* Security
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
* Changes
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
- The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
- The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
- The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
- The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
- Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
- Error messages for podman run when an invalid SELinux is specified have been improved.
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
- SSH public key handling for remote Podman has been improved.
* Bugfixes
- Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
- Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
- Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
- Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
- Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
- Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
- Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
- Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
- Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
- Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
- Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
- Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
- Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
- Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
- Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
- Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
- Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture (#8782).
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
- Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
- Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
- Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
- Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
- Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
- Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
- Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
- Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
- Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
- Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
- Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
- Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
- Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
- Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
- Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
- Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
- Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
- Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
- Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
- Fixed a bug where --format did not support JSON output for individual fields (#8444).
- Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
- Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
- Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
- Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
- Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).
- Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773).
- Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).
- Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003).
API
- Libpod API version has been bumped to v3.0.0.
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a 'no such file' error if an invalid executable was passed) (#8281)
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
* Misc
- Updated Buildah to v1.19.2
- Updated the containers/storage library to v1.24.5
- Updated the containers/image library to v5.10.2
- Updated the containers/common library to v0.33.4
- Update to v2.2.1
* Changes
- Due to a conflict with a previously-removed field, we were forced to
modify the way image volumes (mounting images into containers using
--mount type=image) were handled in the database.
As a result, containers created in Podman 2.2.0 with image volume
will not have them in v2.2.1, and these containers will need to be re-created.
* Bugfixes
- Fixed a bug where rootless Podman would, on systems without the
XDG_RUNTIME_DIR environment variable defined, use an incorrect path
for the PID file of the Podman pause process, causing Podman to fail
to start (#8539).
- Fixed a bug where containers created using Podman v1.7 and earlier were
unusable in Podman due to JSON decode errors (#8613).
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead
of erroring, for containers that were not running.
- Fixed a bug where the podman system reset command would print a warning
about a duplicate shutdown handler being registered.
- Fixed a bug where rootless Podman would attempt to mount sysfs in
circumstances where it was not allowed; some OCI runtimes (notably
crun) would fall back to alternatives and not fail, but others
(notably runc) would fail to run containers.
- Fixed a bug where the podman run and podman create commands would fail
to create containers from untagged images (#8558).
- Fixed a bug where remote Podman would prompt for a password even when
the server did not support password authentication (#8498).
- Fixed a bug where the podman exec command did not move the Conmon
process for the exec session into the correct cgroup.
- Fixed a bug where shell completion for the ancestor option to
podman ps --filter did not work correctly.
- Fixed a bug where detached containers would not properly clean themselves
up (or remove themselves if --rm was set) if the Podman command that
created them was invoked with --log-level=debug.
* API
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle the Binds and Mounts parameters in HostConfig.
- Fixed a bug where the Compat Create endpoint for Containers
ignored the Name query parameter.
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle the 'default' value for NetworkMode (this value is
used extensively by docker-compose) (#8544).
- Fixed a bug where the Compat Build endpoint for Images would sometimes
incorrectly use the target query parameter as the image's tag.
* Misc
- Podman v2.2.0 vendored a non-released, custom version of the
github.com/spf13/cobra package; this has been reverted to the latest
upstream release to aid in packaging.
- Updated the containers/image library to v5.9.0
- Update to v2.2.0
* Features
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here.
- Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.
- The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
- The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
- The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
- The podman play kube command now supports persistent volumes claims using Podman named volumes.
- The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
- The podman play kube command now supports a --log-driver option to set the log driver for created containers.
- The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
- The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
- The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
- The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
- The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
- The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
- The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
- The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
- The podman search command can now output JSON using the --format=json option.
- The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
- The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
- The --tls-verify and --authfile options have been enabled for use with remote Podman.
- The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
- The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
- The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
- The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
- The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.
- The podman pod ps command now supports a new filter status, that matches pods in a certain state.
* Changes
- The podman network rm --force command will now also remove pods that are using the network (#7791).
- The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
- If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
- Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
- The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
- The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
- The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
- A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container.
- The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).
- Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657).
- The podman network rm command now has a new alias, podman network remove (#8402).
* Bugfixes
- Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
- Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
- Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
- Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
- Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
- Fixed a bug where the podman untag --all command was not supported with remote Podman.
- Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
- Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
- Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
- Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
- Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
- Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
- Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
- Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
- Fixed a bug where the --format 'table {{ .Field }}' option to numerous Podman commands ceased to function on Podman v2.0 and up.
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
- Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
- Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
- Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
- Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
- Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
- Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
- Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
- Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
- Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
- Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
- Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
- Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
- Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
- Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
- Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
- Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
- Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
- Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
- Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
- Fixed a bug where the --extract option to podman cp was nonfunctional.
- Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
- Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
- Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
- Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
- Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
- Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
- Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
- Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
- Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
- Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
- Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
- Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
- Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
- Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
- Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
- Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).
- Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).
- Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables.
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473).
- Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.
- Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).
- Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck.
- Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).
- Fixed a bug where the podman container ps alias for podman ps was missing (#8445).
* API
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
- A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
- The Compat Network Connect and Network Disconnect endpoints have been added.
- Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
- The Compat Create endpoint for images now properly supports specifying images by digest.
- The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
- Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version).
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so).
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
- Fixed a bug where the 'no such image' error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
- Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.
- Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time.
- Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.
- add dependency to timezone package or podman fails to build a
- Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib
SELinux support [jsc#SMO-15]
libseccomp was updated to release 2.5.3:
* Update the syscall table for Linux v5.15
* Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
* Document that seccomp_rule_add() may return -EACCES
Update to release 2.5.2
* Update the syscall table for Linux v5.14-rc7
* Add a function, get_notify_fd(), to the Python bindings to
get the nofication file descriptor.
* Consolidate multiplexed syscall handling for all
architectures into one location.
* Add multiplexed syscall support to PPC and MIPS
* The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
the kernel. libseccomp's fd notification logic was modified
to support the kernel's previous and new usage of
SECCOMP_IOCTL_NOTIF_ID_VALID.
update to 2.5.1:
* Fix a bug where seccomp_load() could only be called once
* Change the notification fd handling to only request a notification fd if
* the filter has a _NOTIFY action
* Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
* Clarify the maintainers' GPG keys
Update to release 2.5.0
* Add support for the seccomp user notifications, see the
seccomp_notify_alloc(3), seccomp_notify_receive(3),
seccomp_notify_respond(3) manpages for more information
* Add support for new filter optimization approaches, including a balanced
tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
more information
* Add support for the 64-bit RISC-V architecture
* Performance improvements when adding new rules to a filter thanks to the
use of internal shadow transactions and improved syscall lookup tables
* Properly document the libseccomp API return values and include them in the
stable API promise
* Improvements to the s390 and s390x multiplexed syscall handling
* Multiple fixes and improvements to the libseccomp manpages
* Moved from manually maintained syscall tables to an automatically generated
syscall table in CSV format
* Update the syscall tables to Linux v5.8.0-rc5
* Python bindings and build now default to Python 3.x
* Improvements to the tests have boosted code coverage to over 93%
Update to release 2.4.3
* Add list of authorized release signatures to README.md
* Fix multiplexing issue with s390/s390x shm* syscalls
* Remove the static flag from libseccomp tools compilation
* Add define for __SNR_ppoll
* Fix potential memory leak identified by clang in the
scmp_bpf_sim tool
Update to release 2.4.2
* Add support for io-uring related system calls
conmon was updated to version 2.0.30:
* Remove unreachable code path
* exit: report if the exit command was killed
* exit: fix race zombie reaper
* conn_sock: allow watchdog messages through the notify socket proxy
* seccomp: add support for seccomp notify
Update to version 2.0.29:
* Reset OOM score back to 0 for container runtime
* call functions registered with atexit on SIGTERM
* conn_sock: fix potential segfault
Update to version 2.0.27:
* Add CRI-O integration test GitHub action
* exec: don't fail on EBADFD
* close_fds: fix close of external fds
* Add arm64 static build binary
Update to version 2.0.26:
* conn_sock: do not fail on EAGAIN
* fix segfault from a double freed pointer
* Fix a bug where conmon could never spawn a container, because
a disagreement between the caller and itself on where the attach
socket was.
* improve --full-attach to ignore the socket-dir directly. that
means callers don't need to specify a socket dir at all (and
can remove it)
* add full-attach option to allow callers to not truncate a very
long path for the attach socket
* close only opened FDs
* set locale to inherit environment
Update to version 2.0.22:
* added man page
* attach: always chdir
* conn_sock: Explicitly free a heap-allocated string
* refactor I/O and add SD_NOTIFY proxy support
Update to version 2.0.21:
* protect against kill(-1)
* Makefile: enable debuginfo generation
* Remove go.sum file and add go.mod
* Fail if conmon config could not be written
* nix: remove double definition for e2fsprogs
* Speedup static build by utilizing CI cache on `/nix` folder
* Fix nix build for failing e2fsprogs tests
* test: fix CI
* Use Podman for building
libcontainers-common was updated to include:
- common 0.44.0
- image 5.16.0
- podman 3.3.1
- storage 1.36.0
(changes too long to list)
CVEs fixed: CVE-2020-14370,CVE-2020-15157,CVE-2021-20199,CVE-2021-20291,CVE-2021-3602
ModerateSUSE bug 1176804SUSE bug 1177598SUSE bug 1181640SUSE bug 1182998SUSE bug 1188520SUSE bug 1188914SUSE bug 1193166SUSE bug 1193273CVE-2020-14370 at SUSECVE-2020-14370 at NVDCVE-2020-15157 at SUSECVE-2020-15157 at NVDCVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20291 at SUSECVE-2021-20291 at NVDCVE-2021-3602 at SUSECVE-2021-3602 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDcpe:/o:suse:suse-microos:5.1Security update for s390-tools (Important)SUSE Linux Enterprise Micro 5.1
This update of s390-tools fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-microos:5.1Security update for curl (Important)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
ImportantSUSE bug 1200735SUSE bug 1200737CVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
ImportantSUSE bug 1201099CVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd, docker and runc (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd, docker and runc fixes the following issues:
containerd:
- CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145)
docker:
- Update to Docker 20.10.17-ce. See upstream changelog online at
https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145)
runc:
Update to runc v1.1.3.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3.
* Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did not
support would return `-EPERM` despite the existence of the `-ENOSYS` stub
code (this was due to how s390x does syscall multiplexing).
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes.
* Inability to compile with recent clang due to an issue with duplicate
constants in libseccomp-golang.
* When using systemd cgroup driver, skip adding device paths that don't exist,
to stop systemd from emitting warnings about those paths.
* Socket activation was failing when more than 3 sockets were used.
* Various CI fixes.
* Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
- Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565)
Update to runc v1.1.2.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2.
Security issue fixed:
- CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical Linux
environment. (bsc#1199460)
- `runc spec` no longer sets any inheritable capabilities in the created
example OCI spec (`config.json`) file.
Update to runc v1.1.1.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1.
* runc run/start can now run a container with read-only /dev in OCI spec,
rather than error out. (#3355)
* runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
libcontainer systemd v2 manager no longer errors out if one of the files
listed in /sys/kernel/cgroup/delegate do not exist in container's
cgroup. (#3387, #3404)
* Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported'
error. (#3406)
* libcontainer/cgroups no longer panics in cgroup v1 managers if stat
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
Update to runc v1.1.0.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0.
- libcontainer will now refuse to build without the nsenter package being
correctly compiled (specifically this requires CGO to be enabled). This
should avoid folks accidentally creating broken runc binaries (and
incorrectly importing our internal libraries into their projects). (#3331)
Update to runc v1.1.0~rc1.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
+ Add support for RDMA cgroup added in Linux 4.11.
* runc exec now produces exit code of 255 when the exec failed.
This may help in distinguishing between runc exec failures
(such as invalid options, non-running container or non-existent
binary etc.) and failures of the command being executed.
+ runc run: new --keep option to skip removal exited containers artefacts.
This might be useful to check the state (e.g. of cgroup controllers) after
the container hasexited.
+ seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
(the latter is just an alias for SCMP_ACT_KILL).
+ seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
users to create sophisticated seccomp filters where syscalls can be
efficiently emulated by privileged processes on the host.
+ checkpoint/restore: add an option (--lsm-mount-context) to set
a different LSM mount context on restore.
+ intelrdt: support ClosID parameter.
+ runc exec --cgroup: an option to specify a (non-top) in-container cgroup
to use for the process being executed.
+ cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
run/exec now adds the container to the appropriate cgroup under it).
+ sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
behaviour.
+ mounts: add support for bind-mounts which are inaccessible after switching
the user namespace. Note that this does not permit the container any
additional access to the host filesystem, it simply allows containers to
have bind-mounts configured for paths the user can access but have
restrictive access control settings for other users.
+ Add support for recursive mount attributes using mount_setattr(2). These
have the same names as the proposed mount(8) options -- just prepend r
to the option name (such as rro).
+ Add runc features subcommand to allow runc users to detect what features
runc has been built with. This includes critical information such as
supported mount flags, hook names, and so on. Note that the output of this
command is subject to change and will not be considered stable until runc
1.2 at the earliest. The runtime-spec specification for this feature is
being developed in opencontainers/runtime-spec#1130.
* system: improve performance of /proc/$pid/stat parsing.
* cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
the ownership of certain cgroup control files (as per
/sys/kernel/cgroup/delegate) to allow for proper deferral to the container
process.
* runc checkpoint/restore: fixed for containers with an external bind mount
which destination is a symlink.
* cgroup: improve openat2 handling for cgroup directory handle hardening.
runc delete -f now succeeds (rather than timing out) on a paused
container.
* runc run/start/exec now refuses a frozen cgroup (paused container in case of
exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of the release.
ImportantSUSE bug 1192051SUSE bug 1199460SUSE bug 1199565SUSE bug 1200088SUSE bug 1200145CVE-2022-29162 at SUSECVE-2022-29162 at NVDCVE-2022-31030 at SUSECVE-2022-31030 at NVDcpe:/o:suse:suse-microos:5.1Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ignition fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
- Update to version 2.14.0
ModerateSUSE bug 1199524CVE-2022-1706 at SUSECVE-2022-1706 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
Security issues fixed:
- CVE-2021-3572: Update bundled pip wheel to the latest SLE version (bsc#1186819)
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
Other bugs fixed:
- Remove shebangs from from python-base libraries in _libdir
(bsc#1193179, bsc#1192249).
ImportantSUSE bug 1186819SUSE bug 1190566SUSE bug 1192249SUSE bug 1193179SUSE bug 1198511CVE-2015-20107 at SUSECVE-2015-20107 at NVDCVE-2021-3572 at SUSECVE-2021-3572 at NVDcpe:/o:suse:suse-microos:5.1Security update for pcre (Important)SUSE Linux Enterprise Micro 5.1
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-microos:5.1Security update for p11-kit (Moderate)SUSE Linux Enterprise Micro 5.1
This update for p11-kit fixes the following issues:
- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)
ModerateSUSE bug 1180065CVE-2020-29362 at SUSECVE-2020-29362 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- Add various fsctl structs (bsc#1200217).
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- arm64: ftrace: fix branch range checks (git-fixes)
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
- bcache: fixup multiple threads crash (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- block: Fix kABI in blk-merge.c (bsc#1198020).
- block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
- ceph: add some lockdep assertions around snaprealm handling (bsc#1201147).
- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
- cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
- cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217).
- cifs: avoid parallel session setups on same channel (bsc#1200217).
- cifs: avoid race during socket reconnect between send and recv (bsc#1200217).
- cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
- cifs: call helper functions for marking channels for reconnect (bsc#1200217).
- cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217).
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- cifs: check reconnects for channels of active tcons too (bsc#1200217).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217).
- cifs: clean up an inconsistent indenting (bsc#1200217).
- cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217).
- cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
- cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217).
- cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217).
- cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- cifs: fix handlecache and multiuser (bsc#1200217).
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
- cifs: fix minor compile warning (bsc#1200217).
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- cifs: fix potential double free during failed mount (bsc#1200217).
- cifs: fix potential race with cifsd thread (bsc#1200217).
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- cifs: fix the connection state transitions with multichannel (bsc#1200217).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217).
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- cifs: ignore resource_id while getting fscache super cookie (bsc#1200217).
- cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
- cifs: make status checks in version independent callers (bsc#1200217).
- cifs: mark sessions for reconnection in helper function (bsc#1200217).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- cifs: potential buffer overflow in handling symlinks (bsc#1200217).
- cifs: print TIDs as hex (bsc#1200217).
- cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217).
- cifs: reconnect only the connection and not smb session where possible (bsc#1200217).
- cifs: release cached dentries only if mount is complete (bsc#1200217).
- cifs: remove check of list iterator against head past the loop body (bsc#1200217).
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
- cifs: remove repeated state change in dfs tree connect (bsc#1200217).
- cifs: remove unused variable ses_selected (bsc#1200217).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- cifs: return the more nuanced writeback error on close() (bsc#1200217).
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- cifs: serialize all mount attempts (bsc#1200217).
- cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217).
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- cifs: smbd: fix typo in comment (bsc#1200217).
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- cifs: track individual channel status using chans_need_reconnect (bsc#1200217).
- cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
- cifs: update internal module number (bsc#1193629).
- cifs: update internal module number (bsc#1200217).
- cifs: update internal module number (bsc#1200217).
- cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
- cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217).
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- cifs: use new enum for ses_status (bsc#1200217).
- cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217).
- cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217).
- cifs: wait for tcon resource_id before getting fscache super (bsc#1200217).
- cifs: we do not need a spinlock around the tree access during umount (bsc#1200217).
- cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
- exec: Force single empty string when argv is empty (bsc#1200571).
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
- ext4: make variable 'count' signed (bsc#1200820).
- Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- gtp: use icmp_ndo_send helper (git-fixes).
- hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
- i2c: designware: Use standard optional ref clock implementation (git-fixes).
- ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
- iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- iomap: iomap_write_failed fix (bsc#1200829).
- ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
- jfs: fix divide error in dbNextAG (bsc#1200828).
- kABI fix of sysctl_run_estimation (git-fixes).
- kabi: nvme workaround header include (bsc#1201193).
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- move devm_allocate to end of structure for kABI (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
- NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
- NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFS: Memory allocation failures are not server fatal errors (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions (git-fixes).
- nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
- nvme: add new discovery log page entry definitions (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761).
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761).
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes).
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
- pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
- powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
- Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes).
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
- scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622).
- smb3: add mount parm nosparse (bsc#1200217).
- smb3: add trace point for lease not found issue (bsc#1200217).
- smb3: add trace point for oplock not found (bsc#1200217).
- smb3: check for null tcon (bsc#1200217).
- smb3: cleanup and clarify status of tree connections (bsc#1200217).
- smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217).
- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217).
- smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217).
- smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: fix snapshot mount option (bsc#1200217).
- [smb3] improve error message when mount options conflict with posix (bsc#1200217).
- smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- [smb3] move more common protocol header definitions to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: send NTLMSSP version information (bsc#1200217).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
- sunvnet: use icmp_ndo_send helper (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: chipidea: udc: check request status before setting device address (git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
- usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
- veth: fix races around rq->rx_notify_masked (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- writeback: Avoid skipping inode writeback (bsc#1200813).
- writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
- xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1179195SUSE bug 1180814SUSE bug 1184924SUSE bug 1185762SUSE bug 1192761SUSE bug 1193629SUSE bug 1194013SUSE bug 1195504SUSE bug 1195775SUSE bug 1196901SUSE bug 1197362SUSE bug 1197754SUSE bug 1198020SUSE bug 1198924SUSE bug 1199482SUSE bug 1199487SUSE bug 1199489SUSE bug 1199657SUSE bug 1200217SUSE bug 1200263SUSE bug 1200343SUSE bug 1200442SUSE bug 1200571SUSE bug 1200599SUSE bug 1200600SUSE bug 1200608SUSE bug 1200619SUSE bug 1200622SUSE bug 1200692SUSE bug 1200806SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200813SUSE bug 1200816SUSE bug 1200820SUSE bug 1200821SUSE bug 1200822SUSE bug 1200825SUSE bug 1200828SUSE bug 1200829SUSE bug 1200925SUSE bug 1201050SUSE bug 1201080SUSE bug 1201143SUSE bug 1201147SUSE bug 1201149SUSE bug 1201160SUSE bug 1201171SUSE bug 1201177SUSE bug 1201193SUSE bug 1201222CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4:
- Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079).
- FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- FIPS: remove hard disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Run test suite at build time, and make it pass (bsc#1198486).
- FIPS: skip algorithms that are hard disabled in FIPS mode.
- Prevent expired PayPalEE cert from failing the tests.
- Allow checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: add version indicators. (bmo#1729550, bsc#1192086).
- FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).
Version update to NSS 3.79:
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Version update to NSS 3.78.1:
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
Version update to NSS 3.78:
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Version update to NSS 3.77:
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
Version update to NSS 3.76.1
- Remove token member from NSSSlot struct.
- Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake message.
Version update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Version update to NSS 3.74
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
Version update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Version update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Version update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Version update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
Version update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Version update to NSS 3.69.1:
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with AES_CBC
NSS 3.69:
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
Version Update to 3.68.4 (bsc#1200027)
- CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
Mozilla NSPR was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that have two IP stacks available.
ImportantSUSE bug 1192079SUSE bug 1192080SUSE bug 1192086SUSE bug 1192087SUSE bug 1192228SUSE bug 1198486SUSE bug 1200027CVE-2022-31741 at SUSECVE-2022-31741 at NVDcpe:/o:suse:suse-microos:5.1Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.1
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
ImportantSUSE bug 1196125SUSE bug 1201225CVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:suse-microos:5.1Security update for logrotate (Important)SUSE Linux Enterprise Micro 5.1
This update for logrotate fixes the following issues:
Security issues fixed:
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).
ImportantSUSE bug 1192449SUSE bug 1200278SUSE bug 1200802cpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- arm64: ftrace: fix branch range checks (git-fixes)
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
- bcache: fixup multiple threads crash (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- block: Fix kABI in blk-merge.c (bsc#1198020).
- block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
- ceph: add some lockdep assertions around snaprealm handling (bsc#1201147).
- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
- cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
- cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217).
- cifs: avoid parallel session setups on same channel (bsc#1200217).
- cifs: avoid race during socket reconnect between send and recv (bsc#1200217).
- cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
- cifs: call helper functions for marking channels for reconnect (bsc#1200217).
- cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217).
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- cifs: check reconnects for channels of active tcons too (bsc#1200217).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217).
- cifs: clean up an inconsistent indenting (bsc#1200217).
- cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217).
- cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
- cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217).
- cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217).
- cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- cifs: fix handlecache and multiuser (bsc#1200217).
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
- cifs: fix minor compile warning (bsc#1200217).
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- cifs: fix potential double free during failed mount (bsc#1200217).
- cifs: fix potential race with cifsd thread (bsc#1200217).
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- cifs: fix the connection state transitions with multichannel (bsc#1200217).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217).
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- cifs: ignore resource_id while getting fscache super cookie (bsc#1200217).
- cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
- cifs: make status checks in version independent callers (bsc#1200217).
- cifs: mark sessions for reconnection in helper function (bsc#1200217).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- cifs: potential buffer overflow in handling symlinks (bsc#1200217).
- cifs: print TIDs as hex (bsc#1200217).
- cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217).
- cifs: reconnect only the connection and not smb session where possible (bsc#1200217).
- cifs: release cached dentries only if mount is complete (bsc#1200217).
- cifs: remove check of list iterator against head past the loop body (bsc#1200217).
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
- cifs: remove repeated state change in dfs tree connect (bsc#1200217).
- cifs: remove unused variable ses_selected (bsc#1200217).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- cifs: return the more nuanced writeback error on close() (bsc#1200217).
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- cifs: serialize all mount attempts (bsc#1200217).
- cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217).
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- cifs: smbd: fix typo in comment (bsc#1200217).
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- cifs: track individual channel status using chans_need_reconnect (bsc#1200217).
- cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
- cifs: update internal module number (bsc#1193629).
- cifs: update internal module number (bsc#1200217).
- cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
- cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217).
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- cifs: use new enum for ses_status (bsc#1200217).
- cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217).
- cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217).
- cifs: wait for tcon resource_id before getting fscache super (bsc#1200217).
- cifs: we do not need a spinlock around the tree access during umount (bsc#1200217).
- cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
- exec: Force single empty string when argv is empty (bsc#1200571).
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
- ext4: make variable 'count' signed (bsc#1200820).
- Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- gtp: use icmp_ndo_send helper (git-fixes).
- hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
- i2c: designware: Use standard optional ref clock implementation (git-fixes).
- ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
- iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- iomap: iomap_write_failed fix (bsc#1200829).
- ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
- jfs: fix divide error in dbNextAG (bsc#1200828).
- kABI fix of sysctl_run_estimation (git-fixes).
- kabi: nvme workaround header include (bsc#1201193).
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- move devm_allocate to end of structure for kABI (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
- NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
- NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFS: Memory allocation failures are not server fatal errors (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions (git-fixes).
- nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
- nvme: add new discovery log page entry definitions (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761).
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761).
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes).
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
- pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
- powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
- Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes).
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
- scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622).
- smb3: add mount parm nosparse (bsc#1200217).
- smb3: add trace point for lease not found issue (bsc#1200217).
- smb3: add trace point for oplock not found (bsc#1200217).
- smb3: check for null tcon (bsc#1200217).
- smb3: cleanup and clarify status of tree connections (bsc#1200217).
- smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217).
- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217).
- smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217).
- smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217).
- smb3: fix snapshot mount option (bsc#1200217).
- smb3 improve error message when mount options conflict with posix (bsc#1200217).
- smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217).
- smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217).
- smb3: move more common protocol header definitions to smbfs_common (bsc#1200217).
- smb3: send NTLMSSP version information (bsc#1200217).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
- sunvnet: use icmp_ndo_send helper (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: chipidea: udc: check request status before setting device address (git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
- usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
- veth: fix races around rq->rx_notify_masked (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- writeback: Avoid skipping inode writeback (bsc#1200813).
- writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
- xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
ImportantSUSE bug 1065729SUSE bug 1179195SUSE bug 1180814SUSE bug 1184924SUSE bug 1185762SUSE bug 1192761SUSE bug 1193629SUSE bug 1194013SUSE bug 1195504SUSE bug 1195775SUSE bug 1196901SUSE bug 1197362SUSE bug 1197754SUSE bug 1198020SUSE bug 1198924SUSE bug 1199482SUSE bug 1199487SUSE bug 1199489SUSE bug 1199657SUSE bug 1200217SUSE bug 1200263SUSE bug 1200343SUSE bug 1200442SUSE bug 1200571SUSE bug 1200599SUSE bug 1200600SUSE bug 1200604SUSE bug 1200605SUSE bug 1200608SUSE bug 1200619SUSE bug 1200622SUSE bug 1200692SUSE bug 1200806SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200813SUSE bug 1200816SUSE bug 1200820SUSE bug 1200821SUSE bug 1200822SUSE bug 1200825SUSE bug 1200828SUSE bug 1200829SUSE bug 1200925SUSE bug 1201050SUSE bug 1201080SUSE bug 1201143SUSE bug 1201147SUSE bug 1201149SUSE bug 1201160SUSE bug 1201171SUSE bug 1201177SUSE bug 1201193SUSE bug 1201222SUSE bug 1201644SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-M2Crypto (Important)SUSE Linux Enterprise Micro 5.1
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).
ImportantSUSE bug 1178829CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:suse-microos:5.1Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.1
This update for ldb, samba fixes the following issues:
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
- CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
- CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).
The following security bugs were fixed:
samba was updated to 4.15.8:
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
ldb was updated to version 2.4.3
* Fix build problems, waf produces incorrect names for python extensions; (bso#15071);
ImportantSUSE bug 1196224SUSE bug 1198255SUSE bug 1199247SUSE bug 1199734SUSE bug 1200556SUSE bug 1200964SUSE bug 1201490SUSE bug 1201492SUSE bug 1201493SUSE bug 1201495SUSE bug 1201496CVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1199965SUSE bug 1199966SUSE bug 1200549SUSE bug 1201394SUSE bug 1201469CVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:suse-microos:5.1Security update for dwarves and elfutils (Moderate)SUSE Linux Enterprise Micro 5.1
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
ModerateSUSE bug 1033084SUSE bug 1033085SUSE bug 1033086SUSE bug 1033087SUSE bug 1033088SUSE bug 1033089SUSE bug 1033090SUSE bug 1082318SUSE bug 1104264SUSE bug 1106390SUSE bug 1107066SUSE bug 1107067SUSE bug 1111973SUSE bug 1112723SUSE bug 1112726SUSE bug 1123685SUSE bug 1125007CVE-2017-7607 at SUSECVE-2017-7607 at NVDCVE-2017-7608 at SUSECVE-2017-7608 at NVDCVE-2017-7609 at SUSECVE-2017-7609 at NVDCVE-2017-7610 at SUSECVE-2017-7610 at NVDCVE-2017-7611 at SUSECVE-2017-7611 at NVDCVE-2017-7612 at SUSECVE-2017-7612 at NVDCVE-2017-7613 at SUSECVE-2017-7613 at NVDCVE-2018-16062 at SUSECVE-2018-16062 at NVDCVE-2018-16402 at SUSECVE-2018-16402 at NVDCVE-2018-16403 at SUSECVE-2018-16403 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7146 at SUSECVE-2019-7146 at NVDCVE-2019-7148 at SUSECVE-2019-7148 at NVDCVE-2019-7149 at SUSECVE-2019-7149 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7664 at SUSECVE-2019-7664 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:suse-microos:5.1Security update for mokutil (Moderate)SUSE Linux Enterprise Micro 5.1
This update for mokutil fixes the following issues:
- Adds SBAT revocation support to mokutil. (bsc#1198458)
New options added (see manpage):
- mokutil --sbat
List all entries in SBAT.
- mokutil --set-sbat-policy (latest | previous | delete)
To set the SBAT acceptance policy.
- mokutil --list-sbat-revocations
To list the current SBAT revocations.
ModerateSUSE bug 1198458cpe:/o:suse:suse-microos:5.1Security update for pcre2 (Important)SUSE Linux Enterprise Micro 5.1
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
ImportantSUSE bug 1164384SUSE bug 1199235CVE-2019-20454 at SUSECVE-2019-20454 at NVDCVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:suse-microos:5.1Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
ModerateSUSE bug 1198627CVE-2022-29458 at SUSECVE-2022-29458 at NVDcpe:/o:suse:suse-microos:5.1Security update for samba (Critical)SUSE Linux Enterprise Micro 5.1
- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);
samba was updated to 4.15.4 (jsc#SLE-23329);
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set 'client max protocol' to NT1 before
calling the 'Reconnecting with SMB1 for workgroup listing'
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* 'smbd --build-options' no longer works without an smb.conf file;
(bso#14945);
Samba was updated to version 4.15.3
+ CVE-2021-43566: Symlink race error can allow directory creation
outside of the exported share; (bsc#1139519);
+ CVE-2021-20316: Symlink race error can allow metadata read and
modify outside of the exported share; (bsc#1191227);
- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba
krb5 was updated to 1.16.3 to 1.19.2
* Fix a denial of service attack against the KDC encrypted challenge code; (CVE-2021-36222);
* Fix a memory leak when gss_inquire_cred() is called without a credential handle.
Changes from 1.19.1:
* Fix a linking issue with Samba.
* Better support multiple pkinit_identities values by checking whether
certificates can be loaded for each value.
Changes from 1.19
Administrator experience
* When a client keytab is present, the GSSAPI krb5 mech will refresh
credentials even if the current credentials were acquired manually.
* It is now harder to accidentally delete the K/M entry from a KDB.
Developer experience
* gss_acquire_cred_from() now supports the 'password' and 'verify'
options, allowing credentials to be acquired via password and
verified using a keytab key.
* When an application accepts a GSS security context, the new
GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor
both provided matching channel bindings.
* Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self requests
to identify the desired client principal by certificate.
* PKINIT certauth modules can now cause the hw-authent flag to be set
in issued tickets.
* The krb5_init_creds_step() API will now issue the same password
expiration warnings as krb5_get_init_creds_password().
Protocol evolution
* Added client and KDC support for Microsoft's Resource-Based Constrained
Delegation, which allows cross-realm S4U2Proxy requests. A third-party
database module is required for KDC support.
* kadmin/admin is now the preferred server principal name for kadmin
connections, and the host-based form is no longer created by default.
The client will still try the host-based form as a fallback.
* Added client and server support for Microsoft's KERB_AP_OPTIONS_CBT
extension, which causes channel bindings to be required for the
initiator if the acceptor provided them. The client will send this
option if the client_aware_gss_bindings profile option is set.
User experience
* kinit will now issue a warning if the des3-cbc-sha1 encryption type is
used in the reply. This encryption type will be deprecated and removed
in future releases.
* Added kvno flags --out-cache, --no-store, and --cached-only
(inspired by Heimdal's kgetcred).
Changes from 1.18.3
* Fix a denial of service vulnerability when decoding Kerberos
protocol messages.
* Fix a locking issue with the LMDB KDB module which could cause
KDC and kadmind processes to lose access to the database.
* Fix an assertion failure when libgssapi_krb5 is repeatedly loaded
and unloaded while libkrb5support remains loaded.
Changes from 1.18.2
* Fix a SPNEGO regression where an acceptor using the default credential
would improperly filter mechanisms, causing a negotiation failure.
* Fix a bug where the KDC would fail to issue tickets if the local krbtgt
principal's first key has a single-DES enctype.
* Add stub functions to allow old versions of OpenSSL libcrypto to link
against libkrb5.
* Fix a NegoEx bug where the client name and delegated credential might
not be reported.
Changes from 1.18.1
* Fix a crash when qualifying short hostnames when the system has
no primary DNS domain.
* Fix a regression when an application imports 'service@' as a GSS
host-based name for its acceptor credential handle.
* Fix KDC enforcement of auth indicators when they are modified by
the KDB module.
* Fix removal of require_auth string attributes when the LDAP KDB
module is used.
* Fix a compile error when building with musl libc on Linux.
* Fix a compile error when building with gcc 4.x.
* Change the KDC constrained delegation precedence order for consistency
with Windows KDCs.
Changes from 1.18
Administrator experience:
* Remove support for single-DES encryption types.
* Change the replay cache format to be more efficient and robust.
Replay cache filenames using the new format end with '.rcache2'
by default.
* setuid programs will automatically ignore environment variables
that normally affect krb5 API functions, even if the caller does
not use krb5_init_secure_context().
* Add an 'enforce_ok_as_delegate' krb5.conf relation to disable
credential forwarding during GSSAPI authentication unless the KDC
sets the ok-as-delegate bit in the service ticket.
* Use the permitted_enctypes krb5.conf setting as the default value
for default_tkt_enctypes and default_tgs_enctypes.
Developer experience:
* Implement krb5_cc_remove_cred() for all credential cache types.
* Add the krb5_pac_get_client_info() API to get the client account
name from a PAC.
Protocol evolution:
* Add KDC support for S4U2Self requests where the user is identified
by X.509 certificate. (Requires support for certificate lookup from
a third-party KDB module.)
* Remove support for an old ('draft 9') variant of PKINIT.
* Add support for Microsoft NegoEx. (Requires one or more third-party
GSS modules implementing NegoEx mechanisms.)
User experience:
* Add support for 'dns_canonicalize_hostname=fallback', causing
host-based principal names to be tried first without DNS
canonicalization, and again with DNS canonicalization if the
un-canonicalized server is not found.
* Expand single-component hostnames in host-based principal names
when DNS canonicalization is not used, adding the system's first DNS
search path as a suffix. Add a 'qualify_shortname' krb5.conf relation
to override this suffix or disable expansion.
* Honor the transited-policy-checked ticket flag on application servers,
eliminating the requirement to configure capaths on servers in some
scenarios.
Code quality:
* The libkrb5 serialization code (used to export and import krb5 GSS
security contexts) has been simplified and made type-safe.
* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED
messages has been revised to conform to current coding practices.
* The test suite has been modified to work with macOS System Integrity
Protection enabled.
* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support
can always be tested.
Changes from 1.17.1
* Fix a bug preventing 'addprinc -randkey -kvno' from working in kadmin.
* Fix a bug preventing time skew correction from working when a KCM
credential cache is used.
Changes from 1.17:
Administrator experience:
* A new Kerberos database module using the Lightning Memory-Mapped
Database library (LMDB) has been added. The LMDB KDB module should
be more performant and more robust than the DB2 module, and may
become the default module for new databases in a future release.
* 'kdb5_util dump' will no longer dump policy entries when specific
principal names are requested.
Developer experience:
* The new krb5_get_etype_info() API can be used to retrieve enctype,
salt, and string-to-key parameters from the KDC for a client
principal.
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
principal names to be used with GSS-API functions.
* KDC and kadmind modules which call com_err() will now write to the
log file in a format more consistent with other log messages.
* Programs which use large numbers of memory credential caches should
perform better.
Protocol evolution:
* The SPAKE pre-authentication mechanism is now supported. This
mechanism protects against password dictionary attacks without
requiring any additional infrastructure such as certificates. SPAKE
is enabled by default on clients, but must be manually enabled on
the KDC for this release.
* PKINIT freshness tokens are now supported. Freshness tokens can
protect against scenarios where an attacker uses temporary access to
a smart card to generate authentication requests for the future.
* Password change operations now prefer TCP over UDP, to avoid
spurious error messages about replays when a response packet is
dropped.
* The KDC now supports cross-realm S4U2Self requests when used with a
third-party KDB module such as Samba's. The client code for
cross-realm S4U2Self requests is also now more robust.
User experience:
* The new ktutil addent -f flag can be used to fetch salt information
from the KDC for password-based keys.
* The new kdestroy -p option can be used to destroy a credential cache
within a collection by client principal name.
* The Kerberos man page has been restored, and documents the
environment variables that affect programs using the Kerberos
library.
Code quality:
* Python test scripts now use Python 3.
* Python test scripts now display markers in verbose output, making it
easier to find where a failure occurred within the scripts.
* The Windows build system has been simplified and updated to work
with more recent versions of Visual Studio. A large volume of
unused Windows-specific code has been removed. Visual Studio 2013
or later is now required.
- Build with full Cyrus SASL support. Negotiating SASL credentials with
an EXTERNAL bind mechanism requires interaction. Kerberos provides its
own interaction function that skips all interaction, thus preventing the
mechanism from working.
ldb was updated to version 2.4.1 (jsc#SLE-23329);
- Release 2.4.1
+ Corrected python behaviour for 'in' for LDAP attributes
contained as part of ldb.Message; (bso#14845);
+ Fix memory handling in ldb.msg_diff; (bso#14836);
- Release 2.4.0
+ pyldb: Fix Message.items() for a message containing elements
+ pyldb: Add test for Message.items()
+ tests: Use ldbsearch '--scope instead of '-s'
+ Change page size of guidindexpackv1.ldb
+ Use a 1MiB lmdb so the test also passes on aarch64 CentOS stream
+ attrib_handler casefold: simplify space dropping
+ fix ldb_comparison_fold off-by-one overrun
+ CVE-2020-27840: pytests: move Dn.validate test to ldb
+ CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode
+ CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds
+ CVE-2021-20277 ldb tests: ldb_match tests with extra spaces
+ improve comments for ldb_module_connect_backend()
+ test/ldb_tdb: correct introductory comments
+ ldb.h: remove undefined async_ctx function signatures
+ correct comments in attrib_handers val_to_int64
+ dn tests use cmocka print functions
+ ldb_match: remove redundant check
+ add tests for ldb_wildcard_compare
+ ldb_match: trailing chunk must match end of string
+ pyldb: catch potential overflow error in py_timestring
+ ldb: remove some 'if PY3's in tests
talloc was updated to 2.3.3:
+ various bugfixes
+ python: Ensure reference counts are properly incremented
+ Change pytalloc source to LGPL
+ Upgrade waf to 2.0.18 to fix a cross-compilation issue;
(bso#13846).
tdb was updated to version 1.4.4:
+ various bugfixes
tevent was updated to version 0.11.0:
+ Add custom tag to events
+ Add event trace api
sssd was updated to:
- Fix tests test_copy_ccache & test_copy_keytab for later versions of krb5
- Update the private ldb modules installation following libldb2
changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba
apparmor was updated to:
- Cater for changes to ldb packaging to allow parallel installation with libldb (bsc#1192684).
- add profile for samba-bgqd (bsc#1191532).
CriticalSUSE bug 1139519SUSE bug 1183572SUSE bug 1183574SUSE bug 1188571SUSE bug 1191227SUSE bug 1191532SUSE bug 1192684SUSE bug 1193690SUSE bug 1194859SUSE bug 1195048CVE-2020-27840 at SUSECVE-2020-27840 at NVDCVE-2021-20277 at SUSECVE-2021-20277 at NVDCVE-2021-20316 at SUSECVE-2021-20316 at NVDCVE-2021-36222 at SUSECVE-2021-36222 at NVDCVE-2021-43566 at SUSECVE-2021-43566 at NVDCVE-2021-44141 at SUSECVE-2021-44141 at NVDCVE-2021-44142 at SUSECVE-2021-44142 at NVDCVE-2022-0336 at SUSECVE-2022-0336 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate)SUSE Linux Enterprise Micro 5.1
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
ModerateSUSE bug 1195916SUSE bug 1196696CVE-2020-29651 at SUSECVE-2020-29651 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
Updated to version 3.4.7:
- CVE-2022-1227: Fixed an issue that could allow an attacker to publish
a malicious image to a public registry and run arbitrary code in the
victim's context via the 'podman top' command (bsc#1182428).
- CVE-2022-27191: Fixed a potential crash via SSH under specific
configurations (bsc#1197284).
- CVE-2022-21698: Fixed a potential denial of service that affected
servers that used Prometheus instrumentation (bsc#1196338).
ImportantSUSE bug 1182428SUSE bug 1196338SUSE bug 1197284CVE-2022-1227 at SUSECVE-2022-1227 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.1Security update for systemd-presets-common-SUSE (Moderate)SUSE Linux Enterprise Micro 5.1
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
ModerateSUSE bug 1199524SUSE bug 1200485CVE-2022-1706 at SUSECVE-2022-1706 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598)
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- Fixed battery detection problem on macbooks (bnc#1201206).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- Sort in RETbleed backport into the sorted section Now that it is upstream..
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- amd-xgbe: Update DMA coherency values (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: do not delete queue kobject before its children (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559).
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules.
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559).
- kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559).
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559).
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/slub: add missing TID updates on slab deactivation (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules.
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
ImportantSUSE bug 1178134SUSE bug 1196616SUSE bug 1198829SUSE bug 1199364SUSE bug 1199647SUSE bug 1199665SUSE bug 1199670SUSE bug 1200015SUSE bug 1200521SUSE bug 1200598SUSE bug 1200644SUSE bug 1200651SUSE bug 1200762SUSE bug 1200910SUSE bug 1201196SUSE bug 1201206SUSE bug 1201251SUSE bug 1201381SUSE bug 1201429SUSE bug 1201442SUSE bug 1201458SUSE bug 1201635SUSE bug 1201636SUSE bug 1201644SUSE bug 1201645SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1201846SUSE bug 1201930SUSE bug 1201940SUSE bug 1201954SUSE bug 1201956SUSE bug 1201958SUSE bug 1202154CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1116 at SUSECVE-2022-1116 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free (bsc#1193727).
- CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
- CVE-2021-4149: Fixed improper lock operation in btrfs that allowed users to crash the kernel or deadlock the system (bsc#1194001).
- CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
- CVE-2021-4202: Fixed race condition in nci_request() that could cause use-after-free (bsc#1194529).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-46283: Fixed missing initialization in nf_tables_newset in net/netfilter/nf_tables_api.c that could cause a denial of service (bnc#1194518).
- CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
- CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
The following non-security bugs were fixed:
- acpi: APD: Check for NULL pointer after calling devm_ioremap() (git-fixes).
- acpi: Add stubs for wakeup handler functions (git-fixes).
- acpi: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (git-fixes).
- alsa: PCM: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- alsa: ctl: Fix copy of updated id with element read/write (git-fixes).
- alsa: drivers: opl3: Fix incorrect use of vp->state (git-fixes).
- alsa: hda/hdmi: Disable silent stream on GLK (git-fixes).
- alsa: hda/realtek - Add headset Mic support for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master after reboot from Windows (git-fixes).
- alsa: hda/realtek: Add a quirk for HP OMEN 15 mute LED (git-fixes).
- alsa: hda/realtek: Add quirk for ASRock NUC Box 1100 (git-fixes).
- alsa: hda/realtek: Amp init fixup for HP ZBook 15 G6 (git-fixes).
- alsa: hda/realtek: Fix quirk for Clevo NJ51CU (git-fixes).
- alsa: hda/realtek: Fix quirk for TongFang PHxTxX1 (git-fixes).
- alsa: hda/realtek: Fixes HP Spectre x360 15-eb1xxx speakers (git-fixes).
- alsa: hda/realtek: Headset fixup for Clevo NH77HJQ (git-fixes).
- alsa: hda: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- alsa: hda: Make proper use of timecounter (git-fixes).
- alsa: jack: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- alsa: jack: Check the return value of kstrdup() (git-fixes).
- alsa: oss: fix compile error when OSS_DEBUG is enabled (git-fixes).
- alsa: pcm: oss: Fix negative period/buffer sizes (git-fixes).
- alsa: pcm: oss: Handle missing errors in snd_pcm_oss_change_params*() (git-fixes).
- alsa: pcm: oss: Limit the period size to 16MB (git-fixes).
- alsa: usb-audio: Drop superfluous '0' in Presonus Studio 1810c's ID (git-fixes).
- alsa: usb-audio: Line6 HX-Stomp XL USB_ID for 48k-fixed quirk (git-fixes).
- amd/display: downgrade validation failure log level (git-fixes).
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- asoc: codecs: wcd934x: handle channel mappping list correctly (git-fixes).
- asoc: codecs: wcd934x: return correct value from mixer put (git-fixes).
- asoc: codecs: wcd934x: return error code correctly from hw_params (git-fixes).
- asoc: codecs: wsa881x: fix return values from kcontrol put (git-fixes).
- asoc: cs42l42: Correct configuring of switch inversion from ts-inv (git-fixes).
- asoc: cs42l42: Disable regulators if probe fails (git-fixes).
- asoc: cs42l42: Use device_property API instead of of_property (git-fixes).
- asoc: fsl_asrc: refine the check of available clock divider (git-fixes).
- asoc: fsl_mqs: fix MODULE_ALIAS (git-fixes).
- asoc: mediatek: Check for error clk pointer (git-fixes).
- asoc: meson: aiu: Move AIU_I2S_MISC hold setting to aiu-fifo-i2s (git-fixes).
- asoc: meson: aiu: fifo: Add missing dma_coerce_mask_and_coherent() (git-fixes).
- asoc: qdsp6: q6routing: Fix return value from msm_routing_put_audio_mixer (git-fixes).
- asoc: rt5663: Handle device_property_read_u32_array error codes (git-fixes).
- asoc: samsung: idma: Check of ioremap return value (git-fixes).
- asoc: soc-core: fix null-ptr-deref in snd_soc_del_component_unlocked() (git-fixes).
- asoc: sunxi: fix a sound binding broken reference (git-fixes).
- asoc: tegra: Fix kcontrol put callback in ADMAIF (git-fixes).
- asoc: tegra: Fix kcontrol put callback in AHUB (git-fixes).
- asoc: tegra: Fix kcontrol put callback in DMIC (git-fixes).
- asoc: tegra: Fix kcontrol put callback in DSPK (git-fixes).
- asoc: tegra: Fix kcontrol put callback in I2S (git-fixes).
- asoc: tegra: Fix wrong value type in ADMAIF (git-fixes).
- asoc: tegra: Fix wrong value type in DMIC (git-fixes).
- asoc: tegra: Fix wrong value type in DSPK (git-fixes).
- asoc: tegra: Fix wrong value type in I2S (git-fixes).
- asoc: uniphier: drop selecting non-existing SND_SOC_UNIPHIER_AIO_DMA (git-fixes).
- ata: ahci: Add Green Sardine vendor ID as board_ahci_mobile (git-fixes).
- atlantic: Fix buff_ring OOB in aq_ring_rx_clean (git-fixes).
- ax25: NPD bug when detaching AX25 device (git-fixes).
- backlight: qcom-wled: Fix off-by-one maximum with default num_strings (git-fixes).
- backlight: qcom-wled: Override default length with qcom,enabled-strings (git-fixes).
- backlight: qcom-wled: Pass number of elements to read to read_u32_array (git-fixes).
- backlight: qcom-wled: Validate enabled string indices in DT (git-fixes).
- batman-adv: mcast: do not send link-local multicast to mcast routers (git-fixes).
- blk-cgroup: synchronize blkg creation against policy deactivation (bsc#1194584).
- block/scsi-ioctl: Fix kernel-infoleak in scsi_put_cdrom_generic_arg() (git-fixes).
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586).
- bluetooth: L2CAP: Fix using wrong mode (git-fixes).
- bluetooth: bfusb: fix division by zero in send path (git-fixes).
- bluetooth: btmtksdio: fix resume failure (git-fixes).
- bluetooth: btusb: fix memory leak in btusb_mtk_submit_wmt_recv_urb() (git-fixes).
- bluetooth: cmtp: fix possible panic when cmtp_init_sockets() fails (git-fixes).
- bluetooth: hci_bcm: Check for error irq (git-fixes).
- bluetooth: hci_qca: Stop IBS timer during BT OFF (git-fixes).
- bluetooth: stop proccessing malicious adv data (git-fixes).
- can: gs_usb: fix use of uninitialized variable, detach device on reception of invalid USB data (git-fixes).
- can: gs_usb: gs_can_start_xmit(): zero-initialize hf->{flags,reserved} (git-fixes).
- can: kvaser_usb: get CAN clock frequency from device (git-fixes).
- can: sja1000: fix use after free in ems_pcmcia_add_card() (git-fixes).
- can: softing: softing_startstop(): fix set but not used variable warning (git-fixes).
- can: softing_cs: softingcs_probe(): fix memleak on registration failure (git-fixes).
- can: usb_8dev: remove unused member echo_skb from struct usb_8dev_priv (git-fixes).
- can: xilinx_can: xcan_probe(): check for error irq (git-fixes).
- char/mwave: Adjust io port register size (git-fixes).
- clk: Do not parent clks until the parent is fully registered (git-fixes).
- clk: Gemini: fix struct name in kernel-doc (git-fixes).
- clk: bcm-2835: Pick the closest clock rate (git-fixes).
- clk: bcm-2835: Remove rounding up the dividers (git-fixes).
- clk: imx8mn: Fix imx8mn_clko1_sels (git-fixes).
- clk: imx: pllv1: fix kernel-doc notation for struct clk_pllv1 (git-fixes).
- clk: qcom: gcc-msm8996: Drop (again) gcc_aggre1_pnoc_ahb_clk (git-fixes).
- clk: qcom: regmap-mux: fix parent clock lookup (git-fixes).
- clk: stm32: Fix ltdc's clock turn off by clk_disable_unused() after system enter shell (git-fixes).
- crypto: caam - replace this_cpu_ptr with raw_cpu_ptr (git-fixes).
- crypto: mxs-dcp - Use sg_mapping_iter to copy data (git-fixes).
- crypto: omap-sham - clear dma flags only after omap_sham_update_dma_stop() (git-fixes).
- crypto: qat - do not ignore errors from enable_vf2pf_comms() (git-fixes).
- crypto: qat - fix reuse of completion variable (git-fixes).
- crypto: qat - handle both source of interrupt in VF ISR (git-fixes).
- crypto: qce - fix uaf on qce_ahash_register_one (git-fixes).
- crypto: stm32/crc32 - Fix kernel BUG triggered in probe() (git-fixes).
- crypto: stm32/cryp - fix double pm exit (git-fixes).
- crypto: stm32/cryp - fix lrw chaining mode (git-fixes).
- crypto: stm32/cryp - fix xts and race condition in crypto_engine requests (git-fixes).
- debugfs: lockdown: Allow reading debugfs files that are not world readable (bsc#1193328).
- device property: Fix documentation for FWNODE_GRAPH_DEVICE_DISABLED (git-fixes).
- dm crypt: document encrypted keyring key option (git-fixes).
- dm writecache: add 'cleaner' and 'max_age' to Documentation (git-fixes).
- dm writecache: advance the number of arguments when reporting max_age (git-fixes).
- dm writecache: fix performance degradation in ssd mode (git-fixes).
- dm writecache: flush origin device when writing and cache is full (git-fixes).
- dma_fence_array: Fix PENDING_ERROR leak in dma_fence_array_signaled() (git-fixes).
- dmaengine: at_xdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_xdmac: Fix at_xdmac_lld struct definition (git-fixes).
- dmaengine: at_xdmac: Fix concurrency over xfers_list (git-fixes).
- dmaengine: at_xdmac: Fix lld view setting (git-fixes).
- dmaengine: at_xdmac: Print debug message after realeasing the lock (git-fixes).
- dmaengine: bestcomm: fix system boot lockups (git-fixes).
- dmaengine: idxd: add module parameter to force disable of SVA (bsc#1192931).
- dmaengine: idxd: enable SVA feature for IOMMU (bsc#1192931).
- dmaengine: pxa/mmp: stop referencing config->slave_id (git-fixes).
- dmaengine: st_fdma: fix MODULE_ALIAS (git-fixes).
- documentation: ACPI: Fix data node reference documentation (git-fixes).
- documentation: dmaengine: Correctly describe dmatest with channel unset (git-fixes).
- documentation: refer to config RANDOMIZE_BASE for kernel address-space randomization (git-fixes).
- drm/amd/amdgpu: Increase HWIP_MAX_INSTANCE to 10 (git-fixes).
- drm/amd/display: Fix for the no Audio bug with Tiled Displays (git-fixes).
- drm/amd/display: Update bounding box states (v2) (git-fixes).
- drm/amd/display: Update number of DCN3 clock states (git-fixes).
- drm/amd/display: add connector type check for CRC source set (git-fixes).
- drm/amd/display: dcn20_resource_construct reduce scope of FPU enabled (git-fixes).
- drm/amd/display: fix incorrect CM/TF programming sequence in dwb (git-fixes).
- drm/amd/display: fix missing writeback disablement if plane is removed (git-fixes).
- drm/amdgpu: Fix a NULL pointer dereference in amdgpu_connector_lcd_native_mode() (git-fixes).
- drm/amdgpu: Fix a printing message (git-fixes).
- drm/amdgpu: Fix amdgpu_ras_eeprom_init() (git-fixes).
- drm/amdgpu: correct register access for RLC_JUMP_TABLE_RESTORE (git-fixes).
- drm/amdgpu: revert 'Add autodump debugfs node for gpu reset v8' (git-fixes).
- drm/amdkfd: Account for SH/SE count when setting up cu masks (git-fixes).
- drm/amdkfd: Check for null pointer after calling kmemdup (git-fixes).
- drm/ast: potential dereference of null pointer (git-fixes).
- drm/atomic: Check new_crtc_state->active to determine if CRTC needs disable in self refresh mode (git-fixes).
- drm/bridge: analogix_dp: Make PSR-exit block less (git-fixes).
- drm/bridge: display-connector: fix an uninitialized pointer in probe() (git-fixes).
- drm/bridge: nwl-dsi: Avoid potential multiplication overflow on 32-bit (git-fixes).
- drm/bridge: ti-sn65dsi86: Set max register for regmap (git-fixes).
- drm/display: fix possible null-pointer dereference in dcn10_set_clock() (git-fixes).
- drm/exynos: Always initialize mapping in exynos_drm_register_dma() (git-fixes).
- drm/i915/fb: Fix rounding error in subsampled plane size calculation (git-fixes).
- drm/i915: Avoid bitwise vs logical OR warning in snb_wm_latency_quirk() (git-fixes).
- drm/mediatek: Check plane visibility in atomic_update (git-fixes).
- drm/msm/dpu: fix safe status debugfs file (git-fixes).
- drm/msm/dsi: Fix DSI and DSI PHY regulator config from SDM660 (git-fixes).
- drm/msm/dsi: set default num_data_lanes (git-fixes).
- drm/msm/mdp5: fix cursor-related warnings (git-fixes).
- drm/msm: mdp4: drop vblank get/put from prepare/complete_commit (git-fixes).
- drm/msm: prevent NULL dereference in msm_gpu_crashstate_capture() (git-fixes).
- drm/panel: innolux-p079zca: Delete panel on attach() failure (git-fixes).
- drm/panel: kingdisplay-kd097d04: Delete panel on attach() failure (git-fixes).
- drm/radeon/radeon_kms: Fix a NULL pointer dereference in radeon_driver_open_kms() (git-fixes).
- drm/rockchip: dsi: Disable PLL clock on bind error (git-fixes).
- drm/rockchip: dsi: Fix unbalanced clock on probe error (git-fixes).
- drm/rockchip: dsi: Hold pm-runtime across bind/unbind (git-fixes).
- drm/rockchip: dsi: Reconfigure hardware on resume() (git-fixes).
- drm/sun4i: dw-hdmi: Fix missing put_device() call in sun8i_hdmi_phy_get (git-fixes).
- drm/sun4i: fix unmet dependency on RESET_CONTROLLER for PHY_SUN6I_MIPI_DPHY (git-fixes).
- drm/syncobj: Deal with signalled fences in drm_syncobj_find_fence (git-fixes).
- drm/tegra: vic: Fix DMA API misuse (git-fixes).
- drm/vboxvideo: fix a NULL vs IS_ERR() check (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered up during bind (git-fixes).
- drm/vc4: hdmi: Set HD_CTL_WHOLSMP and HD_CTL_CHALIGN_SET (git-fixes).
- drm/vc4: hdmi: Set a default HSM rate (git-fixes).
- drm: fix null-ptr-deref in drm_dev_init_release() (git-fixes).
- drm: xlnx: zynqmp: release reset to DP controller before accessing DP registers (git-fixes).
- drm: xlnx: zynqmp_dpsub: Call pm_runtime_get_sync before setting pixel clock (git-fixes).
- eeprom: idt_89hpesx: Put fwnode in matching case during ->probe() (git-fixes).
- eeprom: idt_89hpesx: Restore printing the unsupported fwnode name (git-fixes).
- ext4: Avoid trim error on fs with small groups (bsc#1191271).
- ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580).
- fget: clarify and improve __fget_files() implementation (bsc#1193727).
- firmware: Update Kconfig help text for Google firmware (git-fixes).
- firmware: arm_scmi: pm: Propagate return value to caller (git-fixes).
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (git-fixes).
- firmware: qcom_scm: Fix error retval in __qcom_scm_is_call_available() (git-fixes).
- firmware: qemu_fw_cfg: fix NULL-pointer deref on duplicate entries (git-fixes).
- firmware: qemu_fw_cfg: fix kobject leak in probe error path (git-fixes).
- firmware: qemu_fw_cfg: fix sysfs information leak (git-fixes).
- firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()' (git-fixes).
- firmware: smccc: Fix check for ARCH_SOC_ID not implemented (git-fixes).
- firmware: tegra: Fix error application of sizeof() to pointer (git-fixes).
- firmware: tegra: Reduce stack usage (git-fixes).
- firmware_loader: fix pre-allocated buf built-in firmware use (git-fixes).
- floppy: Fix hang in watchdog when disk is ejected (git-fixes).
- flow_offload: return EOPNOTSUPP for the unsupported mpls action type (bsc#1154353).
- fuse: Pass correct lend value to filemap_write_and_wait_range() (bsc#1194953).
- gpiolib: acpi: Make set-debounce-timeout failures non fatal (git-fixes).
- gpu: host1x: Add back arm_iommu_detach_device() (git-fixes).
- hid: add USB_HID dependancy to hid-chicony (git-fixes).
- hid: add USB_HID dependancy to hid-prodikeys (git-fixes).
- hid: asus: Add depends on USB_HID to HID_ASUS Kconfig option (git-fixes).
- hid: bigbenff: prevent null pointer dereference (git-fixes).
- hid: google: add eel USB id (git-fixes).
- hid: hid-uclogic-params: Invalid parameter check in uclogic_params_frame_init_v1_buttonpad (git-fixes).
- hid: hid-uclogic-params: Invalid parameter check in uclogic_params_get_str_desc (git-fixes).
- hid: hid-uclogic-params: Invalid parameter check in uclogic_params_huion_init (git-fixes).
- hid: hid-uclogic-params: Invalid parameter check in uclogic_params_init (git-fixes).
- hid: quirks: Add quirk for the Microsoft Surface 3 type-cover (git-fixes).
- hwmon: (lm90) Add basic support for TI TMP461 (git-fixes).
- hwmon: (lm90) Add max6654 support to lm90 driver (git-fixes).
- hwmon: (lm90) Do not report 'busy' status bit as alarm (git-fixes).
- hwmon: (lm90) Drop critical attribute support for MAX6654 (git-fixes).
- hwmon: (lm90) Fix usage of CONFIG2 register in detect function (git-fixes).
- hwmon: (lm90) Introduce flag indicating extended temperature support (git-fixes).
- i2c: rk3x: Handle a spurious start completion interrupt flag (git-fixes).
- i2c: validate user data in compat ioctl (git-fixes).
- i3c: fix incorrect address slot lookup on 64-bit (git-fixes).
- i3c: master: dw: check return of dw_i3c_master_get_free_pos() (git-fixes).
- i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc (git-fixes).
- i40e: Fix for displaying message regarding NVM version (git-fixes).
- i40e: Fix incorrect netdev's real number of RX/TX queues (git-fixes).
- i40e: Fix to not show opcode msg on unsuccessful VF MAC change (git-fixes).
- i40e: fix use-after-free in i40e_sync_filters_subtask() (git-fixes).
- iavf: Fix limit of total number of queues to active queues of VF (git-fixes).
- iavf: restore MSI state on reset (git-fixes).
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr (git-fixes).
- ieee802154: fix error return code in ieee802154_add_iface() (git-fixes).
- ieee802154: fix error return code in ieee802154_llsec_getparams() (git-fixes).
- ieee802154: hwsim: Fix memory leak in hwsim_add_one (git-fixes).
- ieee802154: hwsim: Fix possible memory leak in hwsim_subscribe_all_others (git-fixes).
- ieee802154: hwsim: avoid possible crash in hwsim_del_edge_nl() (git-fixes).
- ieee802154: hwsim: fix GPF in hwsim_set_edge_lqi (git-fixes).
- igb: Fix removal of unicast MAC filters of VFs (git-fixes).
- igbvf: fix double free in `igbvf_probe` (git-fixes).
- igc: Fix typo in i225 LTR functions (jsc#SLE-13533).
- iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove (git-fixes).
- iio: ad7768-1: Call iio_trigger_notify_done() on error (git-fixes).
- iio: adc: axp20x_adc: fix charging current reporting on AXP22x (git-fixes).
- iio: at91-sama5d2: Fix incorrect sign extension (git-fixes).
- iio: dln2-adc: Fix lockdep complaint (git-fixes).
- iio: dln2: Check return value of devm_iio_trigger_register() (git-fixes).
- iio: itg3200: Call iio_trigger_notify_done() on error (git-fixes).
- iio: kxsd9: Do not return error code in trigger handler (git-fixes).
- iio: ltr501: Do not return error code in trigger handler (git-fixes).
- iio: mma8452: Fix trigger reference couting (git-fixes).
- iio: stk3310: Do not return error code in interrupt handler (git-fixes).
- iio: trigger: Fix reference counting (git-fixes).
- iio: trigger: stm32-timer: fix MODULE_ALIAS (git-fixes).
- input: appletouch - initialize work before device registration (git-fixes).
- input: atmel_mxt_ts - fix double free in mxt_read_info_block (git-fixes).
- input: elantech - fix stack out of bound access in elantech_change_report_id() (git-fixes).
- input: i8042 - add deferred probe support (bsc#1190256).
- input: i8042 - enable deferred probe quirk for ASUS UM325UA (bsc#1190256).
- input: max8925_onkey - do not mark comment as kernel-doc (git-fixes).
- input: spaceball - fix parsing of movement data packets (git-fixes).
- input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- input: ti_am335x_tsc - set ADCREFM for X configuration (git-fixes).
- ionic: Initialize the 'lif->dbid_inuse' bitmap (bsc#1167773).
- isofs: Fix out of bound access for corrupted isofs image (bsc#1194591).
- iwlwifi: fw: correctly limit to monitor dump (git-fixes).
- iwlwifi: mvm: Fix scan channel flags settings (git-fixes).
- iwlwifi: mvm: Use div_s64 instead of do_div in iwl_mvm_ftm_rtt_smoothing() (git-fixes).
- iwlwifi: mvm: avoid static queue number aliasing (git-fixes).
- iwlwifi: mvm: disable RX-diversity in powersave (git-fixes).
- iwlwifi: mvm: fix 32-bit build in FTM (git-fixes).
- iwlwifi: mvm: fix access to BSS elements (git-fixes).
- iwlwifi: mvm: test roc running status bits before removing the sta (git-fixes).
- iwlwifi: pcie: free RBs during configure (git-fixes).
- ixgbe: set X550 MDIO speed before talking to PHY (git-fixes).
- kabi/severities: Add a kabi exception for drivers/tee/tee
- kmod: make request_module() return an error when autoloading is disabled (git-fixes).
- kobject: Restore old behaviour of kobject_del(NULL) (git-fixes).
- kobject_uevent: remove warning in init_uevent_argv() (git-fixes).
- kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
- libata: add horkage for ASMedia 1092 (git-fixes).
- libata: if T_LENGTH is zero, dma direction should be DMA_NONE (git-fixes).
- livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
- lockdown: Allow unprivileged users to see lockdown status (git-fixes).
- mISDN: change function names to avoid conflicts (git-fixes).
- mac80211: Fix monitor MTU limit so that A-MSDUs get through (git-fixes).
- mac80211: agg-tx: do not schedule_and_wake_txq() under sta->lock (git-fixes).
- mac80211: do not access the IV when it was stripped (git-fixes).
- mac80211: fix lookup when adding AddBA extension element (git-fixes).
- mac80211: fix regression in SSN handling of addba tx (git-fixes).
- mac80211: initialize variable have_higher_than_11mbit (git-fixes).
- mac80211: mark TX-during-stop for TX in in_reconfig (git-fixes).
- mac80211: send ADDBA requests using the tid/queue of the aggregation session (git-fixes).
- mac80211: track only QoS data frames for admission control (git-fixes).
- mac80211: validate extended element ID is present (git-fixes).
- mailbox: hi3660: convert struct comments to kernel-doc notation (git-fixes).
- media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
- media: aspeed: Update signal status immediately to ensure sane hw state (git-fixes).
- media: aspeed: fix mode-detect always time out at 2nd run (git-fixes).
- media: cpia2: fix control-message timeouts (git-fixes).
- media: dib0700: fix undefined behavior in tuner shutdown (git-fixes).
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- media: dmxdev: fix UAF when dvb_register_device() fails (git-fixes).
- media: dw2102: Fix use after free (git-fixes).
- media: em28xx: fix control-message timeouts (git-fixes).
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- media: hantro: Fix probe func error path (git-fixes).
- media: i2c: imx274: fix trivial typo expsoure/exposure (git-fixes).
- media: i2c: imx274: fix trivial typo obainted/obtained (git-fixes).
- media: imx-pxp: Initialize the spinlock prior to using it (git-fixes).
- media: mceusb: fix control-message timeouts (git-fixes).
- media: msi001: fix possible null-ptr-deref in msi001_probe() (git-fixes).
- media: mtk-vcodec: call v4l2_m2m_ctx_release first when file is released (git-fixes).
- media: pvrusb2: fix control-message timeouts (git-fixes).
- media: rcar-csi2: Correct the selection of hsfreqrange (git-fixes).
- media: rcar-csi2: Optimize the selection PHTW register (git-fixes).
- media: redrat3: fix control-message timeouts (git-fixes).
- media: s2255: fix control-message timeouts (git-fixes).
- media: saa7146: mxb: Fix a NULL pointer dereference in mxb_attach() (git-fixes).
- media: si2157: Fix 'warm' tuner state detection (git-fixes).
- media: si470x-i2c: fix possible memory leak in si470x_i2c_probe() (git-fixes).
- media: stk1160: fix control-message timeouts (git-fixes).
- media: streamzap: remove unnecessary ir_raw_event_reset and handle (git-fixes).
- media: uvcvideo: fix division by zero at stream start (git-fixes).
- media: venus: core: Fix a resource leak in the error handling path of 'venus_probe()' (git-fixes).
- memblock: ensure there is no overflow in memblock_overlaps_region() (git-fixes).
- memory: emif: Remove bogus debugfs error handling (git-fixes).
- mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() (git-fixes).
- misc: fastrpc: Add missing lock before accessing find_vma() (git-fixes).
- misc: fastrpc: fix improper packet size calculation (git-fixes).
- misc: lattice-ecp3-config: Fix task hung when firmware load failed (git-fixes).
- mmc: meson-mx-sdio: add IRQ check (git-fixes).
- mmc: sdhci-esdhc-imx: clear the buffer_read_ready to reset standard tuning circuit (git-fixes).
- mmc: sdhci-esdhc-imx: disable CMDQ support (git-fixes).
- mmc: sdhci-pci: Add PCI ID for Intel ADL (git-fixes).
- mmc: sdhci-tegra: Fix switch to HS400ES mode (git-fixes).
- moxart: fix potential use-after-free on remove path (bsc#1194516).
- mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode (git-fixes).
- mt76: mt7915: fix an off-by-one bound check (git-fixes).
- mtd: rawnand: fsmc: Fix timing computation (git-fixes).
- mtd: rawnand: fsmc: Take instruction delay into account (git-fixes).
- mtd: rawnand: mpc5121: Remove unused variable in ads5121_select_chip() (git-fixes).
- mtd: spi-nor: hisi-sfc: Remove excessive clk_disable_unprepare() (git-fixes).
- mwifiex: Fix possible ABBA deadlock (git-fixes).
- mwifiex: Try waking the firmware until we get an interrupt (git-fixes).
- net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources (jsc#SLE-8464).
- net/mlx5: Set command entry semaphore up once got index free (jsc#SLE-15172).
- net/mlx5e: Fix wrong features assignment in case of error (git-fixes).
- net/mlx5e: Wrap the tx reporter dump callback to extract the sq (jsc#SLE-15172).
- net/sched: fq_pie: prevent dismantle issue (jsc#SLE-15172).
- net/sched: sch_ets: do not remove idle classes from the round-robin list (bsc#1176774).
- net: create netdev->dev_addr assignment helpers (git-fixes).
- net: ena: Fix error handling when calculating max IO queues number (bsc#1154492).
- net: ena: Fix undefined state when tx request id is out of bounds (bsc#1154492).
- net: ena: Fix wrong rx request id by resetting device (git-fixes).
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (jsc#SLE-14777).
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (git-fixes).
- net: usb: pegasus: Do not drop long Ethernet frames (git-fixes).
- netfilter: nft_set_pipapo: allocate pcpu scratch maps on clone (bsc#1176447).
- nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done (git-fixes).
- nfc: fix segfault in nfc_genl_dump_devices_done (git-fixes).
- nfc: st21nfca: Fix memory leak in device probe and remove (git-fixes).
- nfs: Do not fail clone() unless the OP_CLONE operation failed (git-fixes).
- nfs: Fix pagecache invalidation after COPY/CLONE (git-fixes).
- nfsd: Fix nsfd startup race (again) (git-fixes).
- nfsd: Fix zero-length NFSv3 WRITEs (git-fixes).
- nft_set_pipapo: Fix bucket load in AVX2 lookup routine for six 8-bit groups (bsc#1176447).
- nvme-tcp: block BH in sk state_change sk callback (git-fixes).
- nvme-tcp: can't set sk_user_data without write_lock (git-fixes).
- nvme-tcp: check sgl supported by target (git-fixes).
- nvme-tcp: do not update queue count when failing to set io queues (git-fixes).
- nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU (git-fixes).
- nvme-tcp: fix crash triggered with a dataless request submission (git-fixes).
- nvme-tcp: fix error codes in nvme_tcp_setup_ctrl() (git-fixes).
- nvme-tcp: fix io_work priority inversion (git-fixes).
- nvme-tcp: fix possible data corruption with bio merges (git-fixes).
- nvme-tcp: fix possible req->offset corruption (git-fixes).
- nvme-tcp: fix wrong setting of request iov_iter (git-fixes).
- nvme-tcp: get rid of unused helper function (git-fixes).
- nvme-tcp: pair send_mutex init with destroy (git-fixes).
- nvme-tcp: pass multipage bvec to request iov_iter (git-fixes).
- nvme-tcp: remove incorrect Kconfig dep in BLK_DEV_NVME (git-fixes).
- pci/acpi: Fix acpi_pci_osc_control_set() kernel-doc comment (git-fixes).
- pci/msi: Clear PCI_MSIX_FLAGS_MASKALL on error (git-fixes).
- pci/msi: Fix pci_irq_vector()/pci_irq_get_affinity() (git-fixes).
- pci/msi: Mask MSI-X vectors only on success (git-fixes).
- pci: cadence: Add cdns_plat_pcie_probe() missing return (git-fixes).
- pci: dwc: Do not remap invalid res (git-fixes).
- pci: mvebu: Check for errors from pci_bridge_emul_init() call (git-fixes).
- pci: mvebu: Do not modify PCI IO type bits in conf_write (git-fixes).
- pci: mvebu: Fix support for DEVCAP2, DEVCTL2 and LNKCTL2 registers on emulated bridge (git-fixes).
- pci: mvebu: Fix support for PCI_EXP_DEVCTL on emulated bridge (git-fixes).
- pci: mvebu: Fix support for PCI_EXP_RTSTA on emulated bridge (git-fixes).
- pci: pci-bridge-emul: Properly mark reserved PCIe bits in PCI config space (git-fixes).
- pci: pci-bridge-emul: Set PCI_STATUS_CAP_LIST for PCIe device (git-fixes).
- pci: pciehp: Fix infinite loop in IRQ handler upon power fault (git-fixes).
- pci: xgene: Fix IB window setup (git-fixes).
- pcmcia: fix setting of kthread task states (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in __nonstatic_find_io_region() (git-fixes).
- pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference in nonstatic_find_mem_region() (git-fixes).
- pcnet32: Use pci_resource_len to validate PCI resource (git-fixes).
- pinctrl: mediatek: fix global-out-of-bounds issue (git-fixes).
- pinctrl: qcom: spmi-gpio: correct parent irqspec translation (git-fixes).
- pinctrl: stm32: consider the GPIO offset to expose all the GPIO lines (git-fixes).
- pinctrl: stm32: use valid pin identifier in stm32_pinctrl_resume() (git-fixes).
- pipe: increase minimum default pipe size to 2 pages (bsc#1194587).
- platform/x86: apple-gmux: use resource_size() with res (git-fixes).
- platform/x86: thinkpad_acpi: Fix WWAN device disabled issue after S3 deep (git-fixes).
- pm: runtime: Defer suspending suppliers (git-fixes).
- pm: sleep: Do not assume that 'mem' is always present (git-fixes).
- power: reset: ltc2952: Fix use of floating point literals (git-fixes).
- power: supply: core: Break capacity loop (git-fixes).
- power: supply: max17042_battery: Clear status bits in interrupt handler (git-fixes).
- powerpc/64s: fix program check interrupt emergency stack path (bsc#1156395).
- powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901).
- powerpc/perf: Fix PMU callbacks to clear pending PMI before resetting an overflown PMC (bsc#1156395).
- powerpc/perf: Fix data source encodings for L2.1 and L3.1 accesses (bsc#1065729).
- powerpc/prom_init: Fix improper check of prom_getprop() (bsc#1065729).
- powerpc/pseries/cpuhp: cache node corrections (bsc#1065729).
- powerpc/pseries/cpuhp: delete add/remove_by_count code (bsc#1065729).
- powerpc/pseries/mobility: ignore ibm, platform-facilities updates (bsc#1065729).
- powerpc/traps: do not enable irqs in _exception (bsc#1065729).
- powerpc/xive: Add missing null check after calling kmalloc (bsc#1177437 jsc#SLE-13294 git-fixes).
- powerpc: add interrupt_cond_local_irq_enable helper (bsc#1065729).
- powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901).
- pwm: mxs: Do not modify HW state in .probe() after the PWM chip was registered (git-fixes).
- pwm: tiecap: Drop .free() callback (git-fixes).
- qlcnic: potential dereference null pointer of rx_queue->page_ring (git-fixes).
- quota: check block number when reading the block in quota file (bsc#1194589).
- quota: correct error number in free_dqentry() (bsc#1194590).
- random: fix data race on crng init time (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- rdma/hns: Replace kfree() with kvfree() (jsc#SLE-14777).
- regmap: Call regmap_debugfs_exit() prior to _init() (git-fixes).
- rndis_host: support Hytera digital radios (git-fixes).
- rpmsg: core: Clean up resources on announce_create failure (git-fixes).
- rtl8xxxu: Fix the handling of TX A-MPDU aggregation (git-fixes).
- rtlwifi: rtl8192cu: Fix WARNING when calling local_irq_restore() with interrupts enabled (git-fixes).
- rtw88: use read_poll_timeout instead of fixed sleep (git-fixes).
- rtw88: wow: build wow function only if CONFIG_PM is on (git-fixes).
- rtw88: wow: fix size access error of probe request (git-fixes).
- sata: nv: fix debug format string mismatch (git-fixes).
- select: Fix indefinitely sleeping task in poll_schedule_timeout() (bsc#1194027).
- selftests: KVM: Explicitly use movq to read xmm registers (git-fixes).
- selinux: fix potential memleak in selinux_add_opt() (git-fixes).
- seq_buf: Fix overflow in seq_buf_putmem_hex() (git-fixes).
- seq_buf: Make trace_seq_putmem_hex() support data longer than 8 (git-fixes).
- serial: pl011: Add ACPI SBSA UART match id (git-fixes).
- serial: tty: uartlite: fix console setup (git-fixes).
- sfc: Check null pointer of rx_queue->page_ring (git-fixes).
- sfc: The RX page_ring is optional (git-fixes).
- sfc: falcon: Check null pointer of rx_queue->page_ring (git-fixes).
- sfc_ef100: potential dereference of null pointer (jsc#SLE-16683).
- shmem: shmem_writepage() split unlikely i915 THP (git-fixes).
- slimbus: qcom: fix potential NULL dereference in qcom_slim_prg_slew() (git-fixes).
- soc/tegra: fuse: Fix bitwise vs. logical OR warning (git-fixes).
- soc: fsl: dpaa2-console: free buffer before returning from dpaa2_console_read (git-fixes).
- soc: fsl: dpio: rename the enqueue descriptor variable (git-fixes).
- soc: fsl: dpio: replace smp_processor_id with raw_smp_processor_id (git-fixes).
- soc: fsl: dpio: use an explicit NULL instead of 0 (git-fixes).
- soc: fsl: dpio: use the combined functions to protect critical zone (git-fixes).
- spi: change clk_disable_unprepare to clk_unprepare (git-fixes).
- spi: spi-meson-spifc: Add missing pm_runtime_disable() in meson_spifc_probe (git-fixes).
- spi: spi-rspi: Drop redeclaring ret variable in qspi_transfer_in() (git-fixes).
- staging: emxx_udc: Fix passing of NULL to dma_alloc_coherent() (git-fixes).
- staging: fbtft: Do not spam logs when probe is deferred (git-fixes).
- staging: fbtft: Rectify GPIO handling (git-fixes).
- staging: fieldbus: anybuss: jump to correct label in an error path (git-fixes).
- staging: ks7010: select CRYPTO_HASH/CRYPTO_MICHAEL_MIC (git-fixes).
- staging: rtl8192e: return error code from rtllib_softmac_init() (git-fixes).
- staging: rtl8192e: rtllib_module: fix error handle case in alloc_rtllib() (git-fixes).
- staging: wlan-ng: Avoid bitwise vs logical OR warning in hfa384x_usb_throttlefn() (git-fixes).
- string.h: fix incompatibility between FORTIFY_SOURCE and KASAN (git-fixes).
- thermal/drivers/imx8mm: Enable ADC when enabling monitor (git-fixes).
- thermal/drivers/int340x: Do not set a wrong tcc offset on resume (git-fixes).
- thermal: core: Reset previous low and high trip during thermal zone init (git-fixes).
- tpm: add request_locality before write TPM_INT_ENABLE (git-fixes).
- tpm: fix potential NULL pointer access in tpm_del_char_device (git-fixes).
- tracing/kprobes: 'nmissed' not showed correctly for kretprobe (git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename (git-fixes).
- tracing: Add test for user space strings when filtering on string pointers (git-fixes).
- tracing: Fix check for trace_percpu_buffer validity in get_trace_buf() (git-fixes).
- tty: max310x: fix flexible_array.cocci warnings (git-fixes).
- tty: serial: atmel: Call dma_async_issue_pending() (git-fixes).
- tty: serial: atmel: Check return code of dmaengine_submit() (git-fixes).
- tty: serial: earlycon dependency (git-fixes).
- tty: serial: qcom_geni_serial: Drop __init from qcom_geni_console_setup (git-fixes).
- tty: serial: uartlite: allow 64 bit address (git-fixes).
- tty: synclink_gt: rename a conflicting function name (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- uio: uio_dmem_genirq: Catch the Exception (git-fixes).
- usb: Fix 'slab-out-of-bounds Write' bug in usb_hcd_poll_rh_status (git-fixes).
- usb: NO_LPM quirk Lenovo Powered USB-C Travel Hub (git-fixes).
- usb: NO_LPM quirk Lenovo USB-C to Ethernet Adapher(RTL8153-04) (git-fixes).
- usb: cdc-acm: fix break reporting (git-fixes).
- usb: cdc-acm: fix racy tty buffer accesses (git-fixes).
- usb: chipidea: fix interrupt deadlock (git-fixes).
- usb: core: Fix bug in resuming hub's handling of wakeup requests (git-fixes).
- usb: core: config: fix validation of wMaxPacketValue entries (git-fixes).
- usb: core: config: using bit mask instead of individual bits (git-fixes).
- usb: dwc2: check return value after calling platform_get_resource() (git-fixes).
- usb: dwc3: gadget: Continue to process pending requests (git-fixes).
- usb: dwc3: gadget: Ignore EP queue requests during bus reset (git-fixes).
- usb: dwc3: gadget: Reclaim extra TRBs after request completion (git-fixes).
- usb: dwc3: pci: Enable dis_uX_susphy_quirk for Intel Merrifield (git-fixes).
- usb: dwc3: ulpi: Fix USB2.0 HS/FS/LS PHY suspend regression (git-fixes).
- usb: dwc3: ulpi: Replace CPU-based busyloop with Protocol-based one (git-fixes).
- usb: dwc3: ulpi: fix checkpatch warning (git-fixes).
- usb: ftdi-elan: fix memory leak on device disconnect (git-fixes).
- usb: gadget: bRequestType is a bitfield, not a enum (git-fixes).
- usb: gadget: composite: Allow bMaxPower=0 if self-powered (git-fixes).
- usb: gadget: detect too-big endpoint 0 requests (git-fixes).
- usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear (git-fixes).
- usb: gadget: u_ether: fix race in setting MAC address in setup phase (git-fixes).
- usb: gadget: zero allocate endpoint 0 buffers (git-fixes).
- usb: mtu3: add memory barrier before set GPD's HWO (git-fixes).
- usb: mtu3: fix interval value for intr and isoc (git-fixes).
- usb: mtu3: fix list_head check warning (git-fixes).
- usb: mtu3: set interval of FS intr and isoc endpoint (git-fixes).
- usb: serial: cp210x: fix CP2105 GPIO registration (git-fixes).
- usb: serial: option: add Telit FN990 compositions (git-fixes).
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes (git-fixes).
- usb: xhci: Extend support for runtime power management for AMD's Yellow carp (git-fixes).
- usermodehelper: reset umask to default before executing user process (git-fixes).
- vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
- video: backlight: Drop maximum brightness override for brightness zero (git-fixes).
- watchdog: Fix OMAP watchdog early handling (git-fixes).
- watchdog: f71808e_wdt: fix inaccurate report in WDIOC_GETTIMEOUT (git-fixes).
- wcn36xx: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
- wcn36xx: Indicate beacon not connection loss on MISSED_BEACON_IND (git-fixes).
- wcn36xx: Release DMA channel descriptor allocations (git-fixes).
- wcn36xx: handle connection loss indication (git-fixes).
- wireless: iwlwifi: Fix a double free in iwl_txq_dyn_alloc_dma (git-fixes).
- workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).
- x86/platform/uv: Add more to secondary CPU kdump info (bsc#1194493).
- xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes).
- xhci: Remove CONFIG_USB_DEFAULT_PERSIST to prevent xHCI from runtime suspending (git-fixes).
- xhci: avoid race between disable slot command and host runtime suspend (git-fixes).
- xhci: fix unsafe memory usage in xhci tracing (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1154353SUSE bug 1154492SUSE bug 1156395SUSE bug 1167773SUSE bug 1176447SUSE bug 1176774SUSE bug 1177437SUSE bug 1190256SUSE bug 1191271SUSE bug 1192931SUSE bug 1193255SUSE bug 1193328SUSE bug 1193669SUSE bug 1193727SUSE bug 1193767SUSE bug 1193901SUSE bug 1193927SUSE bug 1194001SUSE bug 1194027SUSE bug 1194302SUSE bug 1194493SUSE bug 1194516SUSE bug 1194517SUSE bug 1194518SUSE bug 1194529SUSE bug 1194580SUSE bug 1194584SUSE bug 1194586SUSE bug 1194587SUSE bug 1194589SUSE bug 1194590SUSE bug 1194591SUSE bug 1194592SUSE bug 1194888SUSE bug 1194953SUSE bug 1194985SUSE bug 1195062CVE-2021-4083 at SUSECVE-2021-4083 at NVDCVE-2021-4135 at SUSECVE-2021-4135 at NVDCVE-2021-4149 at SUSECVE-2021-4149 at NVDCVE-2021-4197 at SUSECVE-2021-4197 at NVDCVE-2021-4202 at SUSECVE-2021-4202 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-46283 at SUSECVE-2021-46283 at NVDCVE-2022-0185 at SUSECVE-2022-0185 at NVDCVE-2022-0322 at SUSECVE-2022-0322 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
ImportantSUSE bug 1202020CVE-2022-2509 at SUSECVE-2022-2509 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429).
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
The following non-security bugs were fixed:
- Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too.
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- Fixed a regression where smart batteries would not be detected on Mac (bsc#1201206).
- Fixed an issue where qla2xxx would prevent nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too.
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: enable BPF type format (BTF) (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
ImportantSUSE bug 1178134SUSE bug 1196616SUSE bug 1196867SUSE bug 1198829SUSE bug 1199364SUSE bug 1199647SUSE bug 1199648SUSE bug 1199665SUSE bug 1199670SUSE bug 1199695SUSE bug 1200521SUSE bug 1200598SUSE bug 1200644SUSE bug 1200651SUSE bug 1200762SUSE bug 1200910SUSE bug 1201196SUSE bug 1201206SUSE bug 1201251SUSE bug 1201381SUSE bug 1201429SUSE bug 1201442SUSE bug 1201458SUSE bug 1201635SUSE bug 1201636SUSE bug 1201644SUSE bug 1201645SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1201742SUSE bug 1201752SUSE bug 1201846SUSE bug 1201930SUSE bug 1201940SUSE bug 1201941SUSE bug 1201954SUSE bug 1201956SUSE bug 1201958SUSE bug 1202087SUSE bug 1202154SUSE bug 1202312CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1116 at SUSECVE-2022-1116 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:suse-microos:5.1Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
ImportantSUSE bug 1202657SUSE bug 1202733CVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:suse-microos:5.1Security update for libslirp (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libslirp fixes the following issues:
- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).
Non-security fixes:
- Fix the version header (bsc#1201551)
ModerateSUSE bug 1187365SUSE bug 1201551CVE-2021-3593 at SUSECVE-2021-3593 at NVDcpe:/o:suse:suse-microos:5.1Security update for zlib (Important)SUSE Linux Enterprise Micro 5.1
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
ImportantSUSE bug 1202175CVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:suse-microos:5.1Security update for rsync (Important)SUSE Linux Enterprise Micro 5.1
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
ImportantSUSE bug 1201840CVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657).
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
Other fixes:
- Update for functional issues.
See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
| ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
| ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
| ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
ModerateSUSE bug 1201727CVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Low)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
LowSUSE bug 1202593CVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:suse-microos:5.1Security update for icu (Moderate)SUSE Linux Enterprise Micro 5.1
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
ModerateSUSE bug 1193951CVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:suse-microos:5.1Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
ModerateSUSE bug 1198405CVE-2022-24795 at SUSECVE-2022-24795 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
ImportantSUSE bug 1200270SUSE bug 1200697SUSE bug 1200698SUSE bug 1200700SUSE bug 1200701SUSE bug 1200732SUSE bug 1200884SUSE bug 1200902SUSE bug 1200903SUSE bug 1200904SUSE bug 1201132SUSE bug 1201133SUSE bug 1201134SUSE bug 1201135SUSE bug 1201136SUSE bug 1201150SUSE bug 1201151SUSE bug 1201152SUSE bug 1201153SUSE bug 1201154SUSE bug 1201155SUSE bug 1201249SUSE bug 1201356SUSE bug 1201359SUSE bug 1201363SUSE bug 1201620SUSE bug 1201863SUSE bug 1202046SUSE bug 1202049SUSE bug 1202050SUSE bug 1202051SUSE bug 1202414SUSE bug 1202420SUSE bug 1202421SUSE bug 1202511SUSE bug 1202512SUSE bug 1202515SUSE bug 1202552SUSE bug 1202599SUSE bug 1202687SUSE bug 1202689SUSE bug 1202862CVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDcpe:/o:suse:suse-microos:5.1Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
ModerateSUSE bug 1198823SUSE bug 1198830SUSE bug 1198832CVE-2022-27404 at SUSECVE-2022-27404 at NVDCVE-2022-27405 at SUSECVE-2022-27405 at NVDCVE-2022-27406 at SUSECVE-2022-27406 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kabi/severities: add stmmac driver local sumbols
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- profiling: fix shift too large makes kernel panic (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
ImportantSUSE bug 1023051SUSE bug 1065729SUSE bug 1156395SUSE bug 1179722SUSE bug 1179723SUSE bug 1181862SUSE bug 1191662SUSE bug 1191667SUSE bug 1191881SUSE bug 1192594SUSE bug 1192968SUSE bug 1194272SUSE bug 1194535SUSE bug 1197158SUSE bug 1197755SUSE bug 1197756SUSE bug 1197757SUSE bug 1197760SUSE bug 1197763SUSE bug 1197920SUSE bug 1198971SUSE bug 1199291SUSE bug 1200431SUSE bug 1200845SUSE bug 1200868SUSE bug 1200869SUSE bug 1200870SUSE bug 1200871SUSE bug 1200872SUSE bug 1200873SUSE bug 1201019SUSE bug 1201420SUSE bug 1201610SUSE bug 1201705SUSE bug 1201726SUSE bug 1201948SUSE bug 1202096SUSE bug 1202097SUSE bug 1202346SUSE bug 1202347SUSE bug 1202393SUSE bug 1202396SUSE bug 1202447SUSE bug 1202564SUSE bug 1202577SUSE bug 1202636SUSE bug 1202672SUSE bug 1202701SUSE bug 1202708SUSE bug 1202709SUSE bug 1202710SUSE bug 1202711SUSE bug 1202712SUSE bug 1202713SUSE bug 1202714SUSE bug 1202715SUSE bug 1202716SUSE bug 1202717SUSE bug 1202718SUSE bug 1202720SUSE bug 1202722SUSE bug 1202745SUSE bug 1202756SUSE bug 1202810SUSE bug 1202811SUSE bug 1202860SUSE bug 1202895SUSE bug 1202898SUSE bug 1203063SUSE bug 1203098SUSE bug 1203107SUSE bug 1203116SUSE bug 1203117SUSE bug 1203135SUSE bug 1203136SUSE bug 1203137CVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2020-27784 at SUSECVE-2020-27784 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDcpe:/o:suse:suse-microos:5.1Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
ModerateSUSE bug 1047178CVE-2017-6512 at SUSECVE-2017-6512 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Important)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
- CVE-2021-3999: Fixed incorrect errno in getcwd (bsc#1194640)
- CVE-2022-23219: Fixed buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Fixed buffer overflow in sunrpc svcunix_create (bsc#1194770)
Features added:
- IBM Power 10 string operation improvements (bsc#1194785, jsc#SLE-18195)
ImportantSUSE bug 1194640SUSE bug 1194768SUSE bug 1194770SUSE bug 1194785CVE-2021-3999 at SUSECVE-2021-3999 at NVDCVE-2022-23218 at SUSECVE-2022-23218 at NVDCVE-2022-23219 at SUSECVE-2022-23219 at NVDcpe:/o:suse:suse-microos:5.1Security update for libtirpc (Important)SUSE Linux Enterprise Micro 5.1
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
ImportantSUSE bug 1201680CVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:suse-microos:5.1Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite was updated to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Updated to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:suse-microos:5.1Security update for oniguruma (Important)SUSE Linux Enterprise Micro 5.1
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
ImportantSUSE bug 1142847SUSE bug 1150130SUSE bug 1157805SUSE bug 1164550SUSE bug 1164569SUSE bug 1177179CVE-2019-13224 at SUSECVE-2019-13224 at NVDCVE-2019-16163 at SUSECVE-2019-16163 at NVDCVE-2019-19203 at SUSECVE-2019-19203 at NVDCVE-2019-19204 at SUSECVE-2019-19204 at NVDCVE-2019-19246 at SUSECVE-2019-19246 at NVDCVE-2020-26159 at SUSECVE-2020-26159 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-23033: Fixed guest_physmap_remove_page not removing the p2m mappings. (XSA-393) (bsc#1194576)
- CVE-2022-23034: Fixed possible DoS by a PV guest Xen while unmapping a grant. (XSA-394) (bsc#1194581)
- CVE-2022-23035: Fixed insufficient cleanup of passed-through device IRQs. (XSA-395) (bsc#1194588)
ImportantSUSE bug 1194576SUSE bug 1194581SUSE bug 1194588CVE-2022-23033 at SUSECVE-2022-23033 at NVDCVE-2022-23034 at SUSECVE-2022-23034 at NVDCVE-2022-23035 at SUSECVE-2022-23035 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd, docker (Moderate)SUSE Linux Enterprise Micro 5.1
This update for containerd, docker fixes the following issues:
- CVE-2021-41089: Fixed 'cp' can chmod host files (bsc#1191015).
- CVE-2021-41091: Fixed flaw that could lead to data directory traversal in moby (bsc#1191434).
- CVE-2021-41092: Fixed exposed user credentials with a misconfigured configuration file (bsc#1191334).
- CVE-2021-41103: Fixed file access to local users in containerd (bsc#1191121).
- CVE-2021-41190: Fixed OCI manifest and index parsing confusion (bsc#1193273).
ModerateSUSE bug 1191015SUSE bug 1191121SUSE bug 1191334SUSE bug 1191434SUSE bug 1193273CVE-2021-41089 at SUSECVE-2021-41089 at NVDCVE-2021-41091 at SUSECVE-2021-41091 at NVDCVE-2021-41092 at SUSECVE-2021-41092 at NVDCVE-2021-41103 at SUSECVE-2021-41103 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDcpe:/o:suse:suse-microos:5.1Security update for permissions (Moderate)SUSE Linux Enterprise Micro 5.1
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
ModerateSUSE bug 1203018CVE-2022-31252 at SUSECVE-2022-31252 at NVDcpe:/o:suse:suse-microos:5.1Security update for libjpeg-turbo (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libjpeg-turbo fixes the following issues:
- CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915).
ModerateSUSE bug 1202915CVE-2020-35538 at SUSECVE-2020-35538 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)
ModerateSUSE bug 1192115SUSE bug 1198038SUSE bug 1201367CVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-35414 at SUSECVE-2022-35414 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
Bugfixes:
- Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631).
- Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081).
- Included upstream bugfixes (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1167608SUSE bug 1185104SUSE bug 1197081SUSE bug 1200762SUSE bug 1201394SUSE bug 1201631SUSE bug 1203806SUSE bug 1203807CVE-2021-28689 at SUSECVE-2021-28689 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDcpe:/o:suse:suse-microos:5.1Security update for libksba (Critical)SUSE Linux Enterprise Micro 5.1
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Critical)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem, that could have occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).
The following non-security bugs were fixed:
- ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
- ALSA: usb-audio: initialize variables that could ignore errors (git-fixes).
- ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
- ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
- Bluetooth: refactor malicious adv data check (git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
- HID: uhid: Fix worker destroying device without any protection (git-fixes).
- HID: wacom: Reset expected and received contact counts at the same time (git-fixes).
- IB/cm: Avoid a loop when device has 255 ports (git-fixes)
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- IB/isert: Fix a use after free in isert_connect_request (git-fixes)
- IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
- IB/mlx5: Add missing error code (git-fixes)
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
- IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- Input: wm97xx: Simplify resource management (git-fixes).
- NFS: Ensure the server had an up to date ctime before renaming (git-fixes).
- NFSv4: Handle case where the lookup of a directory fails (git-fixes).
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
- PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
- RDMA/addr: Be strict with gid size (git-fixes)
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- RDMA/core: Do not access cm_id after its destruction (git-fixes)
- RDMA/core: Do not indicate device ready when device enablement fails (git-fixes)
- RDMA/core: Fix corrupted SL on passive side (git-fixes)
- RDMA/core: Unify RoCE check and re-factor code (git-fixes)
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
- RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes)
- RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
- RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes)
- RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
- RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
- RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes)
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
- RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
- RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
- RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes)
- USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes).
- USB: serial: mos7840: fix probe error handling (git-fixes).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).
- arm64: Kconfig: add a choice for endianness (jsc#SLE-23432).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers (git-fixes).
- blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481).
- blk-mq: introduce blk_mq_set_request_complete (git-fixes).
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
- dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/etnaviv: relax submit size limits (git-fixes).
- drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).
- drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).
- ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).
- floppy: Add max size check for user space request (git-fixes).
- fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479).
- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).
- i2c: i801: Do not silently correct invalid transfer size (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- i40iw: Add support to make destroy QP synchronous (git-fixes)
- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).
- media: igorplugusb: receiver overflow should be reported (git-fixes).
- media: m920x: do not use stack on USB reads (git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
- mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
- net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).
- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
- net: bridge: vlan: fix single net device option dumping (bsc#1176447).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
- net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).
- nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes).
- nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes).
- nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes).
- nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes).
- nvme-tcp: fix data digest pointer calculation (git-fixes).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes).
- nvme-tcp: fix memory leak when freeing a queue (git-fixes).
- nvme-tcp: fix possible use-after-completion (git-fixes).
- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes).
- nvme: introduce a nvme_host_path_error helper (git-fixes).
- nvme: refactor ns->ctrl by request (git-fixes).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes).
- pinctrl: intel: fix unexpected interrupt (git-fixes).
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).
- powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
- regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
- scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice (git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync (git-fixes).
- serial: pl010: Drop CR register reset on set_termios (git-fixes).
- serial: stm32: fix software flow control transfer (git-fixes).
- spi: bcm-qspi: check for valid cs before applying chip select (git-fixes).
- spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes).
- spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes).
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- tty: Add support for Brainboxes UC cards (git-fixes).
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- udf: Fix NULL ptr deref when converting from inline format (bsc#1195476).
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- video: hyperv_fb: Fix validation of screen resolution (git-fixes).
- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
- workqueue: Fix unbind_workers() VS wq_worker_running() race (bsc#1195062).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes).
CriticalSUSE bug 1154353SUSE bug 1154488SUSE bug 1156395SUSE bug 1160634SUSE bug 1176447SUSE bug 1177599SUSE bug 1183405SUSE bug 1185377SUSE bug 1187428SUSE bug 1187723SUSE bug 1188605SUSE bug 1191881SUSE bug 1193096SUSE bug 1193506SUSE bug 1193767SUSE bug 1193802SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194048SUSE bug 1194227SUSE bug 1194291SUSE bug 1194880SUSE bug 1195009SUSE bug 1195062SUSE bug 1195065SUSE bug 1195073SUSE bug 1195183SUSE bug 1195184SUSE bug 1195254SUSE bug 1195267SUSE bug 1195293SUSE bug 1195371SUSE bug 1195476SUSE bug 1195477SUSE bug 1195478SUSE bug 1195479SUSE bug 1195480SUSE bug 1195481SUSE bug 1195482CVE-2020-28097 at SUSECVE-2020-28097 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-44733 at SUSECVE-2021-44733 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2022-0286 at SUSECVE-2022-0286 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDcpe:/o:suse:suse-microos:5.1Security update for multipath-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- multipathd: add 'force_reconfigure' option (bsc#1189551)
The command 'multipathd -kreconfigure' changes behavior: instead
of reloading every map, it checks map configuration and reloads
only modified maps. This speeds up the reconfigure operation
substantially. The old behavior can be reinstated by setting
'force_reconfigure yes' in multipath.conf (not recommended).
Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and
beyond, which provide the command 'multipathd -k'reconfigure all''
- multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)
ImportantSUSE bug 1189551SUSE bug 1191900SUSE bug 1195506SUSE bug 1197570SUSE bug 1202616SUSE bug 1202739CVE-2022-41973 at SUSECVE-2022-41973 at NVDCVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:suse-microos:5.1Security update for wireshark (Moderate)SUSE Linux Enterprise Micro 5.1
This update for wireshark fixes the following issues:
Update to version 3.6.1:
- CVE-2021-4185: RTMPT dissector infinite loop (bsc#1194166)
- CVE-2021-4184: BitTorrent DHT dissector infinite loop (bsc#1194167)
- CVE-2021-4183: pcapng file parser crash (bsc#1194168)
- CVE-2021-4182: RFC 7468 file parser infinite loop (bsc#1194169)
- CVE-2021-4181: Sysdig Event dissector crash (bsc#1194170)
- CVE-2021-4190: Kafka dissector infinite loop (bsc#1194171)
- Support for Shared Memory Communications (SMC) (jsc#SLE-18727)
ModerateSUSE bug 1194166SUSE bug 1194167SUSE bug 1194168SUSE bug 1194169SUSE bug 1194170SUSE bug 1194171SUSE bug 1194780CVE-2021-4181 at SUSECVE-2021-4181 at NVDCVE-2021-4182 at SUSECVE-2021-4182 at NVDCVE-2021-4183 at SUSECVE-2021-4183 at NVDCVE-2021-4184 at SUSECVE-2021-4184 at NVDCVE-2021-4185 at SUSECVE-2021-4185 at NVDCVE-2021-4190 at SUSECVE-2021-4190 at NVDcpe:/o:suse:suse-microos:5.1Security update for buildah (Important)SUSE Linux Enterprise Micro 5.1
This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote '?' in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow 'err'
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for 'mkdir /'
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty 'foo' label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote '?' in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere
for systems which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file
is required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty 'foo' label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
ImportantSUSE bug 1167864SUSE bug 1181961SUSE bug 1202812CVE-2020-10696 at SUSECVE-2020-10696 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2022-2990 at SUSECVE-2022-2990 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Important)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
ImportantSUSE bug 1204383CVE-2022-32221 at SUSECVE-2022-32221 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514)
- CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290)
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)
- CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
- CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
- CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
- CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564)
- CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471)
The following non-security bugs were fixed:
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly (git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- JFS: fix GPF in diFree (bsc#1203389).
- JFS: fix memleak in jfs_mount (git-fixes).
- JFS: more checks for invalid superblock (git-fixes).
- JFS: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737).
- kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- of: device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909).
- regulator: core: Clean up on enable failure (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix misplaced barrier in call_decode (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- USB: otg-fsm: Fix hrtimer list corruption (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: ch341: name prescaler, divisor registers (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
ImportantSUSE bug 1177471SUSE bug 1185032SUSE bug 1194023SUSE bug 1196444SUSE bug 1197659SUSE bug 1199564SUSE bug 1200313SUSE bug 1200622SUSE bug 1201309SUSE bug 1201310SUSE bug 1201489SUSE bug 1201645SUSE bug 1201865SUSE bug 1201990SUSE bug 1202095SUSE bug 1202341SUSE bug 1202385SUSE bug 1202677SUSE bug 1202960SUSE bug 1202984SUSE bug 1203159SUSE bug 1203290SUSE bug 1203313SUSE bug 1203389SUSE bug 1203410SUSE bug 1203424SUSE bug 1203514SUSE bug 1203552SUSE bug 1203622SUSE bug 1203737SUSE bug 1203769SUSE bug 1203770SUSE bug 1203906SUSE bug 1203909SUSE bug 1203935SUSE bug 1203939SUSE bug 1203987SUSE bug 1203992SUSE bug 1204051SUSE bug 1204059SUSE bug 1204060SUSE bug 1204125SUSE bug 1204289SUSE bug 1204290SUSE bug 1204291SUSE bug 1204292CVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-41222 at SUSECVE-2022-41222 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDcpe:/o:suse:suse-microos:5.1Security update for libtasn1 (Critical)SUSE Linux Enterprise Micro 5.1
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:suse-microos:5.1Security update for dbus-1 (Important)SUSE Linux Enterprise Micro 5.1
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (bnc#1177471).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677).
- CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer to another table (bsc#1202095).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link disconnect (bnc#1203290).
- CVE-2022-32296: Fixed issue where TCP servers were able to identify clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3239: Fixed a use-after-free in the video4linux driver (bnc#1203552).
- CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case (bnc#1203514).
- CVE-2022-41218: Fixed a use-after-free due to refcount races at releasing (bsc#1202960).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987).
- CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992).
- CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051).
- CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059).
- CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060).
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device (bsc#1204125).
The following non-security bugs were fixed:
- Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- acpi: LPSS: Fix missing check in register_device_clock() (git-fixes).
- acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- acpi: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802).
- acpi: processor: Remove freq Qos request for all CPUs (git-fixes).
- acpi: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- acpi: video: Force backlight native for some TongFang devices (git-fixes).
- alsa: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
- alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- alsa: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
- alsa: hda/cirrus - support for iMac 12,1 model (git-fixes).
- alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- alsa: hda/realtek: Add quirk for HP Dev One (git-fixes).
- alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- alsa: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
- alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- alsa: hda/realtek: Re-arrange quirk table entries (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
- alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes).
- alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- alsa: info: Fix llseek return value when using callback (git-fixes).
- alsa: seq: Fix data-race at module auto-loading (git-fixes).
- alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- alsa: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
- alsa: usb-audio: Inform the delayed registration more properly (git-fixes).
- alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- alsa: usb-audio: Register card again for iface over delayed_register option (git-fixes).
- alsa: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
- alsa: usb-audio: fix spelling mistakes (git-fixes).
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- asoc: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- asoc: codecs: da7210: add check for i2c_add_driver (git-fixes).
- asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- asoc: tas2770: Allow mono streams (git-fixes).
- asoc: tas2770: Reinit regcache on reset (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
- hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- hid: wacom: Do not register pad_input for touch switch (git-fixes).
- hid: wacom: Only report rotation for art pen (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737).
- input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- input: rk805-pwrkey - fix module autoloading (git-fixes).
- input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- jfs: fix GPF in diFree (bsc#1203389).
- jfs: fix memleak in jfs_mount (git-fixes).
- jfs: more checks for invalid superblock (git-fixes).
- jfs: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kabi: cgroup: Restore KABI of css_set (bsc#1201610).
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals.
- kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- kvm: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- kvm: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- kvm: x86: accept userspace interrupt only if no event is injected (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md-raid10: fix KASAN warning (git-fixes).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- media: aspeed-video: ignore interrupts that are not enabled (git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfs: fix nfs_path in case of a rename retry (git-fixes).
- nfsd: Add missing NFSv2 .pc_func methods (git-fixes).
- nfsd: Clamp WRITE offsets (git-fixes).
- nfsd: Fix offset type in I/O trace points (git-fixes).
- nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nfsd: prevent integer overflow on 32 bit systems (git-fixes).
- nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- nfsv4: Fix races in the legacy idmapper upcall (git-fixes).
- nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- nvmet: Expose max queues to configfs (bsc#1201865).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- padata: introduce internal padata_get/put_pd() helpers (bsc#1202638).
- padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638).
- parisc/sticon: fix reverse colors (bsc#1152489).
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes).
- pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- pci: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- pci: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- profiling: fix shift too large makes kernel panic (git-fixes).
- psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+.
- rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious.
- rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- sunrpc: Clean up scheduling of autoclose (git-fixes).
- sunrpc: Do not call connect() more than once on a TCP socket (git-fixes).
- sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- sunrpc: Do not leak sockets in xs_local_connect() (git-fixes).
- sunrpc: Fix READ_PLUS crasher (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- sunrpc: Prevent immediate close+reconnect (git-fixes).
- sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes).
- sunrpc: Reinitialise the backchannel request buffers before reuse (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- usb.h: struct usb_device: hide new member (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- usb: core: Fix RST error in hub.c (git-fixes).
- usb: core: Prevent nested device-reset calls (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: disable USB core PHY management (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- usb: serial: ch341: fix lost character on LCR updates (git-fixes).
- usb: serial: ch341: name prescaler, divisor registers (git-fixes).
- usb: serial: cp210x: add Decagon UCA device id (git-fixes).
- usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel EM060K modem (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
- usb: serial: option: add support for OPPO R11 diag port (git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- vmci: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- vmci: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
ImportantSUSE bug 1023051SUSE bug 1065729SUSE bug 1152489SUSE bug 1156395SUSE bug 1177471SUSE bug 1179722SUSE bug 1179723SUSE bug 1181862SUSE bug 1185032SUSE bug 1191662SUSE bug 1191667SUSE bug 1191881SUSE bug 1192594SUSE bug 1194023SUSE bug 1194272SUSE bug 1194535SUSE bug 1196444SUSE bug 1197158SUSE bug 1197659SUSE bug 1197755SUSE bug 1197756SUSE bug 1197757SUSE bug 1197760SUSE bug 1197763SUSE bug 1197920SUSE bug 1198971SUSE bug 1199291SUSE bug 1200288SUSE bug 1200313SUSE bug 1200431SUSE bug 1200622SUSE bug 1200845SUSE bug 1200868SUSE bug 1200869SUSE bug 1200870SUSE bug 1200871SUSE bug 1200872SUSE bug 1200873SUSE bug 1201019SUSE bug 1201309SUSE bug 1201310SUSE bug 1201420SUSE bug 1201489SUSE bug 1201610SUSE bug 1201705SUSE bug 1201726SUSE bug 1201865SUSE bug 1201948SUSE bug 1201990SUSE bug 1202095SUSE bug 1202096SUSE bug 1202097SUSE bug 1202341SUSE bug 1202346SUSE bug 1202347SUSE bug 1202385SUSE bug 1202393SUSE bug 1202396SUSE bug 1202447SUSE bug 1202577SUSE bug 1202636SUSE bug 1202638SUSE bug 1202672SUSE bug 1202677SUSE bug 1202701SUSE bug 1202708SUSE bug 1202709SUSE bug 1202710SUSE bug 1202711SUSE bug 1202712SUSE bug 1202713SUSE bug 1202714SUSE bug 1202715SUSE bug 1202716SUSE bug 1202717SUSE bug 1202718SUSE bug 1202720SUSE bug 1202722SUSE bug 1202745SUSE bug 1202756SUSE bug 1202810SUSE bug 1202811SUSE bug 1202860SUSE bug 1202895SUSE bug 1202898SUSE bug 1202960SUSE bug 1202984SUSE bug 1203063SUSE bug 1203098SUSE bug 1203107SUSE bug 1203117SUSE bug 1203135SUSE bug 1203136SUSE bug 1203137SUSE bug 1203159SUSE bug 1203290SUSE bug 1203389SUSE bug 1203410SUSE bug 1203424SUSE bug 1203514SUSE bug 1203552SUSE bug 1203622SUSE bug 1203737SUSE bug 1203769SUSE bug 1203770SUSE bug 1203802SUSE bug 1203906SUSE bug 1203909SUSE bug 1203935SUSE bug 1203939SUSE bug 1203987SUSE bug 1203992SUSE bug 1204051SUSE bug 1204059SUSE bug 1204060SUSE bug 1204125CVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-27784 at SUSECVE-2020-27784 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-41222 at SUSECVE-2022-41222 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809).
ModerateSUSE bug 1202809CVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1201978SUSE bug 1204366SUSE bug 1204367CVE-2016-3709 at SUSECVE-2016-3709 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:suse-microos:5.1Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.1
This update for protobuf fixes the following issues:
- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)
ImportantSUSE bug 1194530SUSE bug 1203681SUSE bug 1204256CVE-2021-22569 at SUSECVE-2021-22569 at NVDCVE-2022-1941 at SUSECVE-2022-1941 at NVDCVE-2022-3171 at SUSECVE-2022-3171 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
ImportantSUSE bug 1203125SUSE bug 1204577CVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2022-37454 at SUSECVE-2022-37454 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15-SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700).
- CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
- CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
- CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
- ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
- ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically (git-fixes).
- ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - add supported devices as contributed on github (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
- KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes).
- KVM: s390: pv: do not present the ecall interrupt twice (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
- PCI: Dynamically map ECAM regions (bsc#1204382).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states (git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- RDMA/cxgb4: Remove MW support (git-fixes)
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- RDMA/efa: Remove double QP type assignment (git-fixes)
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- RDMA/mlx4: Return missed an error if device does not support steering (git-fixes)
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)
- RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- RDMA/rxe: Fix failure during driver load (git-fixes)
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- RDMA: Verify port when creating flow rule (git-fixes)
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- arm64: assembler: add cond_yield macro (git-fixes)
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
- crypto: akcipher - default implementation for setting a private key (git-fixes).
- crypto: arm64/sha - fix function types (git-fixes)
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- crypto: cavium - prevent integer overflow loading firmware (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
- device property: Fix documentation for *_match_string() APIs (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
- dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dyndbg: let query-modname override actual module name (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725).
- fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
- gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
- iio: inkern: only release the device node when done with it (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
- kbuild: remove the target in signal traps when interrupted (git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559).
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
- locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
- mfd: sm501: Add check for platform_driver_register() (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
- mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
- mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
- mmc: core: Replace with already defined values for readability (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
- net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
- powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
- powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931).
- quota: widen timestamps for the fs_disk_quota structure (bsc#1203387).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931).
- selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
- soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
- struct pci_config_window kABI workaround (bsc#1204382).
- thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
- wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
- xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes).
- xfs: enable big timestamps (bsc#1203387).
- xfs: enable new inode btree counters feature (bsc#1203387).
- xfs: explicitly define inode timestamp range (bsc#1203387).
- xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes).
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- xfs: remove obsolete AGF counter debugging (git-fixes).
- xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes).
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- xfs: use a struct timespec64 for the in-core crtime (bsc#1203387).
- xfs: use the finobt block counts to speed up mount times (bsc#1203387).
- xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387).
- xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387).
- xhci: Do not show warning for reinit on known broken suspend (git-fixes).
ImportantSUSE bug 1032323SUSE bug 1065729SUSE bug 1196018SUSE bug 1198702SUSE bug 1200465SUSE bug 1200788SUSE bug 1201725SUSE bug 1202686SUSE bug 1202700SUSE bug 1203066SUSE bug 1203098SUSE bug 1203387SUSE bug 1203391SUSE bug 1203496SUSE bug 1204053SUSE bug 1204166SUSE bug 1204168SUSE bug 1204354SUSE bug 1204355SUSE bug 1204382SUSE bug 1204402SUSE bug 1204415SUSE bug 1204417SUSE bug 1204431SUSE bug 1204439SUSE bug 1204470SUSE bug 1204479SUSE bug 1204574SUSE bug 1204575SUSE bug 1204619SUSE bug 1204635SUSE bug 1204637SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204728SUSE bug 1204753SUSE bug 1204754CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806)
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807)
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923)
ImportantSUSE bug 1027519SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33747 at SUSECVE-2022-33747 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-cryptography, python-cryptography-vectors (Important)SUSE Linux Enterprise Micro 5.1
This update for python-cryptography, python-cryptography-vectors fixes the following issues:
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2
* 2.9.2 - 2020-04-22
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
* 2.9.1 - 2020-04-21
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
* 2.9 - 2020-04-02
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
- Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
- Added support for parsing single_extensions in an OCSP response.
- NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2:
* updated vectors for the cryptography 2.9.2 testing
ImportantSUSE bug 1101820SUSE bug 1149792SUSE bug 1176785SUSE bug 1177083CVE-2018-10903 at SUSECVE-2018-10903 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
- CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700).
- CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
- CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
- CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
- ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
- ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically (git-fixes).
- ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - add supported devices as contributed on github (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
- KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes).
- KVM: s390: pv: do not present the ecall interrupt twice (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
- PCI: Dynamically map ECAM regions (bsc#1204382).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states (git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- RDMA/cxgb4: Remove MW support (git-fixes)
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- RDMA/efa: Remove double QP type assignment (git-fixes)
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- RDMA/mlx4: Return missed an error if device does not support steering (git-fixes)
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)
- RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- RDMA/rxe: Fix failure during driver load (git-fixes)
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- RDMA: Verify port when creating flow rule (git-fixes)
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes).
- Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes).
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- arm64: assembler: add cond_yield macro (git-fixes)
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
- crypto: akcipher - default implementation for setting a private key (git-fixes).
- crypto: arm64/sha - fix function types (git-fixes)
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- crypto: cavium - prevent integer overflow loading firmware (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
- device property: Fix documentation for *_match_string() APIs (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
- dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dyndbg: let query-modname override actual module name (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725).
- fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
- gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
- iio: inkern: only release the device node when done with it (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
- kbuild: remove the target in signal traps when interrupted (git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559).
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
- locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
- media: aspeed-video: ignore interrupts that are not enabled (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
- mfd: sm501: Add check for platform_driver_register() (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
- mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
- mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
- mmc: core: Replace with already defined values for readability (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
- net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- padata: introduce internal padata_get/put_pd() helpers (bsc#1202638).
- padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638).
- parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
- powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
- powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931).
- quota: widen timestamps for the fs_disk_quota structure (bsc#1203387).
- regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931).
- selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
- struct pci_config_window kABI workaround (bsc#1204382).
- thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
- usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
- wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
- xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes).
- xfs: enable big timestamps (bsc#1203387).
- xfs: enable new inode btree counters feature (bsc#1203387).
- xfs: explicitly define inode timestamp range (bsc#1203387).
- xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes).
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- xfs: remove obsolete AGF counter debugging (git-fixes).
- xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes).
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- xfs: use a struct timespec64 for the in-core crtime (bsc#1203387).
- xfs: use the finobt block counts to speed up mount times (bsc#1203387).
- xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387).
- xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387).
- xhci: Do not show warning for reinit on known broken suspend (git-fixes).
ImportantSUSE bug 1032323SUSE bug 1065729SUSE bug 1152489SUSE bug 1198702SUSE bug 1200465SUSE bug 1200788SUSE bug 1201725SUSE bug 1202638SUSE bug 1202686SUSE bug 1202700SUSE bug 1203066SUSE bug 1203098SUSE bug 1203387SUSE bug 1203391SUSE bug 1203496SUSE bug 1203802SUSE bug 1204053SUSE bug 1204166SUSE bug 1204168SUSE bug 1204354SUSE bug 1204355SUSE bug 1204382SUSE bug 1204402SUSE bug 1204415SUSE bug 1204417SUSE bug 1204431SUSE bug 1204439SUSE bug 1204470SUSE bug 1204479SUSE bug 1204574SUSE bug 1204575SUSE bug 1204619SUSE bug 1204635SUSE bug 1204637SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204728SUSE bug 1204753SUSE bug 1204754CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDcpe:/o:suse:suse-microos:5.1Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for systemd fixes the following issues:
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
* 8a70235d8a core: Add trigger limit for path units
* 93e544f3a0 core/mount: also add default before dependency for automount mount units
* 5916a7748c logind: fix crash in logind on user-specified message string
- Document udev naming scheme (bsc#1204179).
ModerateSUSE bug 1204179SUSE bug 1204968CVE-2022-3821 at SUSECVE-2022-3821 at NVDcpe:/o:suse:suse-microos:5.1Security update for sudo (Important)SUSE Linux Enterprise Micro 5.1
This update for sudo fixes the following issues:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986).
- Fix wrong information output in the error message (bsc#1190818).
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
ImportantSUSE bug 1190818SUSE bug 1203201SUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:suse-microos:5.1Security update for dpkg (Low)SUSE Linux Enterprise Micro 5.1
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
LowSUSE bug 1199944CVE-2022-1664 at SUSECVE-2022-1664 at NVDcpe:/o:suse:suse-microos:5.1Security update for pixman (Important)SUSE Linux Enterprise Micro 5.1
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:suse-microos:5.1Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-microos:5.1Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for opensc fixes the following issues:
- CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c (bsc#1122756).
ModerateSUSE bug 1122756CVE-2019-6502 at SUSECVE-2019-6502 at NVDcpe:/o:suse:suse-microos:5.1Security update for libdb-4_8 (Low)SUSE Linux Enterprise Micro 5.1
This update for libdb-4_8 fixes the following issues:
- CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414).
LowSUSE bug 1174414CVE-2019-2708 at SUSECVE-2019-2708 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2022-45061: Fixed possible DoS when IDNA decoding extremely long domain names (bsc#1205244).
ImportantSUSE bug 1205244CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:suse-microos:5.1Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.1
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
Bug fixes:
- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)
ModerateSUSE bug 1184689SUSE bug 1188086SUSE bug 1192252SUSE bug 1192648SUSE bug 1197428SUSE bug 1200330SUSE bug 1202269SUSE bug 1202337SUSE bug 1202417SUSE bug 1203818cpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0814:
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).
ImportantSUSE bug 1192478SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:suse-microos:5.1Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for systemd fixes the following issues:
- CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178)
ModerateSUSE bug 1178561SUSE bug 1190515SUSE bug 1194178CVE-2021-3997 at SUSECVE-2021-3997 at NVDcpe:/o:suse:suse-microos:5.1Security update for libtpms (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libtpms fixes the following issues:
- CVE-2021-3623: Fixed out-of-bounds access when trying to resume the
state of the vTPM (bsc#1187767)
ModerateSUSE bug 1187767SUSE bug 1204556CVE-2021-3623 at SUSECVE-2021-3623 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).
Also includes the following fix:
- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).
ImportantSUSE bug 1197284SUSE bug 1206065SUSE bug 1206235CVE-2022-23471 at SUSECVE-2022-23471 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.1Security update for ceph (Important)SUSE Linux Enterprise Micro 5.1
This update for ceph fixes the following issues:
ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573):
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
+ (bsc#1200064,) Remove last vestiges of docker.io image paths
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1194875) [SES7P] include/buffer: include <memory>
+ cephadm: update image paths to registry.suse.com
+ cephadm: use snmp-notifier image from registry.suse.de
+ cephadm: infer the default container image during pull
+ mgr/cephadm: try to get FQDN for inventory address
+ (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12
+ (bsc#1196938) cephadm: preserve authorized_keys file during upgrade
+ Update Prometheus Container image paths (pr #459)
+ mgr/dashboard: Fix documentation URL (pr #456)
+ mgr/dashboard: Adapt downstream branded navigation page (pr #454)
+ Update prometheus-server version
+ (bsc#1194353) Downstream branding breaks dashboard npm build
+ (bsc#1178073) mgr/dashboard: fix downstream NFS doc links
ImportantSUSE bug 1178073SUSE bug 1194131SUSE bug 1194353SUSE bug 1194875SUSE bug 1195359SUSE bug 1196044SUSE bug 1196785SUSE bug 1196938SUSE bug 1200064SUSE bug 1200553CVE-2021-3979 at SUSECVE-2021-3979 at NVDcpe:/o:suse:suse-microos:5.1Security update for cni (Important)SUSE Linux Enterprise Micro 5.1
This update for cni fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
ImportantSUSE bug 1181961CVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:suse-microos:5.1Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.1
This update for cni-plugins fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
ImportantSUSE bug 1181961CVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:suse-microos:5.1Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.1
This update for conmon fixes the following issues:
conmon was updated to version 2.1.5:
* don't leak syslog_identifier
* logging: do not read more that the buf size
* logging: fix error handling
* Makefile: Fix install for FreeBSD
* signal: Track changes to get_signal_descriptor in the FreeBSD version
* Packit: initial enablement
Update to version 2.1.4:
* Fix a bug where conmon crashed when it got a SIGCHLD
update to 2.1.3:
* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max
Update to version 2.1.2:
* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level
Update to version 2.1.0
* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Update to version 2.0.32
* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command
Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
ModerateSUSE bug 1200285CVE-2022-1708 at SUSECVE-2022-1708 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
The following non-security bugs were fixed:
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes).
- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes).
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes).
- KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes).
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215).
- NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix typo (bsc#1204446).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: remove old LARA-R6 PID.
- Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
- add another bug reference to some hyperv changes (bsc#1205617).
- arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
- block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- block: use 'unsigned long' for blk_validate_block_size() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986).
- ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987).
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- dm era: commit metadata in postsuspend after worker stops (git-fixes).
- dm integrity: set journal entry unused when shrinking device (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
- dm raid: fix accesses beyond end of raid member array (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes).
- dm writecache: return the exact table values that were set (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes).
- dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- kABI: remove new member of usbip_device (git-fixes).
- kabi: fix transport_add_device change (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).
- media: vim2m: initialize the media device earlier (git-fixes).
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
- mmc: core: properly select voltage range without power cycle (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfsd: set the server_scope during service startup (bsc#1203746).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
- powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
- printk: use atomic updates for klogd work (bsc#1204934).
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- r8152: Add MAC passthrough support to new device (git-fixes).
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Allow splice to read previous partially read pages (git-fixes).
- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
- ring-buffer: Fix race between reset page and reading page (git-fixes).
- ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
- ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- rndis_host: increase sleep time in the query-response loop (git-fixes).
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
- scsi: drivers: base: Propagate errors through the transport component (git-fixes).
- scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes).
- scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
- staging: greybus: light: fix a couple double frees (git-fixes).
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).
- tracing/ring-buffer: Have polling block on watermark (git-fixes).
- tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
- tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
- tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
- tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
- tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup.
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: stub_dev: remake locking for kABI (git-fixes).
- usbip: synchronize event handler with sysfs code paths (git-fixes).
- usbip: usbip_event: use global lock (git-fixes).
- usbip: vudc synchronize sysfs code paths (git-fixes).
- usbip: vudc_sysfs: use global lock (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845)
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
- vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967).
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
- x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes).
- x86/xen: Distribute switch variables for initialization (git-fixes).
- x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
- xen-blkback: prevent premature module unload (git-fixes).
- xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes).
- xen/balloon: fix balloon kthread freezing (git-fixes).
- xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes).
- xen/balloon: fix cancelled balloon action (git-fixes).
- xen/balloon: use a kernel thread instead a workqueue (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/gntdev: Prevent leaking grants (git-fixes).
- xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
- xen/privcmd: Corrected error handling path (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes).
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
- xenbus: req->body should be updated before req->state (git-fixes).
- xenbus: req->err should be updated before req->state (git-fixes).
- xfs: Lower CIL flush limit for large logs (git-fixes).
- xfs: Throttle commits on delayed background CIL push (git-fixes).
- xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
- xfs: check owner of dir3 blocks (git-fixes).
- xfs: factor common AIL item deletion code (git-fixes).
- xfs: open code insert range extent split helper (git-fixes).
- xfs: rework collapse range into an atomic operation (git-fixes).
- xfs: rework insert range into an atomic operation (git-fixes).
- xfs: tail updates only need to occur when LSN changes (git-fixes).
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- xfs: xfs_buf_corruption_error should take __this_address (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1156395SUSE bug 1184350SUSE bug 1189297SUSE bug 1192761SUSE bug 1200845SUSE bug 1201455SUSE bug 1203144SUSE bug 1203746SUSE bug 1204017SUSE bug 1204142SUSE bug 1204215SUSE bug 1204241SUSE bug 1204328SUSE bug 1204446SUSE bug 1204631SUSE bug 1204636SUSE bug 1204693SUSE bug 1204780SUSE bug 1204791SUSE bug 1204810SUSE bug 1204827SUSE bug 1204850SUSE bug 1204868SUSE bug 1204934SUSE bug 1204957SUSE bug 1204963SUSE bug 1204967SUSE bug 1205128SUSE bug 1205130SUSE bug 1205186SUSE bug 1205220SUSE bug 1205329SUSE bug 1205330SUSE bug 1205428SUSE bug 1205473SUSE bug 1205514SUSE bug 1205617SUSE bug 1205671SUSE bug 1205700SUSE bug 1205705SUSE bug 1205709SUSE bug 1205753SUSE bug 1205796SUSE bug 1205984SUSE bug 1205985SUSE bug 1205986SUSE bug 1205987SUSE bug 1205988SUSE bug 1205989SUSE bug 1206032SUSE bug 1206037SUSE bug 1206207CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
The following non-security bugs were fixed:
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes).
- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes).
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes).
- KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes).
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215).
- NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix typo (bsc#1204446).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: remove old LARA-R6 PID.
- Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
- add another bug reference to some hyperv changes (bsc#1205617).
- arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
- block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- block: use 'unsigned long' for blk_validate_block_size() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986).
- ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987).
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- dm era: commit metadata in postsuspend after worker stops (git-fixes).
- dm integrity: set journal entry unused when shrinking device (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
- dm raid: fix accesses beyond end of raid member array (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes).
- dm writecache: return the exact table values that were set (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes).
- dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- kABI: remove new member of usbip_device (git-fixes).
- kabi: fix transport_add_device change (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995).
- livepatch: fix race between fork and KLP transition (bsc#1071995).
- loop: Check for overflow while configuring loop (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).
- media: vim2m: initialize the media device earlier (git-fixes).
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
- mmc: core: properly select voltage range without power cycle (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfsd: set the server_scope during service startup (bsc#1203746).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
- powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
- printk: use atomic updates for klogd work (bsc#1204934).
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- r8152: Add MAC passthrough support to new device (git-fixes).
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Allow splice to read previous partially read pages (git-fixes).
- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
- ring-buffer: Fix race between reset page and reading page (git-fixes).
- ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
- ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- rndis_host: increase sleep time in the query-response loop (git-fixes).
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
- scsi: drivers: base: Propagate errors through the transport component (git-fixes).
- scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes).
- scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
- staging: greybus: light: fix a couple double frees (git-fixes).
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).
- tracing/ring-buffer: Have polling block on watermark (git-fixes).
- tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
- tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
- tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
- tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
- tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup.
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: stub_dev: remake locking for kABI (git-fixes).
- usbip: synchronize event handler with sysfs code paths (git-fixes).
- usbip: usbip_event: use global lock (git-fixes).
- usbip: vudc synchronize sysfs code paths (git-fixes).
- usbip: vudc_sysfs: use global lock (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845)
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
- vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967).
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
- x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes).
- x86/xen: Distribute switch variables for initialization (git-fixes).
- x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
- xen-blkback: prevent premature module unload (git-fixes).
- xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes).
- xen/balloon: fix balloon kthread freezing (git-fixes).
- xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes).
- xen/balloon: fix cancelled balloon action (git-fixes).
- xen/balloon: use a kernel thread instead a workqueue (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/gntdev: Prevent leaking grants (git-fixes).
- xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
- xen/privcmd: Corrected error handling path (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes).
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
- xenbus: req->body should be updated before req->state (git-fixes).
- xenbus: req->err should be updated before req->state (git-fixes).
- xfs: Lower CIL flush limit for large logs (git-fixes).
- xfs: Throttle commits on delayed background CIL push (git-fixes).
- xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
- xfs: check owner of dir3 blocks (git-fixes).
- xfs: factor common AIL item deletion code (git-fixes).
- xfs: open code insert range extent split helper (git-fixes).
- xfs: rework collapse range into an atomic operation (git-fixes).
- xfs: rework insert range into an atomic operation (git-fixes).
- xfs: tail updates only need to occur when LSN changes (git-fixes).
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- xfs: xfs_buf_corruption_error should take __this_address (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1156395SUSE bug 1184350SUSE bug 1189297SUSE bug 1192761SUSE bug 1199657SUSE bug 1200845SUSE bug 1201455SUSE bug 1201469SUSE bug 1203144SUSE bug 1203746SUSE bug 1203960SUSE bug 1204017SUSE bug 1204142SUSE bug 1204215SUSE bug 1204228SUSE bug 1204241SUSE bug 1204328SUSE bug 1204414SUSE bug 1204446SUSE bug 1204636SUSE bug 1204693SUSE bug 1204780SUSE bug 1204791SUSE bug 1204810SUSE bug 1204827SUSE bug 1204850SUSE bug 1204868SUSE bug 1204934SUSE bug 1204957SUSE bug 1204963SUSE bug 1204967SUSE bug 1205128SUSE bug 1205130SUSE bug 1205220SUSE bug 1205264SUSE bug 1205329SUSE bug 1205330SUSE bug 1205428SUSE bug 1205473SUSE bug 1205514SUSE bug 1205567SUSE bug 1205617SUSE bug 1205671SUSE bug 1205700SUSE bug 1205705SUSE bug 1205709SUSE bug 1205753SUSE bug 1205796SUSE bug 1205984SUSE bug 1205985SUSE bug 1205986SUSE bug 1205987SUSE bug 1205988SUSE bug 1205989SUSE bug 1206032SUSE bug 1206037SUSE bug 1206207CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:suse-microos:5.1Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:suse-microos:5.1Security update for systemd (Important)SUSE Linux Enterprise Micro 5.1
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
- Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857).
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
ImportantSUSE bug 1200723SUSE bug 1203857SUSE bug 1204423SUSE bug 1205000CVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Updated to version 9.0.1040:
- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
ModerateSUSE bug 1206309CVE-2022-43552 at SUSECVE-2022-43552 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054).
- CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217).
ImportantSUSE bug 1195054SUSE bug 1195217CVE-2022-23852 at SUSECVE-2022-23852 at NVDCVE-2022-23990 at SUSECVE-2022-23990 at NVDcpe:/o:suse:suse-microos:5.1Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.1
This update for polkit fixes the following issues:
- CVE-2021-4115: Fixed a denial of service via file descriptor leak (bsc#1195542).
ModerateSUSE bug 1195542CVE-2021-4115 at SUSECVE-2021-4115 at NVDcpe:/o:suse:suse-microos:5.1Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for systemd fixes the following issues:
- CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles (bsc#1194178).
The following non-security bugs were fixed:
- udev/net_id: don't generate slot based names if multiple devices might claim the same slot (bsc#1192637)
- localectl: don't omit keymaps files that are symlinks (bsc#1191826)
ModerateSUSE bug 1191826SUSE bug 1192637SUSE bug 1194178CVE-2021-3997 at SUSECVE-2021-3997 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux RT Kernel (Critical)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input (bsc#1195254).
- CVE-2022-0286: Fixed null pointer dereference in bond_ipsec_add_sa() that may have lead to local denial of service (bnc#1195371).
- CVE-2020-28097: Fixed out-of-bounds read in vgacon subsystem that mishandled software scrollback (bnc#1187723).
- CVE-2021-45095: Fixed refcount leak in pep_sock_accept in net/phonet/pep.c (bnc#1193867).
- CVE-2022-22942: Fixed stale file descriptors on failed usercopy (bsc#1195065).
- CVE-2021-22600: Fixed double free bug in packet_set_ring() in net/packet/af_packet.c that could have been exploited by a local user through crafted syscalls to escalate privileges or deny service (bnc#1195184).
- CVE-2021-39657: Fixed out of bounds read due to a missing bounds check in ufshcd_eh_device_reset_handler of ufshcd.c. This could lead to local information disclosure with System execution privileges needed (bnc#1193864).
- CVE-2021-39648: Fixed possible disclosure of kernel heap memory due to a race condition in gadget_dev_desc_UDC_show of configfs.c. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation (bnc#1193861).
- CVE-2021-39685: Fixed USB gadget buffer overflow caused by too large endpoint 0 requests (bsc#1193802).
- CVE-2022-0330: Fixed flush TLBs before releasing backing store (bsc#1194880).
The following non-security bugs were fixed:
- ACPI: battery: Add the ThinkPad 'Not Charging' quirk (git-fixes).
- ACPICA: Executer: Fix the REFCLASS_REFOF case in acpi_ex_opcode_1A_0T_1R() (git-fixes).
- ACPICA: Fix wrong interpretation of PCC address (git-fixes).
- ACPICA: Hardware: Do not flush CPU cache when entering S4 and S5 (git-fixes).
- ACPICA: Utilities: Avoid deleting the same object twice in a row (git-fixes).
- ACPICA: actypes.h: Expand the ACPI_ACCESS_ definitions (git-fixes).
- ALSA: seq: Set upper limit of processed events (git-fixes).
- ALSA: usb-audio: Correct quirk for VF0770 (git-fixes).
- ALSA: usb-audio: initialize variables that could ignore errors (git-fixes).
- ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name (git-fixes).
- ASoC: fsl: Add missing error handling in pcm030_fabric_probe (git-fixes).
- ASoC: max9759: fix underflow in speaker_gain_control_put() (git-fixes).
- ASoC: mediatek: mt8173: fix device_node leak (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes (git-fixes).
- Bluetooth: Fix debugfs entry leak in hci_register_dev() (git-fixes).
- Bluetooth: refactor malicious adv data check (git-fixes).
- Documentation: fix firewire.rst ABI file path error (git-fixes).
- HID: apple: Do not reset quirks when the Fn key is not found (git-fixes).
- HID: quirks: Allow inverting the absolute X/Y values (git-fixes).
- HID: uhid: Fix worker destroying device without any protection (git-fixes).
- HID: wacom: Reset expected and received contact counts at the same time (git-fixes).
- IB/cm: Avoid a loop when device has 255 ports (git-fixes)
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- IB/isert: Fix a use after free in isert_connect_request (git-fixes)
- IB/mlx4: Separate tunnel and wire bufs parameters (git-fixes)
- IB/mlx5: Add missing error code (git-fixes)
- IB/mlx5: Add mutex destroy call to cap_mask_mutex mutex (git-fixes)
- IB/mlx5: Fix error unwinding when set_has_smi_cap fails (git-fixes)
- IB/mlx5: Return appropriate error code instead of ENOMEM (git-fixes)
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- Input: wm97xx: Simplify resource management (git-fixes).
- NFS: Ensure the server had an up to date ctime before renaming (git-fixes).
- NFSv4: Handle case where the lookup of a directory fails (git-fixes).
- NFSv4: nfs_atomic_open() can race when looking up a non-regular file (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9125 SATA controller (git-fixes).
- PM: wakeup: simplify the output logic of pm_show_wakelocks() (git-fixes).
- RDMA/addr: Be strict with gid size (git-fixes)
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
- RDMA/core: Always release restrack object (git-fixes)
- RDMA/core: Clean up cq pool mechanism (jsc#SLE-15176).
- RDMA/core: Do not access cm_id after its destruction (git-fixes)
- RDMA/core: Do not indicate device ready when device enablement fails (git-fixes)
- RDMA/core: Fix corrupted SL on passive side (git-fixes)
- RDMA/core: Unify RoCE check and re-factor code (git-fixes)
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- RDMA/hns: Remove the portn field in UD SQ WQE (git-fixes)
- RDMA/hns: Remove unnecessary access right set during INIT2INIT (git-fixes)
- RDMA/i40iw: Address an mmap handler exploit in i40iw (git-fixes)
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- RDMA/mlx5: Fix query DCT via DEVX (git-fixes)
- RDMA/mlx5: Fix type warning of sizeof in __mlx5_ib_alloc_counters() (git-fixes)
- RDMA/mlx5: Fix wrong free of blue flame register on error (git-fixes)
- RDMA/mlx5: Issue FW command to destroy SRQ on reentry (git-fixes)
- RDMA/mlx5: Recover from fatal event in dual port mode (git-fixes)
- RDMA/mlx5: Use the correct obj_id upon DEVX TIR creation (git-fixes)
- RDMA/ocrdma: Fix use after free in ocrdma_dealloc_ucontext_pd() (git-fixes)
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- RDMA/rxe: Remove the unnecessary variable (jsc#SLE-15176).
- RDMA/rxe: Remove useless code in rxe_recv.c (git-fixes)
- RDMA/siw: Fix a use after free in siw_alloc_mr (git-fixes)
- RDMA/siw: Fix calculation of tx_valid_cpus size (git-fixes)
- RDMA/siw: Fix handling of zero-sized Read and Receive Queues. (git-fixes)
- RDMA/siw: Properly check send and receive CQ pointers (git-fixes)
- RDMA/siw: Release xarray entry (git-fixes)
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- RDMA/uverbs: Fix a NULL vs IS_ERR() bug (git-fixes)
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- RMDA/sw: Do not allow drivers using dma_virt_ops on highmem configs (git-fixes)
- USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes).
- USB: serial: mos7840: fix probe error handling (git-fixes).
- ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply (git-fixes).
- asix: fix wrong return value in asix_check_host_enable() (git-fixes).
- ata: pata_platform: Fix a NULL pointer dereference in __pata_platform_probe() (git-fixes).
- ath10k: Fix tx hanging (git-fixes).
- ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream (git-fixes).
- batman-adv: allow netlink usage in unprivileged containers (git-fixes).
- blk-cgroup: fix missing put device in error path from blkg_conf_pref() (bsc#1195481).
- blk-mq: introduce blk_mq_set_request_complete (git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes).
- bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() (bsc#1194227).
- btrfs: tree-checker: Add EXTENT_ITEM and METADATA_ITEM check (bsc#1195009).
- btrfs: tree-checker: annotate all error branches as unlikely (bsc#1195009).
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set improperly (bsc#1195009).
- cgroup/cpuset: Fix a partition bug with hotplug (bsc#1194291).
- clk: si5341: Fix clock HW provider cleanup (git-fixes).
- crypto: qat - fix undetected PFVF timeout in ACK loop (git-fixes).
- dma-buf: heaps: Fix potential spectre v1 gadget (git-fixes).
- drm/amdgpu: fixup bad vram size on gmc v8 (git-fixes).
- drm/bridge: megachips: Ensure both bridges are probed before registration (git-fixes).
- drm/etnaviv: limit submit sizes (git-fixes).
- drm/etnaviv: relax submit size limits (git-fixes).
- drm/i915/overlay: Prevent divide by zero bugs in scaling (git-fixes).
- drm/lima: fix warning when CONFIG_DEBUG_SG=y & CONFIG_DMA_API_DEBUG=y (git-fixes).
- drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc (git-fixes).
- drm/msm/dsi: Fix missing put_device() call in dsi_get_phy (git-fixes).
- drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable (git-fixes).
- drm/msm/hdmi: Fix missing put_device() call in msm_hdmi_get_phy (git-fixes).
- drm/msm: Fix wrong size calculation (git-fixes).
- drm/nouveau/kms/nv04: use vzalloc for nv04_display (git-fixes).
- drm/nouveau/pmu/gm200-: avoid touching PMU outside of DEVINIT/PREOS/ACR (git-fixes).
- drm/nouveau: fix off by one in BIOS boundary checking (git-fixes).
- drm/radeon: fix error handling in radeon_driver_open_kms (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Lenovo Yoga Book X91F/L (git-fixes).
- ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: set csum seed in tmp inode while migrating to extents (bsc#1195267).
- floppy: Add max size check for user space request (git-fixes).
- fsnotify: fix fsnotify hooks in pseudo filesystems (bsc#1195479).
- fsnotify: invalidate dcache before IN_DELETE event (bsc#1195478).
- gpio: aspeed: Convert aspeed_gpio.lock to raw_spinlock (git-fixes).
- gpiolib: acpi: Do not set the IRQ type if the IRQ is already in use (git-fixes).
- hv_netvsc: Set needed_headroom according to VF (bsc#1193506).
- hwmom: (lm90) Fix citical alarm status for MAX6680/MAX6681 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6646/6647/6649 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6654 (git-fixes).
- hwmon: (lm90) Mark alert as broken for MAX6680 (git-fixes).
- hwmon: (lm90) Reduce maximum conversion rate for G781 (git-fixes).
- i2c: designware-pci: Fix to change data types of hcnt and lcnt parameters (git-fixes).
- i2c: i801: Do not silently correct invalid transfer size (git-fixes).
- i2c: mpc: Correct I2C reset procedure (git-fixes).
- i40iw: Add support to make destroy QP synchronous (git-fixes)
- ibmvnic: Allow extra failures before disabling (bsc#1195073 ltc#195713).
- ibmvnic: Update driver return codes (bsc#1195293 ltc#196198).
- ibmvnic: do not spin in tasklet (bsc#1195073 ltc#195713).
- ibmvnic: init ->running_cap_crqs early (bsc#1195073 ltc#195713).
- ibmvnic: remove unused ->wait_capability (bsc#1195073 ltc#195713).
- ibmvnic: remove unused defines (bsc#1195293 ltc#196198).
- igc: Fix TX timestamp support for non-MSI-X platforms (bsc#1160634).
- iwlwifi: fix leaks/bad data after failed firmware load (git-fixes).
- iwlwifi: mvm: Fix calculation of frame length (git-fixes).
- iwlwifi: mvm: Increase the scan timeout guard to 30 seconds (git-fixes).
- iwlwifi: mvm: synchronize with FW after multicast commands (git-fixes).
- iwlwifi: remove module loading failure message (git-fixes).
- lib82596: Fix IRQ check in sni_82596_probe (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881).
- mac80211: allow non-standard VHT MCS-10/11 (git-fixes).
- media: b2c2: Add missing check in flexcop_pci_isr: (git-fixes).
- media: coda/imx-vdoa: Handle dma_set_coherent_mask error codes (git-fixes).
- media: igorplugusb: receiver overflow should be reported (git-fixes).
- media: m920x: do not use stack on USB reads (git-fixes).
- media: saa7146: hexium_gemini: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: saa7146: hexium_orion: Fix a NULL pointer dereference in hexium_attach() (git-fixes).
- media: uvcvideo: Increase UVC_CTRL_CONTROL_TIMEOUT to 5 seconds (git-fixes).
- mlxsw: Only advertise link modes supported by both driver and device (bsc#1154488).
- mmc: core: Fixup storing of OCR for MMC_QUIRK_NONSTD_SDIO (git-fixes).
- mtd: nand: bbt: Fix corner case in bad block table handling (git-fixes).
- mtd: rawnand: gpmi: Add ERR007117 protection for nfc_apply_timings (git-fixes).
- mtd: rawnand: gpmi: Remove explicit default gpmi clock setting for i.MX6 (git-fixes).
- net, xdp: Introduce xdp_init_buff utility routine (bsc#1193506).
- net, xdp: Introduce xdp_prepare_buff utility routine (bsc#1193506).
- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (jsc#SLE-8464).
- net/mlx5: E-Switch, fix changing vf VLANID (jsc#SLE-15172).
- net/mlx5e: Protect encap route dev from concurrent release (jsc#SLE-8464).
- net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428).
- net: bonding: fix bond_xmit_broadcast return value error bug (bsc#1176447).
- net: bridge: vlan: fix memory leak in __allowed_ingress (bsc#1176447).
- net: bridge: vlan: fix single net device option dumping (bsc#1176447).
- net: mana: Add RX fencing (bsc#1193506).
- net: mana: Add XDP support (bsc#1193506).
- net: sch_generic: aviod concurrent reset and enqueue op for lockless qdisc (bsc#1183405).
- net: sched: add barrier to ensure correct ordering for lockless qdisc (bsc#1183405).
- net: sched: avoid unnecessary seqcount operation for lockless qdisc (bsc#1183405).
- net: sched: fix packet stuck problem for lockless qdisc (bsc#1183405).
- net: sched: fix tx action reschedule issue with stopped queue (bsc#1183405).
- net: sched: fix tx action rescheduling issue during deactivation (bsc#1183405).
- net: sched: replaced invalid qdisc tree flush helper in qdisc_replace (bsc#1183405).
- net: sfp: fix high power modules without diagnostic monitoring (bsc#1154353).
- netdevsim: set .owner to THIS_MODULE (bsc#1154353).
- nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() (git-fixes).
- nvme-core: use list_add_tail_rcu instead of list_add_tail for nvme_init_ns_head (git-fixes).
- nvme-fabrics: avoid double completions in nvmf_fail_nonready_command (git-fixes).
- nvme-fabrics: ignore invalid fast_io_fail_tmo values (git-fixes).
- nvme-fabrics: remove superfluous nvmf_host_put in nvmf_parse_options (git-fixes).
- nvme-tcp: fix data digest pointer calculation (git-fixes).
- nvme-tcp: fix incorrect h2cdata pdu offset accounting (git-fixes).
- nvme-tcp: fix memory leak when freeing a queue (git-fixes).
- nvme-tcp: fix possible use-after-completion (git-fixes).
- nvme-tcp: validate R2T PDU in nvme_tcp_handle_r2t() (git-fixes).
- nvme: add 'iopolicy' module parameter (bsc#1177599 bsc#1193096).
- nvme: fix use after free when disconnecting a reconnecting ctrl (git-fixes).
- nvme: introduce a nvme_host_path_error helper (git-fixes).
- nvme: refactor ns->ctrl by request (git-fixes).
- phy: uniphier-usb3ss: fix unintended writing zeros to PHY register (git-fixes).
- phylib: fix potential use-after-free (git-fixes).
- pinctrl: bcm2835: Add support for wake-up interrupts (git-fixes).
- pinctrl: bcm2835: Match BCM7211 compatible string (git-fixes).
- pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line (git-fixes).
- pinctrl: intel: fix unexpected interrupt (git-fixes).
- powerpc/book3s64/radix: make tlb_single_page_flush_ceiling a debugfs entry (bsc#1195183 ltc#193865).
- powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending (bsc#1156395).
- regulator: qcom_smd: Align probe function with rpmh-regulator (git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev (git-fixes).
- rpmsg: char: Fix race between the release of rpmsg_eptdev and cdev (git-fixes).
- rsi: Fix use-after-free in rsi_rx_done_handler() (git-fixes).
- sched/fair: Fix detection of per-CPU kthreads waking a task (git fixes (sched/fair)).
- sched/numa: Fix is_core_idle() (git fixes (sched/numa)).
- scripts/dtc: dtx_diff: remove broken example from help text (git-fixes).
- scripts/dtc: only append to HOST_EXTRACFLAGS instead of overwriting (git-fixes).
- serial: 8250: of: Fix mapped region size when using reg-offset property (git-fixes).
- serial: Fix incorrect rs485 polarity on uart open (git-fixes).
- serial: amba-pl011: do not request memory region twice (git-fixes).
- serial: core: Keep mctrl register state and cached copy in sync (git-fixes).
- serial: pl010: Drop CR register reset on set_termios (git-fixes).
- serial: stm32: fix software flow control transfer (git-fixes).
- spi: bcm-qspi: check for valid cs before applying chip select (git-fixes).
- spi: mediatek: Avoid NULL pointer crash in interrupt (git-fixes).
- spi: meson-spicc: add IRQ check in meson_spicc_probe (git-fixes).
- supported.conf: mark rtw88 modules as supported (jsc#SLE-22690)
- tty: Add support for Brainboxes UC cards (git-fixes).
- tty: n_gsm: fix SW flow control encoding/handling (git-fixes).
- ucsi_ccg: Check DEV_INT bit only when starting CCG4 (git-fixes).
- udf: Fix NULL ptr deref when converting from inline format (bsc#1195476).
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1195477).
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes).
- usb: common: ulpi: Fix crash in ulpi_match() (git-fixes).
- usb: gadget: f_fs: Use stream_open() for endpoint files (git-fixes).
- usb: gadget: f_sourcesink: Fix isoc transfer for USB_SPEED_SUPER_PLUS (git-fixes).
- usb: hub: Add delay for SuperSpeed hub resume to let links transit to U0 (git-fixes).
- usb: roles: fix include/linux/usb/role.h compile issue (git-fixes).
- usb: typec: tcpm: Do not disconnect while receiving VBUS off (git-fixes).
- usb: uhci: add aspeed ast2600 uhci support (git-fixes).
- vfio/iommu_type1: replace kfree with kvfree (git-fixes).
- video: hyperv_fb: Fix validation of screen resolution (git-fixes).
- vxlan: fix error return code in __vxlan_dev_create() (bsc#1154353).
- x86/gpu: Reserve stolen memory for first integrated Intel GPU (git-fixes).
- xfrm: fix MTU regression (bsc#1185377, bsc#1194048).
- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (git-fixes).
CriticalSUSE bug 1154353SUSE bug 1154488SUSE bug 1156395SUSE bug 1160634SUSE bug 1176447SUSE bug 1177599SUSE bug 1183405SUSE bug 1185377SUSE bug 1187428SUSE bug 1187723SUSE bug 1188605SUSE bug 1191881SUSE bug 1193096SUSE bug 1193506SUSE bug 1193802SUSE bug 1193861SUSE bug 1193864SUSE bug 1193867SUSE bug 1194048SUSE bug 1194227SUSE bug 1194291SUSE bug 1194880SUSE bug 1195009SUSE bug 1195065SUSE bug 1195073SUSE bug 1195183SUSE bug 1195184SUSE bug 1195254SUSE bug 1195267SUSE bug 1195293SUSE bug 1195371SUSE bug 1195476SUSE bug 1195477SUSE bug 1195478SUSE bug 1195479SUSE bug 1195480SUSE bug 1195481SUSE bug 1195482CVE-2020-28097 at SUSECVE-2020-28097 at NVDCVE-2021-22600 at SUSECVE-2021-22600 at NVDCVE-2021-39648 at SUSECVE-2021-39648 at NVDCVE-2021-39657 at SUSECVE-2021-39657 at NVDCVE-2021-39685 at SUSECVE-2021-39685 at NVDCVE-2021-45095 at SUSECVE-2021-45095 at NVDCVE-2022-0286 at SUSECVE-2022-0286 at NVDCVE-2022-0330 at SUSECVE-2022-0330 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220207 release.
- CVE-2021-0146: Fixed a potential security vulnerability in some Intel Processors may allow escalation of privilege (bsc#1192615)
- CVE-2021-0127: Intel Processor Breakpoint Control Flow (bsc#1195779)
- CVE-2021-0145: Fast store forward predictor - Cross Domain Training (bsc#1195780)
- CVE-2021-33120: Out of bounds read for some Intel Atom processors (bsc#1195781)
- Security updates for [INTEL-SA-00528](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html)
- Security updates for [INTEL-SA-00532](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00532.html)
ImportantSUSE bug 1192615SUSE bug 1195779SUSE bug 1195780SUSE bug 1195781CVE-2021-0127 at SUSECVE-2021-0127 at NVDCVE-2021-0145 at SUSECVE-2021-0145 at NVDCVE-2021-0146 at SUSECVE-2021-0146 at NVDCVE-2021-33120 at SUSECVE-2021-33120 at NVDcpe:/o:suse:suse-microos:5.1Security update for libmspack (Low)SUSE Linux Enterprise Micro 5.1
This update for libmspack fixes the following issues:
- CVE-2018-18586: Fixed directory traversal in chmextract by adding anti '../' and leading slash protection (bsc#1113040).
LowSUSE bug 1113040CVE-2018-18586 at SUSECVE-2018-18586 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
ImportantSUSE bug 1196025SUSE bug 1196026SUSE bug 1196168SUSE bug 1196169SUSE bug 1196171CVE-2022-25235 at SUSECVE-2022-25235 at NVDCVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2022-25313 at SUSECVE-2022-25313 at NVDCVE-2022-25314 at SUSECVE-2022-25314 at NVDCVE-2022-25315 at SUSECVE-2022-25315 at NVDcpe:/o:suse:suse-microos:5.1Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.1
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732).
- CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733).
ImportantSUSE bug 1194732SUSE bug 1194733CVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).
ModerateSUSE bug 1196167CVE-2021-4209 at SUSECVE-2021-4209 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
ModerateSUSE bug 1196441CVE-2022-23648 at SUSECVE-2022-23648 at NVDcpe:/o:suse:suse-microos:5.1Security update for libeconf, shadow and util-linux (Moderate)SUSE Linux Enterprise Micro 5.1
This security update for libeconf, shadow and util-linux fix the following issues:
libeconf:
- Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow'
to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
Issues fixed in libeconf:
- Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
- Fixed different issues while writing string values to file.
- Writing comments to file too.
- Fixed crash while merging values.
- Added econftool cat option (#146)
- new API call: econf_readDirsHistory (showing ALL locations)
- new API call: econf_getPath (absolute path of the configuration file)
- Man pages libeconf.3 and econftool.8.
- Handling multiline strings.
- Added libeconf_ext which returns more information like
line_nr, comments, path of the configuration file,...
- Econftool, an command line interface for handling configuration
files.
- Generating HTML API documentation with doxygen.
- Improving error handling and semantic file check.
- Joining entries with the same key to one single entry if
env variable ECONF_JOIN_SAME_ENTRIES has been set.
shadow:
- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to
read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
util-linux:
- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to
read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
- Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507)
- Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507)
- CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
- CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
ModerateSUSE bug 1188507SUSE bug 1192954SUSE bug 1193632SUSE bug 1194976CVE-2021-3995 at SUSECVE-2021-3995 at NVDCVE-2021-3996 at SUSECVE-2021-3996 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570).
- CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893).
- CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481).
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294).
- CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298).
- CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556).
- CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066).
- CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126).
- CVE-2022-0361: Fixed buffer overflow (bsc#1195126).
- CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356).
ImportantSUSE bug 1190533SUSE bug 1190570SUSE bug 1191893SUSE bug 1192478SUSE bug 1192481SUSE bug 1193294SUSE bug 1193298SUSE bug 1194216SUSE bug 1194556SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195356CVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDcpe:/o:suse:suse-microos:5.1Security update for cyrus-sasl (Important)SUSE Linux Enterprise Micro 5.1
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
The following non-security bugs were fixed:
- postfix: sasl authentication with password fails (bsc#1194265).
ImportantSUSE bug 1194265SUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ).
- CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543).
- CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516).
The following non-security bugs were fixed:
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
- ALSA: hda: Fix regression on forced probe mask option (git-fixes).
- ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).
- Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494).
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
- RDMA/core: Always release restrack object (git-fixes)
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- RDMA/siw: Release xarray entry (git-fixes)
- RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).
- USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787).
- blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
- blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes).
- blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
- blk-tag: Hide spin_lock (bsc#1193787).
- block: avoid double io accounting for flush request (bsc#1193787).
- block: do not send a rezise udev event for hidden block device (bsc#1193096).
- block: mark flush request as IDLE when it is really finished (bsc#1193787).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD) (git-fixes).
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195).
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210).
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- ceph: properly put ceph_string reference after async create attempt (bsc#1195798).
- ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes).
- drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
- drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes).
- ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).
- ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).
- gve: Add RX context (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: Fix GFP flags when allocing pages (git-fixes).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
- ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).
- ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes).
- ima: Do not print policy rule with inactive LSM labels (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- integrity: check the return value of audit_log_start() (git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes).
- iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674).
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
- mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
- mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).
- net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012).
- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes).
- nvme: do not return an error from nvme_configure_metadata (git-fixes).
- nvme: let namespace probing continue for unsupported features (git-fixes).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
- powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
- powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
- powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
- s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088).
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540).
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028).
- s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
- s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
- s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244).
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506).
- staging/fbtft: Fix backlight (git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
- tracing: Do not inc err_log entry count if entry allocation fails (git-fixes).
- tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
- tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes).
- tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
- tracing: Propagate is_signed to expression (git-fixes).
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes).
- usb: dwc3: do not set gadget->is_otg flag (git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes).
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
ImportantSUSE bug 1089644SUSE bug 1154353SUSE bug 1157038SUSE bug 1157923SUSE bug 1176447SUSE bug 1176940SUSE bug 1178134SUSE bug 1181147SUSE bug 1181588SUSE bug 1183872SUSE bug 1187716SUSE bug 1188404SUSE bug 1189126SUSE bug 1190812SUSE bug 1190972SUSE bug 1191580SUSE bug 1191655SUSE bug 1191741SUSE bug 1192210SUSE bug 1192483SUSE bug 1193096SUSE bug 1193233SUSE bug 1193243SUSE bug 1193787SUSE bug 1194163SUSE bug 1194967SUSE bug 1195012SUSE bug 1195081SUSE bug 1195286SUSE bug 1195352SUSE bug 1195378SUSE bug 1195506SUSE bug 1195516SUSE bug 1195543SUSE bug 1195668SUSE bug 1195701SUSE bug 1195798SUSE bug 1195799SUSE bug 1195823SUSE bug 1195908SUSE bug 1195928SUSE bug 1195947SUSE bug 1195957SUSE bug 1195995SUSE bug 1196195SUSE bug 1196235SUSE bug 1196339SUSE bug 1196373SUSE bug 1196400SUSE bug 1196403SUSE bug 1196516SUSE bug 1196584SUSE bug 1196585SUSE bug 1196601SUSE bug 1196612SUSE bug 1196776CVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0492 at SUSECVE-2022-0492 at NVDCVE-2022-0516 at SUSECVE-2022-0516 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
The following security bugs were fixed:
- CVE-2022-0001: Fixed Branch History Injection vulnerability (bsc#1191580).
- CVE-2022-0002: Fixed Intra-Mode Branch Target Injection vulnerability (bsc#1191580).
- CVE-2022-0847: Fixed a vulnerability were a local attackers could overwrite data in arbitrary (read-only) files (bsc#1196584).
- CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bnc#1196235 ).
The following non-security bugs were fixed:
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15 (git-fixes).
- ALSA: hda: Fix regression on forced probe mask option (git-fixes).
- ASoC: Revert 'ASoC: mediatek: Check for error clk pointer' (git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw() (git-fixes).
- ASoC: ops: Fix stereo change notifications in snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() (git-fixes).
- Align s390 NVME target options with other architectures (bsc#1188404, jsc#SLE-22494). CONFIG_NVME_TARGET=m CONFIG_NVME_TARGET_PASSTHRU=y CONFIG_NVME_TARGET_LOOP=m CONFIG_NVME_TARGET_RDMA=m CONFIG_NVME_TARGET_FC=m CONFIG_NVME_TARGET_FCLOOP=m CONFIG_NVME_TARGET_TCP=m
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups (git-fixes).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- KVM: remember position in kvm->vcpus array (bsc#1190972 LTC#194674).
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- RDMA/cma: Use correct address when leaving multicast group (bsc#1181147).
- RDMA/ucma: Protect mc during concurrent multicast leaves (bsc#1181147).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes).
- USB: serial: mos7840: remove duplicated 0xac24 device ID (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs (git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue (bsc#1193787).
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one request pool (bsc#1193787).
- blk-mq: clearing flush request reference in tags->rqs (bsc#1193787).
- blk-mq: do not grab rq's refcount in blk_mq_check_expired() (bsc#1193787 git-fixes).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request (bsc#1193787 git-fixes).
- blk-mq: grab rq->refcount before calling ->fn in blk_mq_tagset_busy_iter (bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io() (bsc#1193787).
- blk-tag: Hide spin_lock (bsc#1193787).
- block: avoid double io accounting for flush request (bsc#1193787).
- block: do not send a rezise udev event for hidden block device (bsc#1193096).
- block: mark flush request as IDLE when it is really finished (bsc#1193787).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- btrfs: do not include the global rsv size in the preemptive used amount (bsc#1196195).
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- btrfs: make sure SB_I_VERSION does not get unset by remount (bsc#1192210).
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- ceph: properly put ceph_string reference after async create attempt (bsc#1195798).
- ceph: set pool_ns in new inode layout for async creates (bsc#1195799).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- drm/i915/opregion: check port number bounds for SWSCI display power state (git-fixes).
- drm/i915: Correctly populate use_sagv_wm for all pipes (git-fixes).
- drm/i915: Fix bw atomic check when switching between SAGV vs. no SAGV (git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly (git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields (git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook OneXPlayer (git-fixes).
- ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339).
- ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339).
- gve: Add RX context (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: Fix GFP flags when allocing pages (git-fixes).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct (bsc#1191655).
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix the wrong AdminQ buffer queue index check (bsc#1176940).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- ibmvnic: Allow queueing resets during probe (bsc#1196516 ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516 ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516 ltc#196391).
- ibmvnic: do not release napi in __ibmvnic_open() (bsc#1195668 ltc#195811).
- ibmvnic: free reset-work-item when flushing (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516 ltc#196391).
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400 ltc#195815).
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- ima: Allow template selection with ima_template[_fmt]= after ima_hash= (git-fixes).
- ima: Do not print policy rule with inactive LSM labels (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- integrity: check the return value of audit_log_start() (git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() (git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume (git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask (git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table allocation failure (git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown (git-fixes).
- iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: fix locking when 'HW not ready' (git-fixes).
- iwlwifi: pcie: gen2: fix locking when 'HW not ready' (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF (git-fixes).
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972 LTC#194674).
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- lib/iov_iter: initialize 'flags' in new pipe_buffer (bsc#1196584).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- misc: fastrpc: avoid double fput() on failed usercopy (git-fixes).
- mmc: sdhci-of-esdhc: Check for error num after setting mask (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status (git-fixes).
- mtd: rawnand: gpmi: do not leak PM reference in error path (git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe() (git-fixes).
- net/ibmvnic: Cleanup workaround doing an EOI after partition migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- net/mlx5e: Fix handling of wrong devices during bond netevent (jsc#SLE-15172).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (bsc#1176447).
- net: phy: marvell: Fix MDI-x polarity setting in 88e1118-compatible PHYs (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in 88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118 (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: do not admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() (bsc#1195012).
- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (git-fixes).
- nvme: do not return an error from nvme_configure_metadata (git-fixes).
- nvme: let namespace probing continue for unsupported features (git-fixes).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/pseries/ddw: Revert 'Extend upper limit for huge DMA window for persistent memory' (bsc#1195995 ltc#196394).
- powerpc/pseries: read the lpar name from the firmware (bsc#1187716 ltc#193451).
- powerpc: Set crashkernel offset to mid of RMA region (bsc#1190812).
- powerpc: add link stack flush mitigation status in debugfs (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant (git-fixes).
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243 LTC#195549).
- s390/cio: verify the driver availability for path_event call (bsc#1195928 LTC#196418).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7 (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Sampling Facility LS bit (bsc#1195081 LTC#196088).
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233 LTC#195540).
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967 LTC#196028).
- s390/protvirt: fix error return code in uv_info_init() (jsc#SLE-22135).
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741 LTC#194816).
- s390/uv: add prot virt guest/host indication files (jsc#SLE-22135).
- s390/uv: fix prot virt host indication compilation (jsc#SLE-22135).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- scsi: qla2xxx: Add devids and conditionals for 28xx (bsc#1195823).
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for 28XX adapters (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286).
- scsi: zfcp: Fix failed recovery on gone remote port with non-NPIV FCP devices (bsc#1195378 LTC#196244).
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL (bsc#1195506).
- staging/fbtft: Fix backlight (git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init() (git-fixes).
- tracing: Do not inc err_log entry count if entry allocation fails (git-fixes).
- tracing: Dump stacktrace trigger to the corresponding instance (git-fixes).
- tracing: Fix smatch warning for null glob in event_hist_trigger_parse() (git-fixes).
- tracing: Have traceon and traceoff trigger honor the instance (git-fixes).
- tracing: Propagate is_signed to expression (git-fixes).
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- usb: dwc2: gadget: do not try to disable ep0 in dwc2_hsotg_suspend (git-fixes).
- usb: dwc3: do not set gadget->is_otg flag (git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command (git-fixes).
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE transition (git-fixes).
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
ImportantSUSE bug 1089644SUSE bug 1154353SUSE bug 1157038SUSE bug 1157923SUSE bug 1176447SUSE bug 1176940SUSE bug 1178134SUSE bug 1181147SUSE bug 1181588SUSE bug 1183872SUSE bug 1187716SUSE bug 1188404SUSE bug 1189126SUSE bug 1190812SUSE bug 1190972SUSE bug 1191580SUSE bug 1191655SUSE bug 1191741SUSE bug 1192210SUSE bug 1192483SUSE bug 1193096SUSE bug 1193233SUSE bug 1193243SUSE bug 1193787SUSE bug 1194163SUSE bug 1194967SUSE bug 1195012SUSE bug 1195081SUSE bug 1195286SUSE bug 1195352SUSE bug 1195378SUSE bug 1195506SUSE bug 1195668SUSE bug 1195701SUSE bug 1195798SUSE bug 1195799SUSE bug 1195823SUSE bug 1195928SUSE bug 1195957SUSE bug 1195995SUSE bug 1196195SUSE bug 1196235SUSE bug 1196339SUSE bug 1196400SUSE bug 1196516SUSE bug 1196584CVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDCVE-2022-0847 at SUSECVE-2022-0847 at NVDCVE-2022-25375 at SUSECVE-2022-25375 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404)
- CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599)
- CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990)
- CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946)
- CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440)
- CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440)
- CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440)
- CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442)
- CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442)
- CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that could allow an authenticate user to cause a denial of service (bnc#1192877).
- CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845)
- CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847)
- CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094)
- CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087).
The following non-security bugs were fixed:
- acpi: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes).
- acpi: battery: Accept charges over the design capacity as full (git-fixes).
- acpica: Avoid evaluating methods too early during system resume (git-fixes).
- alsa: ISA: not for M68K (git-fixes).
- alsa: ctxfi: Fix out-of-range access (git-fixes).
- alsa: gus: fix null pointer dereference on pointer block (git-fixes).
- alsa: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
- alsa: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
- alsa: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
- alsa: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
- alsa: timer: Fix use-after-free problem (git-fixes).
- alsa: timer: Unconditionally unlink slave instances, too (git-fixes).
- alsa: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
- arm: 8970/1: decompressor: increase tag size (git-fixes).
- arm: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
- arm: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
- arm: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
- arm: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
- arm: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
- arm: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
- arm: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
- arm: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
- arm: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
- arm: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
- arm: 9134/1: remove duplicate memcpy() definition (git-fixes)
- arm: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
- arm: 9141/1: only warn about XIP address when not compile testing (git-fixes)
- arm: 9155/1: fix early early_iounmap() (git-fixes)
- arm: OMAP2+: Fix legacy mode dss_reset (git-fixes)
- arm: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
- arm: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
- arm: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
- arm: at91: pm: of_node_put() after its usage (git-fixes)
- arm: at91: pm: use proper master clock register offset (git-fixes)
- arm: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
- arm: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
- arm: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
- arm: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
- arm: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
- arm: dts: Configure missing thermal interrupt for 4430 (git-fixes)
- arm: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
- arm: dts: Fix duovero smsc interrupt for suspend (git-fixes)
- arm: dts: N900: fix onenand timings (git-fixes).
- arm: dts: NSP: Correct FA2 mailbox node (git-fixes)
- arm: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
- arm: dts: NSP: Fixed QSPI compatible string (git-fixes)
- arm: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
- arm: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
- arm: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
- arm: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
- arm: dts: am437x-l4: fix typo in can@0 node (git-fixes)
- arm: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
- arm: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
- arm: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
- arm: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
- arm: dts: aspeed: tiogapass: Remove vuart (git-fixes)
- arm: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
- arm: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
- arm: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
- arm: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
- arm: dts: at91: sama5d2: map securam as device (git-fixes)
- arm: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
- arm: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
- arm: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
- arm: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
- arm: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
- arm: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
- arm: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes)
- arm: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
- arm: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
- arm: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
- arm: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
- arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
- arm: dts: dra76x: m_can: fix order of clocks (git-fixes)
- arm: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
- arm: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
- arm: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
- arm: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
- arm: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
- arm: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
- arm: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
- arm: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
- arm: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
- arm: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
- arm: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
- arm: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
- arm: dts: gose: Fix ports node name for adv7180 (git-fixes)
- arm: dts: gose: Fix ports node name for adv7612 (git-fixes)
- arm: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
- arm: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
- arm: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
- arm: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
- arm: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
- arm: dts: imx6: phycore-som: fix emmc supply (git-fixes)
- arm: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
- arm: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
- arm: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
- arm: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
- arm: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
- arm: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
- arm: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
- arm: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
- arm: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
- arm: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
- arm: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
- arm: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
- arm: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
- arm: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
- arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
- arm: dts: imx6sl: fix rng node (git-fixes)
- arm: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
- arm: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
- arm: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
- arm: dts: imx6sx: Improve UART pins macro defines (git-fixes)
- arm: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
- arm: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
- arm: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
- arm: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
- arm: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
- arm: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
- arm: dts: imx7d: Correct speed grading fuse settings (git-fixes)
- arm: dts: imx7d: fix opp-supported-hw (git-fixes)
- arm: dts: imx7ulp: Correct gpio ranges (git-fixes)
- arm: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
- arm: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
- arm: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
- arm: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
- arm: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
- arm: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
- arm: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
- arm: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
- arm: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
- arm: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
- arm: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
- arm: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
- arm: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
- arm: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
- arm: dts: meson: fix PHY deassert timing requirements (git-fixes)
- arm: dts: mt7623: add missing pause for switchport (git-fixes)
- arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
- arm: dts: omap3430-sdp: Fix NAND device node (git-fixes)
- arm: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
- arm: dts: oxnas: Fix clear-mask property (git-fixes)
- arm: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
- arm: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
- arm: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
- arm: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
- arm: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
- arm: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
- arm: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
- arm: dts: renesas: Fix IOMMU device node names (git-fixes)
- arm: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
- arm: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
- arm: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
- arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
- arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
- arm: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
- arm: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
- arm: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
- arm: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
- arm: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
- arm: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
- arm: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
- arm: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
- arm: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
- arm: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
- arm: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
- arm: dts: sunxi: Fix DE2 clocks register range (git-fixes)
- arm: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
- arm: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
- arm: dts: turris-omnia: add SFP node (git-fixes)
- arm: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
- arm: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
- arm: dts: turris-omnia: describe switch interrupt (git-fixes)
- arm: dts: turris-omnia: enable HW buffer management (git-fixes)
- arm: dts: turris-omnia: fix hardware buffer management (git-fixes)
- arm: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
- arm: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
- arm: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
- arm: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
- arm: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
- arm: exynos: add missing of_node_put for loop iteration (git-fixes)
- arm: footbridge: fix PCI interrupt mapping (git-fixes)
- arm: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
- arm: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
- arm: imx: add missing clk_disable_unprepare() (git-fixes)
- arm: imx: add missing iounmap() (git-fixes)
- arm: imx: build suspend-imx6.S with arm instruction set (git-fixes)
- arm: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
- arm: mvebu: drop pointless check for coherency_base (git-fixes)
- arm: p2v: fix handling of LPAE translation in BE mode (git-fixes)
- arm: s3c24xx: fix missing system reset (git-fixes)
- arm: s3c24xx: fix mmc gpio lookup tables (git-fixes)
- arm: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
- arm: samsung: do not build plat/pm-common for Exynos (git-fixes)
- arm: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
- arm: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
- asoc: DAPM: Cover regression by kctl change notification fix (git-fixes).
- asoc: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
- asoc: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
- asoc: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
- asoc: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
- ath10k: fix invalid dma_addr_t token assignment (git-fixes).
- ath10k: high latency fixes for beacon buffer (git-fixes).
- ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
- bfq: Limit number of requests consumed by each cgroup (bsc#1184318).
- bfq: Store full bitmap depth in bfq_data (bsc#1184318).
- bfq: Track number of allocated requests in bfq_entity (bsc#1184318).
- blacklist scsi commit that breaks kabi (git-fixes)
- block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
- block: Provide blk_mq_sched_get_icq() (bsc#1184318).
- bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655).
- bluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655).
- bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655).
- bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655).
- bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655).
- bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
- bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
- bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
- bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
- bpf, s390: Fix potential memory leak about jit_data (git-fixes).
- bpf, x86: Fix 'no previous prototype' warning (git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
- btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
- btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
- btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
- btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
- btrfs: make checksum item extension more efficient (bsc#1193002).
- cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
- cifs: Add get_security_type_str function to return sec type (bsc#1192606).
- cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
- cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
- cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
- cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
- cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
- cifs: Add witness information to debug data dump (bsc#1192606).
- cifs: Adjust indentation in smb2_open_file (bsc#1164565).
- cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
- cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
- cifs: Allocate encryption header through kmalloc (bsc#1192606).
- cifs: Always update signing key of first channel (bsc#1192606).
- cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
- cifs: Avoid error pointer dereference (bsc#1192606).
- cifs: Avoid field over-reading memcpy() (bsc#1192606).
- cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX Create (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606).
- cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606).
- cifs: Clarify SMB1 code for SetFileSize (bsc#1192606).
- cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
- cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
- cifs: Clarify SMB1 code for delete (bsc#1192606).
- cifs: Clarify SMB1 code for rename open file (bsc#1192606).
- cifs: Clean up DFS referral cache (bsc#1164565).
- cifs: Close cached root handle only if it had a lease (bsc#1164565).
- cifs: Close open handle after interrupted close (bsc#1164565).
- cifs: Constify static struct genl_ops (bsc#1192606).
- cifs: Convert to use the fallthrough macro (bsc#1192606).
- cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
- cifs: Deal with some warnings from W=1 (bsc#1192606).
- cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
- cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
- cifs: Do not display RDMA transport on reconnect (bsc#1164565).
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
- cifs: Do not miss cancelled OPEN responses (bsc#1164565).
- cifs: Do not use iov_iter::type directly (bsc#1192606).
- cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
- cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
- cifs: Fix NULL pointer dereference in mid callback (bsc#1164565).
- cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
- cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
- cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
- cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606).
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
- cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
- cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
- cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
- cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
- cifs: Fix fall-through warnings for Clang (bsc#1192606).
- cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
- cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
- cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
- cifs: Fix inconsistent indenting (bsc#1192606).
- cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
- cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
- cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
- cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
- cifs: Fix missed free operations (bnc#1151927 5.3.8).
- cifs: Fix mode output in debugging statements (bsc#1164565).
- cifs: Fix mount options set in automount (bsc#1164565).
- cifs: Fix null pointer check in cifs_read (bsc#1192606).
- cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
- cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
- cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
- cifs: Fix preauth hash corruption (git-fixes).
- cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
- cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
- cifs: Fix return value in __update_cache_entry (bsc#1164565).
- cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
- cifs: Fix spelling of 'security' (bsc#1192606).
- cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
- cifs: Fix task struct use-after-free on reconnect (bsc#1164565).
- cifs: Fix the target file was deleted when rename failed (bsc#1192606).
- cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
- cifs: Fix use after free of file info structures (bnc#1151927 5.3.8).
- cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
- cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
- cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
- cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
- cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
- cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
- cifs: Handle witness client move notification (bsc#1192606).
- cifs: Identify a connection by a conn_id (bsc#1192606).
- cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
- cifs: In the new mount api we get the full devname as source= (bsc#1192606).
- cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
- cifs: Introduce helpers for finding TCP connection (bsc#1164565).
- cifs: Make extract_hostname function public (bsc#1192606).
- cifs: Make extract_sharename function public (bsc#1192606).
- cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
- cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
- cifs: Move more definitions into the shared area (bsc#1192606).
- cifs: New optype for session operations (bsc#1181507).
- cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
- cifs: Optimize readdir on reparse points (bsc#1164565).
- cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
- cifs: Properly process SMB3 lease breaks (bsc#1164565).
- cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
- cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
- cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
- cifs: Remove the superfluous break (bsc#1192606).
- cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
- cifs: Remove useless variable (bsc#1192606).
- cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
- cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
- cifs: Return correct error code from smb2_get_enc_key (git-fixes).
- cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
- cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
- cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
- cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
- cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
- cifs: Silently ignore unknown oplock break handle (bsc#1192606).
- cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
- cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606).
- cifs: Standardize logging output (bsc#1192606).
- cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
- cifs: Use #define in cifs_dbg (bsc#1164565).
- cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
- cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
- cifs: Warn less noisily on default mount (bsc#1192606).
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
- cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
- cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
- cifs: add SMB3 change notification support (bsc#1164565).
- cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
- cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
- cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
- cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
- cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
- cifs: add files to host new mount api (bsc#1192606).
- cifs: add fs_context param to parsing helpers (bsc#1192606).
- cifs: add initial reconfigure support (bsc#1192606).
- cifs: add missing mount option to /proc/mounts (bsc#1164565).
- cifs: add missing parsing of backupuid (bsc#1192606).
- cifs: add mount parameter tcpnodelay (bsc#1192606).
- cifs: add multichannel mount options and data structs (bsc#1192606).
- cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
- cifs: add passthrough for smb2 setinfo (bsc#1164565).
- cifs: add server param (bsc#1192606).
- cifs: add shutdown support (bsc#1192606).
- cifs: add smb 2 support for getting and setting SACLs (bsc#1192606).
- cifs: add smb2 POSIX info level (bsc#1164565).
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
- cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
- cifs: add support for flock (bsc#1164565).
- cifs: add witness mount option and data structs (bsc#1192606).
- cifs: added WARN_ON for all the count decrements (bsc#1192606).
- cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
- cifs: allow chmod to set mode bits using special sid (bsc#1164565).
- cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
- cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
- cifs: ask for more credit on async read/write code paths (bsc#1192606).
- cifs: avoid extra calls in posix_info_parse (bsc#1192606).
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
- cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565).
- cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
- cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check all path components in resolved dfs target (bsc#1181710).
- cifs: check new file size when extending file by fallocate (bsc#1192606).
- cifs: check pointer before freeing (bsc#1183534).
- cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
- cifs: cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
- cifs: cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
- cifs: cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
- cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
- cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
- cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
- cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
- cifs: cleanup misc.c (bsc#1192606).
- cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
- cifs: close the shared root handle on tree disconnect (bsc#1164565).
- cifs: compute full_path already in cifs_readdir() (bsc#1192606).
- cifs: connect individual channel servers to primary channel server (bsc#1192606).
- cifs: connect: style: Simplify bool comparison (bsc#1192606).
- cifs: constify get_normalized_path() properly (bsc#1185902).
- cifs: constify path argument of ->make_node() (bsc#1192606).
- cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
- cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
- cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
- cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
- cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
- cifs: convert to use be32_add_cpu() (bsc#1192606).
- cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
- cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
- cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
- cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
- cifs: create a helper to find a writeable handle by path name (bsc#1154355).
- cifs: create sd context must be a multiple of 8 (bsc#1192606).
- cifs: delete duplicated words in header files (bsc#1192606).
- cifs: detect dead connections only when echoes are enabled (bsc#1192606).
- cifs: do d_move in rename (bsc#1164565).
- cifs: do not allow changing posix_paths during remount (bsc#1192606).
- cifs: do not cargo-cult strndup() (bsc#1185902).
- cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
- cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
- cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
- cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
- cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
- cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
- cifs: do not negotiate session if session already exists (bsc#1192606).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- cifs: do not share tcons with DFS (bsc#1178270).
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- cifs: do not share tcp sessions of dfs connections (bsc#1185902).
- cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
- cifs: do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
- cifs: document and cleanup dfs mount (bsc#1178270).
- cifs: dump Security Type info in DebugData (bsc#1192606).
- cifs: dump channel info in DebugData (bsc#1192606).
- cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
- cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
- cifs: enable extended stats by default (bsc#1192606).
- cifs: ensure correct super block for DFS reconnect (bsc#1178270).
- cifs: escape spaces in share names (bsc#1192606).
- cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
- cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
- cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606).
- cifs: fix DFS failover (bsc#1192606).
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
- cifs: fix NULL dereference in match_prepath (bsc#1164565).
- cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
- cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
- cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
- cifs: fix a memleak with modefromsid (bsc#1192606).
- cifs: fix a sign extension bug (bsc#1192606).
- cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
- cifs: fix allocation size on newly created files (bsc#1192606).
- cifs: fix channel signing (bsc#1192606).
- cifs: fix check of dfs interlinks (bsc#1185902).
- cifs: fix check of tcon dfs in smb1 (bsc#1178270).
- cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
- cifs: fix credit accounting for extra channel (bsc#1192606).
- cifs: fix dereference on ses before it is null checked (bsc#1164565).
- cifs: fix dfs domain referrals (bsc#1192606).
- cifs: fix dfs-links (bsc#1192606).
- cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
- cifs: fix double free error on share and prefix (bsc#1178270).
- cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
- cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
- cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
- cifs: fix incorrect kernel doc comments (bsc#1192606).
- cifs: fix interrupted close commands (git-fixes).
- cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
- cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
- cifs: fix leaked reference on requeued write (bsc#1178270).
- cifs: fix max ea value size (bnc#1151927 5.3.4).
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
- cifs: fix minor typos in comments and log messages (bsc#1192606).
- cifs: fix missing null session check in mount (bsc#1192606).
- cifs: fix missing spinlock around update to ses->status (bsc#1192606).
- cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
- cifs: fix mount option display for sec=krb5i (bsc#1161907).
- cifs: fix mounts to subdirectories of target (bsc#1192606).
- cifs: fix nodfs mount option (bsc#1181710).
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
- cifs: fix path comparison and hash calc (bsc#1185902).
- cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
- cifs: fix potential mismatch of UNC paths (bsc#1164565).
- cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
- cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
- cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
- cifs: fix reference leak for tlink (bsc#1192606).
- cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
- cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
- cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
- cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
- cifs: fix trivial typo (bsc#1192606).
- cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
- cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
- cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
- cifs: fix unneeded null check (bsc#1192606).
- cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
- cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
- cifs: for compound requests, use open handle if possible (bsc#1192606).
- cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
- cifs: get mode bits from special sid on stat (bsc#1164565).
- cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
- cifs: get rid of cifs_sb->mountdata (bsc#1192606).
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
- cifs: handle 'guest' mount parameter (bsc#1192606).
- cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
- cifs: handle -EINTR in cifs_setattr (bsc#1192606).
- cifs: handle ERRBaduid for SMB1 (bsc#1192606).
- cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
- cifs: handle different charsets in dfs cache (bsc#1185902).
- cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
- cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
- cifs: handle prefix paths in reconnect (bsc#1164565).
- cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
- cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
- cifs: ignore auto and noauto options if given (bsc#1192606).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- cifs: improve fallocate emulation (bsc#1192606).
- cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606).
- cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
- cifs: introduce helper for finding referral server (bsc#1181710).
- cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: keep referral server sessions alive (bsc#1185902).
- cifs: log mount errors using cifs_errorf() (bsc#1192606).
- cifs: log warning message (once) if out of disk space (bsc#1164565).
- cifs: make build_path_from_dentry() return const char * (bsc#1192606).
- cifs: make const array static, makes object smaller (bsc#1192606).
- cifs: make fs_context error logging wrapper (bsc#1192606).
- cifs: make locking consistent around the server session status (bsc#1192606).
- cifs: make multichannel warning more visible (bsc#1192606).
- cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
- cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
- cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
- cifs: minor fix to two debug messages (bsc#1192606).
- cifs: minor kernel style fixes for comments (bsc#1192606).
- cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
- cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
- cifs: minor updates to Kconfig (bsc#1192606).
- cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
- cifs: missed ref-counting smb session in find (bsc#1192606).
- cifs: missing null check for newinode pointer (bsc#1192606).
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- cifs: modefromsid: make room for 4 ACE (bsc#1164565).
- cifs: modefromsid: write mode ACE first (bsc#1164565).
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
- cifs: move SMB FSCTL definitions to common code (bsc#1192606).
- cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
- cifs: move cache mount options to fs_context.ch (bsc#1192606).
- cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
- cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
- cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
- cifs: move debug print out of spinlock (bsc#1192606).
- cifs: move security mount options into fs_context.ch (bsc#1192606).
- cifs: move smb version mount options into fs_context.c (bsc#1192606).
- cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
- cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
- cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
- cifs: move update of flags into a separate function (bsc#1192606).
- cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
- cifs: multichannel: move channel selection above transport layer (bsc#1192606).
- cifs: multichannel: move channel selection in function (bsc#1192606).
- cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
- cifs: multichannel: use pointer for binding channel (bsc#1192606).
- cifs: nosharesock should be set on new server (bsc#1192606).
- cifs: nosharesock should not share socket with future sessions (bsc#1192606).
- cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
- cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
- cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
- cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
- cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
- cifs: populate server_hostname for extra channels (bsc#1192606).
- cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
- cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
- cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
- cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
- cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: print warning mounting with vers=1.0 (bsc#1164565).
- cifs: properly invalidate cached root handle when closing it (bsc#1192606).
- cifs: protect session channel fields with chan_lock (bsc#1192606).
- cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
- cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
- cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
- cifs: reduce stack use in smb2_compound_op (bsc#1192606).
- cifs: refactor cifs_get_inode_info() (bsc#1164565).
- cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
- cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
- cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
- cifs: remove actimeo from cifs_sb (bsc#1192606).
- cifs: remove bogus debug code (bsc#1179427).
- cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
- cifs: remove duplicated prototype (bsc#1192606).
- cifs: remove old dead code (bsc#1192606).
- cifs: remove pathname for file from SPDX header (bsc#1192606).
- cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
- cifs: remove redundant assignment to variable rc (bsc#1164565).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove redundant initialization of variable rc (bsc#1192606).
- cifs: remove set but not used variable 'server' (bsc#1164565).
- cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
- cifs: remove set but not used variables (bsc#1164565).
- cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
- cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
- cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
- cifs: remove unused variable 'server' (bsc#1192606).
- cifs: remove unused variable 'sid_user' (bsc#1164565).
- cifs: remove unused variable (bsc#1164565).
- cifs: remove various function description warnings (bsc#1192606).
- cifs: rename a variable in SendReceive() (bsc#1164565).
- cifs: rename cifs_common to smbfs_common (bsc#1192606).
- cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
- cifs: rename posix create rsp (bsc#1164565).
- cifs: rename reconn_inval_dfs_target() (bsc#1178270).
- cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
- cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
- cifs: replace http links with https ones (bsc#1192606).
- cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
- cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
- cifs: return cached_fid from open_shroot (bsc#1192606).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: returning mount parm processing errors correctly (bsc#1192606).
- cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
- cifs: send workstation name during ntlmssp session setup (bsc#1192606).
- cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
- cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
- cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
- cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
- cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
- cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
- cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
- cifs: smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs: smb3: Fix data inconsistent when zero file range (bsc#1176536).
- cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
- cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
- cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
- cifs: smbd: Check send queue size before posting a send (bsc#1192606).
- cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
- cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
- cifs: smbd: Merge code to track pending packets (bsc#1192606).
- cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
- cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
- cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
- cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
- cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
- cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
- cifs: sort interface list by speed (bsc#1192606).
- cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
- cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
- cifs: style: replace one-element array with flexible-array (bsc#1192606).
- cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
- cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
- cifs: switch servers depending on binding state (bsc#1192606).
- cifs: switch to new mount api (bsc#1192606).
- cifs: try harder to open new channels (bsc#1192606).
- cifs: try opening channels after mounting (bsc#1192606).
- cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
- cifs: update FSCTL definitions (bsc#1192606).
- cifs: update ctime and mtime during truncate (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal module version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update internal version number (bsc#1192606).
- cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
- cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
- cifs: update super_operations to show_devname (bsc#1192606).
- cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
- cifs: use SPDX-Licence-Identifier (bsc#1192606).
- cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
- cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
- cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
- cifs: use echo_interval even when connection not ready (bsc#1192606).
- cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
- cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
- cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565).
- cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
- cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
- clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
- clk: ingenic: Fix bugs with divided dividers (git-fixes).
- constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder.
- crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
- crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
- cxgb4: fix eeprom len when diagnostics not implemented (git-fixes).
- dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320).
- dm: fix deadlock when swapping to encrypted device (bsc#1186332).
- dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
- dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
- drm/amd/display: Set plane update flags for all planes in reset (git-fixes).
- drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
- drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes).
- drm/msm: Do hw_init() before capturing GPU state (git-fixes).
- drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes).
- drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes).
- drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
- drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes).
- drm/plane-helper: fix uninitialized variable reference (git-fixes).
- drm/vc4: fix error code in vc4_create_object() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
- drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
- drm: panel-orientation-quirks: add Valve Steam Deck (git-fixes).
- edac/amd64: Handle three rank interleaving mode (bsc#1152489).
- elfcore: correct reference to CONFIG_UML (git-fixes).
- elfcore: fix building with clang (bsc#1169514).
- ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075).
- firmware: qcom_scm: Mark string array const (git-fixes).
- fix memory leak in large read decrypt offload (bsc#1164565).
- fs: cifs: Assign boolean values to a bool variable (bsc#1192606).
- fs: cifs: Fix atime update check vs mtime (bsc#1164565).
- fs: cifs: Fix resource leak (bsc#1192606).
- fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565).
- fs: cifs: Remove repeated struct declaration (bsc#1192606).
- fs: cifs: Remove unnecessary struct declaration (bsc#1192606).
- fs: cifs: Simplify bool comparison (bsc#1192606).
- fs: cifs: cifssmb.c: use true,false for bool variable (bsc#1164565).
- fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
- fs: cifs: fix gcc warning in sid_to_id (bsc#1192606).
- fs: cifs: fix misspellings using codespell tool (bsc#1192606).
- fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
- fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
- fs: cifs: sess.c: Remove set but not used variable 'capabilities' (bsc#1164565).
- fs: cifs: smb2ops.c: use true,false for bool variable (bsc#1164565).
- fs: cifs: smb2pdu.c: Make SMB2_notify_init static (bsc#1164565).
- fuse: release pipe buf after last use (bsc#1193318).
- gve: Add netif_set_xps_queue call (bsc#1176940).
- gve: Add rx buffer pagecnt bias (bsc#1176940).
- gve: Allow pageflips on larger pages (bsc#1176940).
- gve: DQO: avoid unused variable warnings (bsc#1176940).
- gve: Do lazy cleanup in TX path (git-fixes).
- gve: Switch to use napi_complete_done (git-fixes).
- gve: Track RX buffer allocation failures (bsc#1176940).
- handle status_io_timeout gracefully (bsc#1192606).
- hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- i2c: cbus-gpio: set atomic transfer callback (git-fixes).
- i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
- i2c: stm32f7: recover the bus on access timeout (git-fixes).
- i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
- i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
- i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
- i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes).
- i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
- i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes).
- i40e: Fix display error code in dmesg (git-fixes).
- i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
- i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
- i40e: Fix pre-set max number of queues for VF (git-fixes).
- i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes).
- iavf: Fix failure to exit out from last all-multicast mode (git-fixes).
- iavf: Fix for setting queues to 0 (jsc#SLE-12877).
- iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes).
- iavf: Fix reporting when setting descriptor count (git-fixes).
- iavf: Fix return of set the new channel count (jsc#SLE-12877).
- iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
- iavf: Restore VLAN filters after link down (git-fixes).
- iavf: check for null in iavf_fix_features (git-fixes).
- iavf: do not clear a lock we do not hold (git-fixes).
- iavf: free q_vectors before queues in iavf_disable_vf (git-fixes).
- iavf: prevent accidental free of filter structure (git-fixes).
- iavf: validate pointers (git-fixes).
- ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
- ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
- ice: Delete always true check of PF pointer (git-fixes).
- ice: Fix VF true promiscuous mode (jsc#SLE-12878).
- ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926).
- ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
- ice: fix vsi->txq_map sizing (jsc#SLE-7926).
- ice: ignore dropped packets during init (git-fixes).
- igb: fix netpoll exit with traffic (git-fixes).
- igc: Remove _I_PHY_ID checking (bsc#1193169).
- igc: Remove phy->type checking (bsc#1193169).
- iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
- input: iforce - fix control-message timeout (git-fixes).
- iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
- iommu/amd: Remove iommu_init_ga() (git-fixes).
- iommu/mediatek: Fix out-of-range warning with clang (git-fixes).
- iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes).
- iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes).
- iommu/vt-d: Update the virtual command related registers (git-fixes).
- iommu: Check if group is NULL before remove device (git-fixes).
- ipmi: Disable some operations during a panic (git-fixes).
- kabi: dm: fix deadlock when swapping to encrypted device (bsc#1186332).
- kabi: hide changes to struct uv_info (git-fixes).
- kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise.
- kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging.
- kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving 'unused parameter' and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore.
- kernel-source.spec: install-kernel-tools also required on 15.4
- lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
- lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
- libata: fix checking of DMA state (git-fixes).
- linux/parser.h: add include guards (bsc#1192606).
- lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
- mark commit as not needed (git-fixes)
- md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320).
- md/raid10: extend r10bio devs to raid disks (bsc#1192320).
- md/raid10: improve discard request for far layout (bsc#1192320).
- md/raid10: improve raid10 discard request (bsc#1192320).
- md/raid10: initialize r10_bio->read_slot before use (bsc#1192320).
- md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320).
- md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320).
- md: fix a lock order reversal in md_alloc (git-fixes).
- mdio: aspeed: Fix 'Link is Down' issue (bsc#1176447).
- media: imx: set a media_device bus_info string (git-fixes).
- media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
- media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
- media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
- media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
- media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
- media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
- media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
- media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
- media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
- media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
- media: uvcvideo: Return -EIO for control errors (git-fixes).
- media: uvcvideo: Set capability in s_param (git-fixes).
- media: uvcvideo: Set unique vdev name based in type (git-fixes).
- memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
- mm: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
- mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
- mmc: winbond: do not build on M68K (git-fixes).
- move upstreamed usb fix into sorted section
- mtd: core: do not remove debugfs directory if device is in use (git-fixes).
- mwifiex: Properly initialize private structure on interface type changes (git-fixes).
- mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
- mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
- mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
- net: asix: fix uninit value bugs (git-fixes).
- net: bnx2x: fix variable dereferenced before check (git-fixes).
- net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447).
- net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
- net: delete redundant function declaration (git-fixes).
- net: hns3: change affinity_mask to numa node range (bsc#1154353).
- net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353).
- net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353).
- net: hso: fix control-request directions (git-fixes).
- net: hso: fix muxed tty registration (git-fixes).
- net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
- net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
- net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
- net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
- net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
- net: mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172).
- net: mlx5: Update error handler for UCTX and UMEM (git-fixes).
- net: mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
- net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
- net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
- net: sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774).
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
- netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447).
- netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447).
- netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447).
- nfc: add NCI_UNREG flag to eliminate the race (git-fixes).
- nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
- nfc: reorder the logic in nfc_{un,}register_device (git-fixes).
- nfc: reorganize the functions in nci_request (git-fixes).
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
- nfs: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
- nfs: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
- nfs: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
- nfs: Fix up commit deadlocks (git-fixes).
- nfs: do not take i_rwsem for swap IO (bsc#1191876).
- nfs: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
- nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
- nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
- nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
- nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
- nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
- objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
- pci/msi: Deal with devices lying about their MSI mask capability (git-fixes).
- pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
- pci: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
- perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes).
- perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes).
- perf: Correctly handle failed perf_get_aux_event() (git-fixes).
- platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
- platform/x86: wmi: do not fail if disabling fails (git-fixes).
- pm: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
- pm: hibernate: use correct mode for swsusp_close() (git-fixes).
- pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
- powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes).
- powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
- powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
- powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes).
- powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
- powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
- powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
- powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
- powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
- powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
- printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
- qede: validate non LSO skb length (git-fixes).
- r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
- rdma/bnxt_re: Update statistics counter name (jsc#SLE-16649).
- recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
- recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
- reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
- rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files.
- rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash...
- rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well.
- rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
- rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
- s390/bpf: Fix branch shortening during codegen pass (bsc#1193993).
- s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
- s390: mm: Fix secure storage access exception handling (git-fixes).
- scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
- scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266).
- scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266).
- scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266).
- scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266).
- scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266).
- scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266).
- scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266).
- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
- scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266).
- scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266).
- scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes).
- scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
- scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
- scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes).
- scsi: qla2xxx: Fix gnl list corruption (git-fixes).
- scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes).
- scsi: qla2xxx: Format log strings only if needed (git-fixes).
- scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
- scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
- scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes).
- scsi: qla2xxx: edif: Fix app start delay (git-fixes).
- scsi: qla2xxx: edif: Fix app start fail (git-fixes).
- scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes).
- scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes).
- scsi: qla2xxx: edif: Increase ELS payload (git-fixes).
- serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes).
- serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
- serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
- serial: core: fix transmit-buffer reset and memleak (git-fixes).
- smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
- smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
- smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
- smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
- smb3: Add missing reparse tags (bsc#1164565).
- smb3: Add new compression flags (bsc#1192606).
- smb3: Add new info level for query directory (bsc#1192606).
- smb3: Add new parm 'nodelete' (bsc#1192606).
- smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606).
- smb3: Add support for getting and setting SACLs (bsc#1192606).
- smb3: Add support for lookup with posix extensions query info (bsc#1192606).
- smb3: Add support for negotiating signing algorithm (bsc#1192606).
- smb3: Add support for query info using posix extensions (level 100) (bsc#1192606).
- smb3: Add tracepoints for new compound posix query info (bsc#1192606).
- smb3: Additional compression structures (bsc#1192606).
- smb3: Avoid Mid pending list corruption (bsc#1192606).
- smb3: Backup intent flag missing from some more ops (bsc#1164565).
- smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
- smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
- smb3: Fix ids returned in POSIX query dir (bsc#1192606).
- smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
- smb3: Fix regression in time handling (bsc#1164565).
- smb3: Handle error case during offload read path (bsc#1192606).
- smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
- smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
- smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- smb3: Honor lease disabling for multiuser mounts (git-fixes).
- smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
- smb3: Incorrect size for netname negotiate context (bsc#1154355).
- smb3: Minor cleanup of protocol definitions (bsc#1192606).
- smb3: Resolve data corruption of TCP server info fields (bsc#1192606).
- smb3: add additional null check in SMB2_ioctl (bsc#1192606).
- smb3: add additional null check in SMB2_open (bsc#1192606).
- smb3: add additional null check in SMB2_tcon (bsc#1192606).
- smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
- smb3: add debug messages for closing unmatched open (bsc#1164565).
- smb3: add defines for new crypto algorithms (bsc#1192606).
- smb3: add defines for new signing negotiate context (bsc#1192606).
- smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
- smb3: add dynamic trace points for socket connection (bsc#1192606).
- smb3: add dynamic tracepoints for flush and close (bsc#1164565).
- smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
- smb3: add missing flag definitions (bsc#1164565).
- smb3: add missing worker function for SMB3 change notify (bsc#1164565).
- smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
- smb3: add mount option to allow forced caching of read only share (bsc#1164565).
- smb3: add new module load parm enable_gcm_256 (bsc#1192606).
- smb3: add new module load parm require_gcm_256 (bsc#1192606).
- smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
- smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
- smb3: add some missing definitions from MS-FSCC (bsc#1192606).
- smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
- smb3: add support for recognizing WSL reparse tags (bsc#1192606).
- smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
- smb3: add support for using info level for posix extensions query (bsc#1192606).
- smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
- smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
- smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
- smb3: allow dumping keys for multiuser mounts (bsc#1192606).
- smb3: allow parallelizing decryption of reads (bsc#1164565).
- smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
- smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
- smb3: avoid confusing warning message on mount to Azure (bsc#1192606).
- smb3: change noisy error message to FYI (bsc#1192606).
- smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
- smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
- smb3: correct smb3 ACL security descriptor (bsc#1192606).
- smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
- smb3: display max smb3 requests in flight at any one time (bsc#1164565).
- smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
- smb3: do not error on fsync when readonly (bsc#1192606).
- smb3: do not fail if no encryption required but server does not support it (bsc#1192606).
- smb3: do not log warning message if server does not populate salt (bsc#1192606).
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
- smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
- smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
- smb3: enable negotiating stronger encryption by default (bsc#1192606).
- smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
- smb3: enable swap on SMB3 mounts (bsc#1192606).
- smb3: extend fscache mount volume coherency check (bsc#1192606).
- smb3: fix access denied on change notify request to some servers (bsc#1192606).
- smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
- smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
- smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
- smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
- smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
- smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
- smb3: fix mount failure to some servers when compression enabled (bsc#1192606).
- smb3: fix performance regression with setting mtime (bsc#1164565).
- smb3: fix posix extensions mount option (bsc#1192606).
- smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
- smb3: fix potential null dereference in decrypt offload (bsc#1164565).
- smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
- smb3: fix readpage for large swap cache (bsc#1192606).
- smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
- smb3: fix signing verification of large reads (bsc#1154355).
- smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
- smb3: fix typo in compression flag (bsc#1192606).
- smb3: fix typo in header file (bsc#1192606).
- smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
- smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
- smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
- smb3: fix unneeded error message on change notify (bsc#1192606).
- smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
- smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
- smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
- smb3: incorrect file id in requests compounded with open (bsc#1192606).
- smb3: limit noisy error (bsc#1192606).
- smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
- smb3: minor update to compression header definitions (bsc#1192606).
- smb3: missing ACL related flags (bsc#1164565).
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
- smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
- smb3: pass mode bits into create calls (bsc#1164565).
- smb3: prevent races updating CurrentMid (bsc#1192606).
- smb3: print warning if server does not support requested encryption type (bsc#1192606).
- smb3: print warning once if posix context returned on open (bsc#1164565).
- smb3: query attributes on file close (bsc#1164565).
- smb3: rc uninitialized in one fallocate path (bsc#1192606).
- smb3: remind users that witness protocol is experimental (bsc#1192606).
- smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
- smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
- smb3: remove dead code for non compounded posix query info (bsc#1192606).
- smb3: remove noisy debug message and minor cleanup (bsc#1164565).
- smb3: remove overly noisy debug line in signing errors (bsc#1192606).
- smb3: remove static checker warning (bsc#1192606).
- smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
- smb3: remove two unused variables (bsc#1192606).
- smb3: remove unused flag passed into close functions (bsc#1164565).
- smb3: rename nonces used for GCM and CCM encryption (bsc#1192606).
- smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
- smb3: set gcm256 when requested (bsc#1192606).
- smb3: smbdirect support can be configured by default (bsc#1192606).
- smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
- smb3: update protocol header definitions based to include new flags (bsc#1192606).
- smb3: update structures for new compression protocol definitions (bsc#1192606).
- smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
- smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
- soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
- soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
- spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
- spi: spl022: fix Microwire full duplex mode (git-fixes).
- sunrpc/auth: async tasks mustn't block waiting for memory (bsc#1191876).
- sunrpc/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
- sunrpc/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
- sunrpc: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
- sunrpc: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
- swiotlb: Fix the type of index (git-fixes).
- tlb: mmu_gather: add tlb_flush_*_range APIs
- tracing: Add length protection to histogram string copies (git-fixes).
- tracing: Change STR_VAR_MAX_LEN (git-fixes).
- tracing: Check pid filtering when creating events (git-fixes).
- tracing: Fix pid filtering when triggers are attached (git-fixes).
- tty: hvc: replace BUG_ON() with negative return value (git-fixes).
- tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
- tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
- usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
- usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
- usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
- usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
- usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
- usb: serial: option: add Fibocom FM101-GL variants (git-fixes).
- usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
- usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
- usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
- vfs: do not parse forbidden flags (bsc#1192606).
- wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes).
- wireguard: device: reset peer src endpoint when netns exits (git-fixes).
- wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes).
- wireguard: receive: drop handshakes if queue lock is contended (git-fixes).
- wireguard: receive: use ring buffer for incoming handshakes (git-fixes).
- wireguard: selftests: actually test for routing loops (git-fixes).
- wireguard: selftests: increase default dmesg log size (git-fixes).
- x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666).
- x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
- x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes).
- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134).
- x86/mpx: Disable MPX for 32-bit userland (bsc#1193139).
- x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
- x86/pvh: add prototype for xen_pvh_init() (git-fixes).
- x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes).
- x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134).
- x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes).
- x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
- xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
- xen/blkfront: do not trust the backend response data blindly (git-fixes).
- xen/blkfront: read response from backend only once (git-fixes).
- xen/netfront: disentangle tx_skb_freelist (git-fixes).
- xen/netfront: do not read data from request on the ring page (git-fixes).
- xen/netfront: do not trust the backend response data blindly (git-fixes).
- xen/netfront: read response from backend only once (git-fixes).
- xen/pvh: add missing prototype to header (git-fixes).
- xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
- xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
- xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
- zram: fix return value on writeback_store (git-fixes).
- zram: off by one in read_block_state() (git-fixes).
ImportantSUSE bug 1139944SUSE bug 1151927SUSE bug 1152489SUSE bug 1153275SUSE bug 1154353SUSE bug 1154355SUSE bug 1161907SUSE bug 1164565SUSE bug 1166780SUSE bug 1169514SUSE bug 1176242SUSE bug 1176447SUSE bug 1176536SUSE bug 1176544SUSE bug 1176545SUSE bug 1176546SUSE bug 1176548SUSE bug 1176558SUSE bug 1176559SUSE bug 1176774SUSE bug 1176940SUSE bug 1176956SUSE bug 1177440SUSE bug 1178134SUSE bug 1178270SUSE bug 1179211SUSE bug 1179426SUSE bug 1179427SUSE bug 1179599SUSE bug 1181148SUSE bug 1181507SUSE bug 1181710SUSE bug 1182404SUSE bug 1183534SUSE bug 1183540SUSE bug 1183897SUSE bug 1184318SUSE bug 1185726SUSE bug 1185902SUSE bug 1186332SUSE bug 1187541SUSE bug 1189126SUSE bug 1191793SUSE bug 1191876SUSE bug 1192267SUSE bug 1192320SUSE bug 1192507SUSE bug 1192511SUSE bug 1192569SUSE bug 1192606SUSE bug 1192845SUSE bug 1192847SUSE bug 1192877SUSE bug 1192946SUSE bug 1192969SUSE bug 1192987SUSE bug 1192990SUSE bug 1192998SUSE bug 1193002SUSE bug 1193042SUSE bug 1193139SUSE bug 1193169SUSE bug 1193306SUSE bug 1193318SUSE bug 1193349SUSE bug 1193440SUSE bug 1193442SUSE bug 1193655SUSE bug 1193993SUSE bug 1194087SUSE bug 1194094SUSE bug 1194266CVE-2020-24504 at SUSECVE-2020-24504 at NVDCVE-2020-27820 at SUSECVE-2020-27820 at NVDCVE-2021-28711 at SUSECVE-2021-28711 at NVDCVE-2021-28712 at SUSECVE-2021-28712 at NVDCVE-2021-28713 at SUSECVE-2021-28713 at NVDCVE-2021-28714 at SUSECVE-2021-28714 at NVDCVE-2021-28715 at SUSECVE-2021-28715 at NVDCVE-2021-33098 at SUSECVE-2021-33098 at NVDCVE-2021-4001 at SUSECVE-2021-4001 at NVDCVE-2021-4002 at SUSECVE-2021-4002 at NVDCVE-2021-43975 at SUSECVE-2021-43975 at NVDCVE-2021-43976 at SUSECVE-2021-43976 at NVDCVE-2021-45485 at SUSECVE-2021-45485 at NVDCVE-2021-45486 at SUSECVE-2021-45486 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:suse-microos:5.1Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.1
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step ModerateSUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1162964SUSE bug 1172113SUSE bug 1173277SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1187906SUSE bug 1190926SUSE bug 1194229CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161).
- CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525).
Non-security fixes:
- Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737).
- Included vmxcap in the qemu-tools package (bsc#1193364).
- Fixed package dependencies (bsc#1196087).
- Fixed an issue were PowerPC firmwares would not be built for non-PowerPC
builds (bsc#1193545).
- Fixed multiple issues in I/O (bsc#1178049 bsc#1194938).
ImportantSUSE bug 1178049SUSE bug 1192525SUSE bug 1193364SUSE bug 1193545SUSE bug 1194938SUSE bug 1195161SUSE bug 1196087SUSE bug 1196737CVE-2021-3930 at SUSECVE-2021-3930 at NVDCVE-2022-0358 at SUSECVE-2022-0358 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
Update Xen to version 4.14.4 (bsc#1027519)
Transient execution side-channel attacks attacking the Branch History Buffer (BHB),
named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated.
Security issues fixed:
- CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915).
Non-security issues fixed:
- Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668).
ImportantSUSE bug 1027519SUSE bug 1191668SUSE bug 1194267SUSE bug 1196915CVE-2021-26401 at SUSECVE-2021-26401 at NVDCVE-2022-0001 at SUSECVE-2022-0001 at NVDCVE-2022-0002 at SUSECVE-2022-0002 at NVDcpe:/o:suse:suse-microos:5.1Security update for slirp4netns (Moderate)SUSE Linux Enterprise Micro 5.1
This update for slirp4netns fixes the following issues:
- CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467).
ModerateSUSE bug 1179467CVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:suse-microos:5.1Security update for sudo (Important)SUSE Linux Enterprise Micro 5.1
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049).
The following non-security bugs were fixed:
- afs: Fix some tracing details (git-fixes).
- block: Do not reread partition table on exclusively open device (bsc#1190969).
- cuse: prevent clone (bsc#1206177).
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- fuse: do not check refcount after stealing page (bsc#1206174).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179).
- fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175).
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
- mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250).
- net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
- net: usb: cdc_ncm: do not spew notifications (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
- tracing: Delete all matched events (git-fixes).
- tracing: Free buffers when a used dynamic event is removed (git-fixes).
- usb: host: xhci-hub: fix extra endianness conversion (git-fixes).
- usbnet: move new members to end (git-fixes).
ImportantSUSE bug 1151927SUSE bug 1157049SUSE bug 1190969SUSE bug 1203183SUSE bug 1204171SUSE bug 1204250SUSE bug 1204693SUSE bug 1205256SUSE bug 1206113SUSE bug 1206114SUSE bug 1206174SUSE bug 1206175SUSE bug 1206176SUSE bug 1206177SUSE bug 1206178SUSE bug 1206179SUSE bug 1206389SUSE bug 1206394SUSE bug 1206395SUSE bug 1206397SUSE bug 1206398SUSE bug 1206664CVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-certifi (Important)SUSE Linux Enterprise Micro 5.1
This update for python-certifi fixes the following issues:
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
ImportantSUSE bug 1206212CVE-2022-23491 at SUSECVE-2022-23491 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134)
- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237)
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036)
- CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125)
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
- CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
- CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049).
- CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)
The following non-security bugs were fixed:
- afs: Fix some tracing details (git-fixes).
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- block: Do not reread partition table on exclusively open device (bsc#1190969).
- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).
- ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).
- cuse: prevent clone (bsc#1206177).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: Detect already used quota file early (bsc#1206873).
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: Fixup pages without buffers (bsc#1205495).
- ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
- fuse: do not check refcount after stealing page (bsc#1206174).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179).
- fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
- HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- ibmveth: Always stop tx queues during close (bsc#1065729).
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
- lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
- module: avoid *goto*s in module_sig_check() (git-fixes).
- module: lockdep: Suppress suspicious RCU usage warning (git-fixes).
- module: merge repetitive strings in module_sig_check() (git-fixes).
- module: Remove accidental change of module_enable_x() (git-fixes).
- module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).
- net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- net: usb: cdc_ncm: do not spew notifications (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
- NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- NFS: nfs_find_open_context() may only select open files (git-fixes).
- NFS: nfs_xdr_status should record the procedure name (git-fixes).
- NFS: nfs4clinet: check the return value of kstrdup() (git-fixes).
- NFS: we do not support removing system.nfs4_acl (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation (git-fixes).
- NFS4: Fix kmemleak when allocate slot failed (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).
- NFSD: Clone should commit src file metadata too (git-fixes).
- NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- NFSD: safer handling of corrupted c_type (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check (git-fixes).
- NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
- NFSv4: Fix races between open and dentry revalidation (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes).
- NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes).
- NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes).
- powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).
- powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).
- powerpc/xive: Add a check for memory allocation failure (git-fixes).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- SUNRPC: check that domain table is empty at module unload (git-fixes).
- SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- SUNRPC: Do not start a timer on an already queued rpc task (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
- tracing: Free buffers when a used dynamic event is removed (git-fixes).
- tracing: Verify if trace array exists before destroying it (git-fixes).
- tracing/dynevent: Delete all matched events (git-fixes).
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- udf: fix the problem that the disc content is not displayed (bsc#1206644).
- udf: Limit sparing table size (bsc#1206643).
- usb: host: xhci-hub: fix extra endianness conversion (git-fixes).
- usbnet: move new members to end (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1151927SUSE bug 1156395SUSE bug 1157049SUSE bug 1190969SUSE bug 1203183SUSE bug 1203693SUSE bug 1203740SUSE bug 1204171SUSE bug 1204250SUSE bug 1204614SUSE bug 1204693SUSE bug 1204760SUSE bug 1204989SUSE bug 1205149SUSE bug 1205256SUSE bug 1205495SUSE bug 1205496SUSE bug 1205601SUSE bug 1205695SUSE bug 1206073SUSE bug 1206113SUSE bug 1206114SUSE bug 1206174SUSE bug 1206175SUSE bug 1206176SUSE bug 1206177SUSE bug 1206178SUSE bug 1206179SUSE bug 1206344SUSE bug 1206389SUSE bug 1206393SUSE bug 1206394SUSE bug 1206395SUSE bug 1206397SUSE bug 1206398SUSE bug 1206399SUSE bug 1206515SUSE bug 1206602SUSE bug 1206634SUSE bug 1206635SUSE bug 1206636SUSE bug 1206637SUSE bug 1206640SUSE bug 1206641SUSE bug 1206642SUSE bug 1206643SUSE bug 1206644SUSE bug 1206645SUSE bug 1206646SUSE bug 1206647SUSE bug 1206648SUSE bug 1206649SUSE bug 1206663SUSE bug 1206664SUSE bug 1206784SUSE bug 1206841SUSE bug 1206854SUSE bug 1206855SUSE bug 1206857SUSE bug 1206858SUSE bug 1206859SUSE bug 1206860SUSE bug 1206873SUSE bug 1206875SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206896SUSE bug 1206904SUSE bug 1207036SUSE bug 1207125SUSE bug 1207134SUSE bug 1207186SUSE bug 1207198SUSE bug 1207218SUSE bug 1207237CVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:suse-microos:5.1Security update for ceph (Important)SUSE Linux Enterprise Micro 5.1
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).
Bug fixes:
- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).
Fix in previous release:
- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
ImportantSUSE bug 1187748SUSE bug 1188911SUSE bug 1192838SUSE bug 1192840SUSE bug 1196046SUSE bug 1199183SUSE bug 1200262SUSE bug 1200317SUSE bug 1200501SUSE bug 1200978SUSE bug 1201604SUSE bug 1201797SUSE bug 1201837SUSE bug 1201976SUSE bug 1202077SUSE bug 1202292SUSE bug 1203375SUSE bug 1204430SUSE bug 1205025SUSE bug 1205436SUSE bug 1206158CVE-2022-0670 at SUSECVE-2022-0670 at NVDCVE-2022-3650 at SUSECVE-2022-3650 at NVDCVE-2022-3854 at SUSECVE-2022-3854 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-py (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-py fixes the following issues:
- CVE-2022-42969: Fixed an excessive resource consumption that could
be triggered when interacting with a Subversion repository
containing crated data (bsc#1204364).
ModerateSUSE bug 1204364CVE-2022-42969 at SUSECVE-2022-42969 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
- CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- Re-build containerd to use updated golang-packaging (jsc#1342).
- Update to containerd v1.6.16 for Docker v23.0.0-ce.
* https://github.com/containerd/containerd/releases/tag/v1.6.16
ImportantSUSE bug 1206235CVE-2022-23471 at SUSECVE-2022-23471 at NVDcpe:/o:suse:suse-microos:5.1Security update for libmicrohttpd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libmicrohttpd fixes the following issues:
- CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745).
ModerateSUSE bug 1208745CVE-2023-27371 at SUSECVE-2023-27371 at NVDcpe:/o:suse:suse-microos:5.1Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.1
This update for ldb, samba fixes the following issues:
ldb:
- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
samba:
- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
The following non-security bug was fixed:
- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
ImportantSUSE bug 1201490SUSE bug 1207416SUSE bug 1209481SUSE bug 1209483SUSE bug 1209485CVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2023-0225 at SUSECVE-2023-0225 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDCVE-2023-0922 at SUSECVE-2023-0922 at NVDcpe:/o:suse:suse-microos:5.1Security update for sudo (Moderate)SUSE Linux Enterprise Micro 5.1
This update for sudo fixes the following issue:
Security fixes:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
Other fixes:
- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
ModerateSUSE bug 1203201SUSE bug 1206483SUSE bug 1209361SUSE bug 1209362CVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:suse-microos:5.1Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.1
This security update of grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
- Bump upstream SBAT generation to 3
- rebuild the package with the new secure boot key (bsc#1209188).
Other:
- Remove zfs modules (bsc#1205554)
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
ImportantSUSE bug 1205178SUSE bug 1205182SUSE bug 1205200SUSE bug 1205554SUSE bug 1209188SUSE bug 1209829CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:suse-microos:5.1Security update for shim (Important)SUSE Linux Enterprise Micro 5.1
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ModerateSUSE bug 1207992SUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214CVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
ModerateSUSE bug 1207571SUSE bug 1207957SUSE bug 1207975SUSE bug 1208358CVE-2023-0687 at SUSECVE-2023-0687 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:suse-microos:5.1Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.1
This update for conmon fixes the following issues:
- rebuild against supported go 1.19 (bsc#1209307)
- no functional changes.
ModerateSUSE bug 1209307cpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209624SUSE bug 1209873SUSE bug 1209878CVE-2023-0464 at SUSECVE-2023-0464 at NVDCVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785).
- Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
- net: ena: optimize data access in fast-path code (bsc#1208137).
ImportantSUSE bug 1207168SUSE bug 1207560SUSE bug 1208137SUSE bug 1208179SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208777SUSE bug 1208787SUSE bug 1208843SUSE bug 1209008SUSE bug 1209052SUSE bug 1209256SUSE bug 1209288SUSE bug 1209289SUSE bug 1209290SUSE bug 1209291SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209672SUSE bug 1209683SUSE bug 1209778SUSE bug 1209785CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
Update to version 4.4.4:
* libpod: always use direct mapping
* macos pkginstaller: do not fail when podman-mac-helper fails
* podman-mac-helper: install: do not error if already installed
- podman.spec: Bump required version for libcontainers-common (bsc#1209495)
Update to version 4.4.3:
* compat: /auth: parse server address correctly
* vendor github.com/containers/common@v0.51.1
* pkginstaller: bump Qemu to version 7.2.0
* podman machine: Adjust Chrony makestep config
* [v4.4] fix --health-on-failure=restart in transient unit
* podman logs passthrough driver support --cgroups=split
* journald logs: simplify entry parsing
* podman logs: read journald with passthrough
* journald: remove initializeJournal()
* netavark: only use aardvark ip as nameserver
* compat API: network create return 409 for duplicate
* fix 'podman logs --since --follow' flake
* system service --log-level=trace: support hijack
* podman-mac-helper: exit 1 on error
* bump golang.org/x/net to v0.8.0
* Fix package restore
* Quadlet - use the default runtime
Update podman to version 4.4.2:
* kube play: only enforce passthrough in Quadlet
* Emergency fix for man pages: check for broken includes
* quadlet system tests: add useful defaults, logging
* volume,container: chroot to source before exporting content
* install sigproxy before start/attach
* Update to c/image 5.24.1
* events + container inspect test: RHEL fixes
- Add `crun` requirement for quadlet
- Set PREFIX at build stage (bsc#1208510)
- CVE-2023-0778: fixed symlink exchange attack in podman export volume (bsc#1208364)
Update to version 4.4.1:
* kube play: do not teardown unconditionally on error
* Resolve symlink path for qemu directory if possible
* events: document journald identifiers
* Quadlet: exit 0 when there are no files to process
* Cleanup podman-systemd.unit file
* Install podman-systemd.unit man page, make quadlet discoverable
* Add missing return after errors
* oci: bind mount /sys with --userns=(auto|pod:)
* docs: specify order preference for FROM
* Cirrus: Fix & remove GraphQL API tests
* test: adapt test to work on cgroupv1
* make hack/markdown-preprocess parallel-safe
* Fix default handling of pids-limit
* system tests: fix volume exec/noexec test
Update to version 4.4.0:
* Do not mount /dev/tty into rootless containers
* Fixes port collision issue on use of --publish-all
* Fix usage of absolute windows paths with --image-path
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
* podman-events: document verbose create events
* Making gvproxy.exe optional for building Windows installer
* Add gvproxy to Windows packages
* Match VT device paths to be blocked from mounting exactly
* Clean up more language for inclusiveness
* Set runAsNonRoot=true in gen kube
* quadlet: Add device support for .volume files
* fix: running check error when podman is default in wsl
* fix: don't output 'ago' when container is currently up and running
* journald: podman logs only show logs for current user
* journald: podman events only show events for current user
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
* DB: make loading container states optional
* ps: do not sync container
* Allow --device-cgroup-rule to be passed in by docker API
* Cirrus: Update operating branch
* fix APIv2 python attach test flake
* ps: query health check in batch mode
* make example volume import, not import volume
* Correct output when inspecting containers created with --ipc
* Vendor containers/(storage, image, common, buildah)
* Get correct username in pod when using --userns=keep-id
* ps: get network data in batch mode
* build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
* add hack/perf for comparing two container engines
* systems: retrofit dns options test to honor other search domains
* ps: do not create copy of container config
* libpod: set search domain independently of nameservers
* libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
* podman: relay custom DNS servers to network stack
* (fix) mount_program is in storage.options.overlay
* Change example target to default in doc
* network create: do not allow `default` as name
* kube-play: add support for HostPID in podSpec
* build(deps): bump github.com/docker/docker
* Let's see if #14653 is fixed or not
* Add support for podman build --group-add
* vendor in latests containers/(storage, common, build, image)
* unskip network update test
* do not install swagger by default
* pasta: skip 'Local forwarder, IPv4' test
* add testbindings Makefile target
* update CI images to include pasta
* [CI:DOCS] Add CNI deprecation notices to documentation
* Cirrus: preserve podman-server logs
* waitPidStop: reduce sleep time to 10ms
* StopContainer: return if cleanup process changed state
* StopSignal: add a comment
* StopContainer: small refactor
* waitPidStop: simplify code
* e2e tests: reenable long-skipped build test
* Add openssh-clients to podmanimage
* Reworks Windows smoke test to tunnel through interactive session.
* fix bud-multiple-platform-with-base-as-default-arg flake
* Remove ReservedAnnotations from kube generate specification
* e2e: update test/README.md
* e2e: use isRootless() instead of rootless.IsRootless()
* Cleanup documentation on --userns=auto
* Vendor in latest c/common
* sig-proxy system test: bump timeout
* build(deps): bump github.com/containernetworking/plugins
* rootless: rename auth-scripts to preexec-hooks
* Docs: version-check updates
* commit: use libimage code to parse changes
* [CI:DOCS] Remove experimental mac tutorial
* man: Document the interaction between --systemd and --privileged
* Make rootless privileged containers share the same tty devices as rootfull ones
* container kill: handle stopped/exited container
* Vendor in latest containers/(image,ocicrypt)
* add a comment to container removal
* Vendor in latest containers/storage
* Cirrus: Run machine tests on PR merge
* fix flake in kube system test
* kube play: complete container spec
* E2E Tests: Use inspect instead of actual data to avoid UDP flake
* Use containers/storage/pkg/regexp in place of regexp
* Vendor in latest containers/storage
* Cirrus: Support using updated/latest NV/AV in PRs
* Limit replica count to 1 when deploying from kubernetes YAML
* Set StoppedByUser earlier in the process of stopping
* podman-play system test: refactor
* network: add support for podman network update and --network-dns-server
* service container: less verbose error logs
* Quadlet Kube - add support for PublishPort key
* e2e: fix systemd_activate_test
* Compile regex on demand not in init
* [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
* E2E Test: Play Kube set deadline to connection to avoid hangs
* Only prevent VTs to be mounted inside privileged systemd containers
* e2e: fix play_kube_test
* Updated error message for supported VolumeSource types
* Introduce pkg retry logic in win installer task
* logformatter: include base SHA, with history link
* Network tests: ping redhat.com, not podman.io
* cobra: move engine shutdown to Execute
* Updated options for QEMU on Windows hosts
* Update Mac installer to use gvproxy v0.5.0
* podman: podman rm -f doesn't leave processes
* oci: check for valid PID before kill(pid, 0)
* linux: add /sys/fs/cgroup if /sys is a bind mount
* Quadlet: Add support for ConfigMap key in Kube section
* remove service container _after_ pods
* Kube Play - allow setting and overriding published host ports
* oci: terminate all container processes on cleanup
* Update win-sshproxy to 0.5.0 gvisor tag
* Vendor in latest containers/common
* Fix a potential defer logic error around locking
* logformatter: nicer formatting for bats failures
* logformatter: refactor verbose line-print
* e2e tests: stop using UBI images
* k8s-file: podman logs --until --follow exit after time
* journald: podman logs --until --follow exit after time
* journald: seek to time when --since is used
* podman logs: journald fix --since and --follow
* Preprocess files in UTF-8 mode
* Vendor in latest containers/(common, image, storage)
* Switch to C based msi hooks for win installer
* hack/bats: improve usage message
* hack/bats: add --remote option
* hack/bats: fix root/rootless logic
* Describe copy volume options
* Support sig-proxy for podman-remote attach and start
* libpod: fix race condition rm'ing stopping containers
* e2e: fix run_volume_test
* Add support for Windows ARM64
* Add shared --compress to man pages
* Add container error message to ContainerState
* Man page checker: require canonical name in SEE ALSO
* system df: improve json output code
* kube play: fix the error logic with --quiet
* System tests: quadlet network test
* Fix: List container with volume filter
* adding -dryrun flag
* Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
* Kube Play: use passthrough as the default log-driver if service-container is set
* System tests: add missing cleanup
* System tests: fix unquoted question marks
* Build and use a newer systemd image
* Quadlet Network - Fix the name of the required network service
* System Test Quadlet - Volume dependency test did not test the dependency
* fix `podman system connection - tcp` flake
* vendor: bump c/storage to a747b27
* Fix instructions about setting storage driver on command-line
* Test README - point users to hack/bats
* System test: quadlet kube basic test
* Fixed `podman update --pids-limit`
* podman-remote,bindings: trim context path correctly when its emptydir
* Quadlet Doc: Add section for .kube files
* e2e: fix containers_conf_test
* Allow '/' to prefix container names to match Docker
* Remove references to qcow2
* Fix typos in man page regarding transient storage mode.
* make: Use PYTHON var for .install.pre-commit
* Add containers.conf read-only flag support
* Explain that relabeling/chowning of volumes can take along time
* events: support 'die' filter
* infra/abi: refactor ContainerRm
* When in transient store mode, use rundir for bundlepath
* quadlet: Support Type=oneshot container files
* hacks/bats: keep QUADLET env var in test env
* New system tests for conflicting options
* Vendor in latest containers/(buildah, image, common)
* Output Size and Reclaimable in human form for json output
* podman service: close duplicated /dev/null fd
* ginkgo tests: apply ginkgolinter fixes
* Add support for hostPath and configMap subpath usage
* export: use io.Writer instead of file
* rootless: always create userns with euid != 0
* rootless: inhibit copy mapping for euid != 0
* pkg/domain/infra/abi: introduce `type containerWrapper`
* vendor: bump to buildah ca578b290144 and use new cache API
* quadlet: Handle booleans that have defaults better
* quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
* Add podman-clean-transient.service service
* Stop recording annotations set to false
* Unify --noheading and -n to be consistent on all commands
* pkg/domain/infra/abi: add `getContainers`
* Update vendor of containters/(common, image)
* specfile: Drop user-add depedency from quadlet subpackage.
* quadlet: Default BINDIR to /usr/bin if tag not specified
* Quadlet: add network support
* Add comment for jsonMarshal command
* Always allow pushing from containers-storage
* libpod: move NetNS into state db instead of extra bucket
* Add initial system tests for quadlets
* quadlet: Add --user option
* libpod: remove CNI word were no longer applicable
* libpod: fix header length in http attach with logs
* podman-kube@ template: use `podman kube`
* build(deps): bump github.com/docker/docker
* wait: add --ignore option
* qudlet: Respect $PODMAN env var for podman binary
* e2e: Add assert-key-is-regex check to quadlet e2e testsuite
* e2e: Add some assert to quadlet test to make sure testcases are sane
* remove unmapped ports from inspect port bindings
* update podman-network-create for clarity
* Vendor in latest containers/common with default capabilities
* pkg/rootless: Change error text ...
* rootless: add cli validator
* rootless: define LIBEXECPODMAN
* doc: fix documentation for idmapped mounts
* bump golangci-lint to v1.50.1
* build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
* [CI:DOCS] podman-mount: s/umount/unmount/
* create/pull --help: list pull policies
* Network Create: Add --ignore flag to support idempotent script
* Make qemu security model none
* libpod: use OCI idmappings for mounts
* stop reporting errors removing containers that don't exist
* test: added test from wait endpoint with to long label
* quadlet: Default VolatileTmp to off
* build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
* docs/options/ipc: fix list syntax
* Docs: Add dedicated DOWNLOAD doc w/ links to bins
* Make a consistently-named windows installer
* checkpoint restore: fix --ignore-static-ip/mac
* add support for subpath in play kube for named volumes
* build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
* golangci-lint: remove three deprecated linters
* parse-localbenchmarks: separate standard deviation
* build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
* podman play kube support container startup probe
* Add podman buildx version support
* Cirrus: Collect benchmarks on machine instances
* Cirrus: Remove escape codes from log files
* [CI:DOCS] Clarify secret target behavior
* Fix typo on network docs
* podman-remote build add --volume support
* remote: allow --http-proxy for remote clients
* Cleanup kube play workloads if error happens
* health check: ignore dependencies of transient systemd units/timers
* fix: event read from syslog
* Fixes secret (un)marshaling for kube play.
* Remove 'you' from man pages
* build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
* [CI:DOCS] test/README.md: run tests with podman-remote
* e2e: keeps the http_proxy value
* Makefile: Add podman-mac-helper to darwin client zip
* test/e2e: enable 'podman run with ipam none driver' for nv
* [skip-ci] GHA/Cirrus-cron: Fix execution order
* kube sdnotify: run proxies for the lifespan of the service
* Update containers common package
* podman manpage: Use man-page links instead of file names
* e2e: fix e2e tests in proxy environment
* Fix test
* disable healthchecks automatically on non systemd systems
* Quadlet Kube: Add support for userns flag
* [CI:DOCS] Add warning about --opts,o with mount's -o
* Add podman system prune --external
* Add some tests for transient store
* runtime: In transient_store mode, move bolt_state.db to rundir
* runtime: Handle the transient store options
* libpod: Move the creation of TmpDir to an earlier time
* network create: support '-o parent=XXX' for ipvlan
* compat API: allow MacAddress on container config
* Quadlet Kube: Add support for relative path for YAML file
* notify k8s system test: move sending message into exec
* runtime: do not chown idmapped volumes
* quadlet: Drop ExecStartPre=rm %t/%N.cid
* Quadlet Kube: Set SyslogIdentifier if was not set
* Add a FreeBSD cross build to the cirrus alt build task
* Add completion for --init-ctr
* Fix handling of readonly containers when defined in kube.yaml
* Build cross-compilation fixes
* libpod: Track healthcheck API changes in healthcheck_unsupported.go
* quadlet: Use same default capability set as podman run
* quadlet: Drop --pull=never
* quadlet: Change default of ReadOnly to no
* quadlet: Change RunInit default to no
* quadlet: Change NoNewPrivileges default to false
* test: podman run with checkpoint image
* Enable 'podman run' for checkpoint images
* test: Add tests for checkpoint images
* CI setup: simplify environment passthrough code
* Init containers should not be restarted
* Update c/storage after https://github.com/containers/storage/pull/1436
* Set the latest release explicitly
* add friendly comment
* fix an overriding logic and load config problem
* Update the issue templates
* Update vendor of containers/(image, buildah)
* [CI:DOCS] Skip windows-smoke when not useful
* [CI:DOCS] Remove broken gate-container docs
* OWNERS: add Jason T. Greene
* hack/podmansnoop: print arguments
* Improve atomicity of VM state persistence on Windows
* [CI:BUILD] copr: enable podman-restart.service on rpm installation
* macos: pkg: Use -arm64 suffix instead of -aarch64
* linux: Add -linux suffix to podman-remote-static binaries
* linux: Build amd64 and arm64 podman-remote-static binaries
* container create: add inspect data to event
* Allow manual override of install location
* Run codespell on code
* Add missing parameters for checkpoint/restore endpoint
* Add support for startup healthchecks
* Add information on metrics to the `network create` docs
* Introduce podman machine os commands
* Document that ignoreRootFS depends on export/import
* Document ignoreVolumes in checkpoint/restore endpoint
* Remove leaveRunning from swagger restore endpoint
* libpod: Add checks to avoid nil pointer dereference if network setup fails
* Address golangci-lint issues
* Documenting Hyper-V QEMU acceleration settings
* Kube Play: fix the handling of the optional field of SecretVolumeSource
* Update Vendor of containers/(common, image, buildah)
* Fix swapped NetInput/-Output stats
* libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
* chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
* test/tools: rebuild when files are changed
* ginkgo tests: apply ginkgolinter fixes
* ginkgo: restructure install work flow
* Fix manpage emphasis
* specgen: support CDI devices from containers.conf
* vendor: update containers/common
* pkg/trust: Take the default policy path from c/common/pkg/config
* Add validate-in-container target
* Adding encryption decryption feature
* container restart: clean up healthcheck state
* Add support for podman-remote manifest annotate
* Quadlet: Add support for .kube files
* Update vendor of containers/(buildah, common, storage, image)
* specgen: honor user namespace value
* [CI:DOCS] Migrate OSX Cross to M1
* quadlet: Rework uid/gid remapping
* GHA: Fix cirrus re-run workflow for other repos.
* ssh system test: skip until it becomes a test
* shell completion: fix hard coded network drivers
* libpod: Report network setup errors properly on FreeBSD
* E2E Tests: change the registry for the search test to avoid authentication
* pkginstaller: install podman-mac-helper by default
* Fix language. Mostly spelling a -> an
* podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
* [CI:DOCS] Fix spelling and typos
* Modify man page of '--pids-limit' option to correct a default value.
* Update docs/source/markdown/podman-remote.1.md
* Update pkg/bindings/connection.go
* Add more documentation on UID/GID Mappings with --userns=keep-id
* support podman-remote to connect tcpURL with proxy
* Removing the RawInput from the API output
* fix port issues for CONTAINER_HOST
* CI: Package versions: run in the 'main' step
* build(deps): bump github.com/rootless-containers/rootlesskit
* pkg/domain: Make checkExecPreserveFDs platform-specific
* e2e tests: fix restart race
* Fix podman --noout to suppress all output
* remove pod if creation has failed
* pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
* Fix more podman-logs flakes
* healthcheck system tests: try to fix flake
* libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
* GHA: Configure workflows for reuse
* compat,build: handle docker's preconfigured cacheTo,cacheFrom
* docs: deprecate pasta network name
* utils: Enable cgroup utils for FreeBSD
* pkg/specgen: Disable kube play tests on FreeBSD
* libpod/lock: Fix build and tests for SHM locks on FreeBSD
* podman cp: fix copying with '.' suffix
* pkginstaller: bump Qemu to version 7.1.0
* specgen,wasm: switch to crun-wasm wherever applicable
* vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
* libpod: Make unit test for statToPercent Linux only
* Update vendor of containers/storage
* fix connection usage with containers.conf
* Add --quiet and --no-info flags to podman machine start
* Add hidden podman manifest inspect -v option
* Add podman volume create -d short option for driver
* Vendor in latest containers/(common,image,storage)
* Add podman system events alias to podman events
* Fix search_test to return correct version of alpine
* GHA: Fix undefined secret env. var.
* GHA: Fix make_email-body script reference
* Add release keys to README
* GHA: Fix typo setting output parameter
* GHA: Fix typo.
* New tool, docs/version-check
* Formalize our compare-against-docker mechanism
* Add restart-sec for container service files
* test/tools: bump module to go 1.17
* contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
* build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
* libpod: Add FreeBSD support in packageVersion
* Allow podman manigest push --purge|-p as alias for --rm
* [CI:DOCS] Add performance tutorial
* [CI:DOCS] Fix build targets in build_osx.md.
* fix --format {{json .}} output to match docker
* remote: fix manifest add --annotation
* Skip test if `--events-backend` is necessary with podman-remote
* kube play: update the handling of PersistentVolumeClaim
* system tests: fix a system test in proxy environment
* Use single unqualified search registry on Windows
* test/system: Add, use tcp_port_probe() to check for listeners rather than binds
* test/system: Add tests for pasta(1) connectivity
* test/system: Move network-related helpers to helpers.network.bash
* test/system: Use procfs to find bound ports, with optional address and protocol
* test/system: Use port_is_free() from wait_for_port()
* libpod: Add pasta networking mode
* More log-flake work
* Fix test flakes caused by improper podman-logs
* fix incorrect systemd booted check
* Cirrus: Add tests for GHA scripts
* GHA: Update scripts to pass shellcheck
* Cirrus: Shellcheck github-action scripts
* Cirrus: shellcheck support for github-action scripts
* GHA: Fix cirrus-cron scripts
* Makefile: don't install to tmpfiles.d on FreeBSD
* Make sure we can build and read each line of docker py's api client
* Docker compat build api - make sure only one line appears per flush
* Run codespell on code
* Update vendor of containers/(image, storage, common)
* Allow namespace path network option for pods.
* Cirrus: Never skip running Windows Cross task
* GHA: Auto. re-run failed cirrus-cron builds once
* GHA: Migrate inline script to file
* GHA: Simplify script reference
* test/e2e: do not use apk in builds
* remove container/pod id file along with container/pod
* Cirrus: Synchronize windows image
* Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
* runtime: add check for valid pod systemd cgroup
* CI: set and verify DESIRED_NETWORK (netavark, cni)
* [CI:DOCS] troubleshooting: document keep-id options
* Man pages: refactor common options: --security-opt
* Cirrus: Guarantee CNI testing w/o nv/av present
* Cirrus: temp. disable all Ubuntu testing
* Cirrus: Update to F37beta
* buildah bud tests: better handling of remote
* quadlet: Warn in generator if using short names
* Add Windows Smoke Testing
* Add podman kube apply command
* docs: offer advice on installing test dependencies
* Fix documentation on read-only-tmpfs
* version bump to 4.4.0-dev
* deps: bump go-criu to v6
* Makefile: Add cross build targets for freebsd
* pkg/machine: Make this build on FreeBSD/arm64
* pkg/rctl: Remove unused cgo dependency
* man pages: assorted underscore fixes
* Upgrade GitHub actions packages from v2 to v3
* vendor github.com/godbus/dbus/v5@4b691ce
* [CI:DOCS] fix --tmpdir typos
* Do not report that /usr/share/containers/storage.conf has been edited.
* Eval symlinks on XDG_RUNTIME_DIR
* hack/podmansnoop
* rootless: support keep-id with one mapping
* rootless: add argument to GetConfiguredMappings
* Update vendor containers/(common,storage,buildah,image)
* Fix deadlock between 'podman ps' and 'container inspect' commands
* Add information about where the libpod/boltdb database lives
* Consolidate the dependencies for the IsTerminal() API
* Ensure that StartAndAttach locks while sending signals
* ginkgo testing: fix podman usernamespace join
* Test runners: nuke podman from $PATH before tests
* volumes: Fix idmap not working for volumes
* FIXME: Temporary workaround for ubi8 CI breakage
* System tests: teardown: clean up volumes
* update api versions on docs.podman.io
* system tests: runlabel: use podman-under-test
* system tests: podman network create: use random port
* sig-proxy test: bump timeout
* play kube: Allow the user to import the contents of a tar file into a volume
* Clarify the docs on DropCapability
* quadlet tests: Disable kmsg logging while testing
* quadlet: Support multiple Network=
* quadlet: Add support for Network=...
* Fix manpage for podman run --network option
* quadlet: Add support for AddDevice=
* quadlet: Add support for setting seccomp profile
* quadlet: Allow multiple elements on each Add/DropCaps line
* quadlet: Embed the correct binary name in the generated comment
* quadlet: Drop the SocketActivated key
* quadlet: Switch log-driver to passthrough
* quadlet: Change ReadOnly to default to enabled
* quadlet tests: Run the tests even for (exected) failed tests
* quadlet tests: Fix handling of stderr checks
* Remove unused script file
* notifyproxy: fix container watcher
* container/pod id file: truncate instead of throwing an error
* quadlet: Use the new podman create volume --ignore
* Add podman volume create --ignore
* logcollector: include aardvark-dns
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
* build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
* docs: generate systemd: point to kube template
* docs: kube play: mention restart policy
* Fixes: 15858 (podman system reset --force destroy machine)
* fix search flake
* use cached containers.conf
* adding regex support to the ancestor ps filter function
* Fix `system df` issues with `-f` and `-v`
* markdown-preprocess: cross-reference where opts are used
* Default qemu flags for Windows amd64
* build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
* Update main to reflect v4.3.0 release
* build(deps): bump github.com/docker/docker
* move quadlet packages into pkg/systemd
* system df: fix image-size calculations
* Add man page for quadlet
* testimage: add iproute2 & socat, for pasta networking
* Set up minikube for k8s testing
* [CI:BUILD] copr: podman rpm should depend on containers-common-extra
* Podman image: Set default_sysctls to empty for rootless containers
* libpod: Add support for 'podman top' on FreeBSD
* libpod: Factor out jail name construction from stats_freebsd.go
* pkg/util: Add pid information descriptors for FreeBSD
* Initial quadlet version integrated in golang
* bump golangci-lint to v1.49.0
* Update vendor containers/(common,image,storage)
* Allow volume mount dups, iff source and dest dirs
* rootless: fix return value handling
* Change to correct break statements
* vendor containers/psgo@v1.8.0
* Clarify that MacOSX docs are client specific
* libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
* Add swagger install + allow version updates in CI
* Cirrus: Fix windows clone race
* kill: wait for the container
* generate systemd: set --stop-timeout for stopping containers
* hack/tree_status.sh: print diff at the end
* Fix markdown header typo
* markdown-preprocess: add generic include mechanism
* markdown-preprocess: almost complete OO rewrite
* Update tests for changed error messages
* Update c/image after https://github.com/containers/image/pull/1299
* Man pages: refactor common options (misc)
* Man pages: Refactor common options: --detach-keys
* vendor containers/storage@main
* Man pages: refactor common options: --attach
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
* KillContainer: improve error message
* docs: add missing options
* Man pages: refactor common options: --annotation (manifest)
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
* system tests: health-on-failure: fix broken logic
* build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
* build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
* ContainerEngine.SetupRootless(): Avoid calling container.Config()
* Container filters: Avoid use of ctr.Config()
* Avoid unnecessary calls to Container.Spec()
* Add and use Container.LinuxResource() helper
* play kube: notifyproxy: listen before starting the pod
* play kube: add support for configmap binaryData
* Add and use libpod/Container.Terminal() helper
* Revert 'Add checkpoint image tests'
* Revert 'cmd/podman: add support for checkpoint images'
* healthcheck: fix --on-failure=stop
* Man pages: Add mention of behavior due to XDG_CONFIG_HOME
* build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
* Avoid unnecessary timeout of 250msec when waiting on container shutdown
* health checks: make on-failure action retry aware
* libpod: Remove 100msec delay during shutdown
* libpod: Add support for 'podman pod' on FreeBSD
* libpod: Factor out cgroup validation from (*Runtime).NewPod
* libpod: Move runtime_pod_linux.go to runtime_pod_common.go
* specgen/generate: Avoid a nil dereference in MakePod
* libpod: Factor out cgroups handling from (*Pod).refresh
* Adds a link to OSX docs in CONTRIBUTING.md
* Man pages: refactor common options: --os-version
* Create full path to a directory when DirectoryOrCreate is used with play kube
* Return error in podman system service if URI scheme is not unix/tcp
* Man pages: refactor common options: --time
* man pages: document some --format options: images
* Clean up when stopping pods
ImportantSUSE bug 1197093SUSE bug 1208364SUSE bug 1208510SUSE bug 1209495CVE-2023-0778 at SUSECVE-2023-0778 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
Update to containerd v1.6.19:
Security fixes:
- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).
- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).
ModerateSUSE bug 1208423SUSE bug 1208426CVE-2023-25153 at SUSECVE-2023-25153 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-28464: Fixed use-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
The following non-security bugs were fixed:
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- net: ena: optimize data access in fast-path code (bsc#1208137).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785).
ImportantSUSE bug 1207168SUSE bug 1208137SUSE bug 1208598SUSE bug 1208601SUSE bug 1208787SUSE bug 1209052SUSE bug 1209256SUSE bug 1209288SUSE bug 1209289SUSE bug 1209290SUSE bug 1209291SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209778SUSE bug 1209785CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDcpe:/o:suse:suse-microos:5.1Security update for dnsmasq (Moderate)SUSE Linux Enterprise Micro 5.1
This update for dnsmasq fixes the following issues:
- CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358).
ModerateSUSE bug 1209358CVE-2023-28450 at SUSECVE-2023-28450 at NVDcpe:/o:suse:suse-microos:5.1Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.1
This update for ovmf fixes the following issues:
- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246).
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
ImportantSUSE bug 1174246SUSE bug 1196741CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:suse-microos:5.1Security update for s390-tools (Moderate)SUSE Linux Enterprise Micro 5.1
This update of s390-tools fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-microos:5.1Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-microos:5.1Security update for runc (Important)SUSE Linux Enterprise Micro 5.1
This update for runc fixes the following issues:
Update to runc v1.1.5:
Security fixes:
- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).
Other fixes:
- Fix the inability to use `/dev/null` when inside a container.
- Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
- Fix rare runc exec/enter unshare error on older kernels.
- nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
ImportantSUSE bug 1168481SUSE bug 1208962SUSE bug 1209884SUSE bug 1209888CVE-2023-25809 at SUSECVE-2023-25809 at NVDCVE-2023-27561 at SUSECVE-2023-27561 at NVDCVE-2023-28642 at SUSECVE-2023-28642 at NVDcpe:/o:suse:suse-microos:5.1Security update for sssd (Important)SUSE Linux Enterprise Micro 5.1
This update for sssd fixes the following issues:
- CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474)
ImportantSUSE bug 1207474CVE-2022-4254 at SUSECVE-2022-4254 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).
The following non-security bugs were fixed:
- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .
ImportantSUSE bug 1065270SUSE bug 1199132SUSE bug 1204585SUSE bug 1210411SUSE bug 1210412CVE-2021-3541 at SUSECVE-2021-3541 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDCVE-2023-28484 at SUSECVE-2023-28484 at NVDCVE-2023-29469 at SUSECVE-2023-29469 at NVDcpe:/o:suse:suse-microos:5.1Security update for libtpms (Important)SUSE Linux Enterprise Micro 5.1
This update for libtpms fixes the following issues:
- CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022).
- CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023).
ImportantSUSE bug 1206022SUSE bug 1206023CVE-2023-1017 at SUSECVE-2023-1017 at NVDCVE-2023-1018 at SUSECVE-2023-1018 at NVDcpe:/o:suse:suse-microos:5.1Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.1
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:suse-microos:5.1Security update for zstd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
ModerateSUSE bug 1209533CVE-2022-4899 at SUSECVE-2022-4899 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).
The following non-security bug was fixed:
- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).
ModerateSUSE bug 1209713SUSE bug 1209714SUSE bug 1210135CVE-2023-24593 at SUSECVE-2023-24593 at NVDCVE-2023-25180 at SUSECVE-2023-25180 at NVDcpe:/o:suse:suse-microos:5.1Security update for installation-images (Moderate)SUSE Linux Enterprise Micro 5.1
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-microos:5.1Security update for shim (Important)SUSE Linux Enterprise Micro 5.1
This update for shim fixes the following issues:
- CVE-2022-28737 was missing as reference previously.
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
Logic was added that is using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
ImportantSUSE bug 1210382CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1443, fixes the following security problems
- CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042).
- CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
ModerateSUSE bug 1208828SUSE bug 1209042SUSE bug 1209187CVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1264 at SUSECVE-2023-1264 at NVDCVE-2023-1355 at SUSECVE-2023-1355 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
ModerateSUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:suse-microos:5.1Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
ModerateSUSE bug 1210434CVE-2023-29491 at SUSECVE-2023-29491 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
The following non-security bugs were fixed:
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- cifs: fix negotiate context parsing (bsc#1210301).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
ImportantSUSE bug 1202353SUSE bug 1206992SUSE bug 1207088SUSE bug 1209687SUSE bug 1209739SUSE bug 1209777SUSE bug 1209871SUSE bug 1210202SUSE bug 1210203SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210414SUSE bug 1210453SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210629SUSE bug 1210647CVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1872 at SUSECVE-2023-1872 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
The following non-security bugs were fixed:
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- cifs: fix negotiate context parsing (bsc#1210301).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
ImportantSUSE bug 1202353SUSE bug 1205128SUSE bug 1206992SUSE bug 1207088SUSE bug 1209687SUSE bug 1209739SUSE bug 1209777SUSE bug 1209871SUSE bug 1210202SUSE bug 1210203SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210414SUSE bug 1210453SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210629SUSE bug 1210647CVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1872 at SUSECVE-2023-1872 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:suse-microos:5.1Security update for dmidecode (Moderate)SUSE Linux Enterprise Micro 5.1
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:suse-microos:5.1Security update for conmon (Important)SUSE Linux Enterprise Micro 5.1
This update of conmon fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.1Security update for curl (Important)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
ImportantSUSE bug 1211231SUSE bug 1211232SUSE bug 1211233SUSE bug 1211339CVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-setuptools (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
by fetching a malicious HTML document (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382).
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)
ImportantSUSE bug 1210298cpe:/o:suse:suse-microos:5.1Security update for runc (Important)SUSE Linux Enterprise Micro 5.1
This update of runc fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.1Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.1
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:suse-microos:5.1Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.1
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.1Security update for cni (Important)SUSE Linux Enterprise Micro 5.1
This update of cni fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:suse-microos:5.1Security update for openldap2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
ModerateSUSE bug 1211795CVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
ImportantSUSE bug 1199636SUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1208474SUSE bug 1208604SUSE bug 1209287SUSE bug 1209779SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211037SUSE bug 1211043SUSE bug 1211105SUSE bug 1211131SUSE bug 1211186SUSE bug 1211203SUSE bug 1211590SUSE bug 1211592SUSE bug 1211596SUSE bug 1211622CVE-2020-36694 at SUSECVE-2020-36694 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-23586 at SUSECVE-2023-23586 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:suse-microos:5.1Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
ModerateSUSE bug 1211894CVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:suse:suse-microos:5.1Security update for Salt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:suse-microos:5.1Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:suse-microos:5.1Security update for salt and python-pyzmq (Moderate)SUSE Linux Enterprise Micro 5.1
This update for salt and python-pyzmq fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-pyzmq:
- Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945)
ModerateSUSE bug 1186945SUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:suse-microos:5.1Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).
Bug fixes:
- Fixed build problem with grpc 1.54 (bsc#1210695).
ModerateSUSE bug 1210695SUSE bug 1212143CVE-2023-20867 at SUSECVE-2023-20867 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).
The following non-security bugs were fixed:
- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
ImportantSUSE bug 1184208SUSE bug 1199636SUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1208474SUSE bug 1208604SUSE bug 1209287SUSE bug 1209779SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211037SUSE bug 1211043SUSE bug 1211105SUSE bug 1211131SUSE bug 1211186SUSE bug 1211203SUSE bug 1211590SUSE bug 1211592SUSE bug 1211596SUSE bug 1211622CVE-2020-36694 at SUSECVE-2020-36694 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-23586 at SUSECVE-2023-23586 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).
ImportantSUSE bug 1210996SUSE bug 1211256SUSE bug 1211257CVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- Drop dvb-core fix patch due to bug (bsc#1205758).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- k-m-s: Drop Linux 2.6 support
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
- sunrpc: Ensure the transport backchannel association (bsc#1211203).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
ImportantSUSE bug 1160435SUSE bug 1172073SUSE bug 1187829SUSE bug 1191731SUSE bug 1199046SUSE bug 1199636SUSE bug 1200217SUSE bug 1202353SUSE bug 1205758SUSE bug 1207088SUSE bug 1208600SUSE bug 1209039SUSE bug 1209342SUSE bug 1209739SUSE bug 1210301SUSE bug 1210469SUSE bug 1210533SUSE bug 1210791SUSE bug 1211089SUSE bug 1211203SUSE bug 1211519SUSE bug 1211592SUSE bug 1211622SUSE bug 1211796SUSE bug 1212128SUSE bug 1212129SUSE bug 1212154SUSE bug 1212158SUSE bug 1212494SUSE bug 1212501SUSE bug 1212502SUSE bug 1212504SUSE bug 1212513SUSE bug 1212606SUSE bug 1212842CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3159 at SUSECVE-2023-3159 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35824 at SUSECVE-2023-35824 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
The following non-security bugs were fixed:
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Generalize kernel-doc build requirements.
- Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
- Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore
- Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE.
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
ImportantSUSE bug 1160435SUSE bug 1172073SUSE bug 1187829SUSE bug 1191731SUSE bug 1199046SUSE bug 1200217SUSE bug 1205758SUSE bug 1208600SUSE bug 1209039SUSE bug 1209342SUSE bug 1210533SUSE bug 1210791SUSE bug 1211089SUSE bug 1211519SUSE bug 1211796SUSE bug 1212128SUSE bug 1212129SUSE bug 1212154SUSE bug 1212158SUSE bug 1212494SUSE bug 1212501SUSE bug 1212502SUSE bug 1212504SUSE bug 1212513SUSE bug 1212606SUSE bug 1212842CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3159 at SUSECVE-2023-3159 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35824 at SUSECVE-2023-35824 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
ModerateSUSE bug 1211674CVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:suse:suse-microos:5.1Security update for cni (Important)SUSE Linux Enterprise Micro 5.1
This update of cni fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:suse-microos:5.1Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.1
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:suse-microos:5.1Security update for dbus-1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
ModerateSUSE bug 1212126CVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:suse:suse-microos:5.1Security update for perl (Important)SUSE Linux Enterprise Micro 5.1
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Important)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
ImportantSUSE bug 1186673SUSE bug 1209536SUSE bug 1213004SUSE bug 1213008SUSE bug 1213504CVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:suse:suse-microos:5.1Security update for libcap (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libcap fixes the following issues:
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
ModerateSUSE bug 1211419CVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472)
ImportantSUSE bug 1121365SUSE bug 1198472SUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
ModerateSUSE bug 1210994SUSE bug 1211591SUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
- Update further expiring certificates that affect tests [bsc#1201627]
ModerateSUSE bug 1201627SUSE bug 1207534SUSE bug 1213487CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:suse:suse-microos:5.1Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.1
This update for kernel-firmware fixes the following issues:
- CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).
ModerateSUSE bug 1213286CVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:suse-microos:5.1Security update for pcre2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
ModerateSUSE bug 1213514CVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:
* Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
* Misc
- Updated the containers/image library to v5.23.1
4.3.0:
* Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`
- The `podman kube play` command now supports the `emptyDir` volume type
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`)
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set
### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
Update to version 4.2.0:
* Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
- The remote Podman client now supports the podman image scp command.
- The podman image scp command now supports tagging the transferred image with a new name.
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
- The podman events command now includes the -f short option for the --filter option.
- The podman pull command now includes the -a short option for the --all-tags option.
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
- The Podman global option --url now has two aliases: -H and --host.
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in podman push and podman manifest push.
- Added an option to read image signing passphrase from a file.
* Changes
- Paused containers can now be killed with the podman kill command.
- The podman system prune command now removes unused networks.
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with podman play kube now default to the once type (#14877).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
- The libpod/common package has been removed as it's not used anywhere.
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
* Misc
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The podman machine ssh command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
* Fix CVE-2022-27191 / bsc#1197284
- Require catatonit >= 0.1.7 for pause functionality needed by pods
Update to version 4.0.3:
* Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
* Changes
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
- Updated the containers/common library to v0.47.5
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
ImportantSUSE bug 1181640SUSE bug 1181961SUSE bug 1193166SUSE bug 1193273SUSE bug 1197672SUSE bug 1199790SUSE bug 1202809CVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-27649 at SUSECVE-2022-27649 at NVDCVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213517SUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:suse-microos:5.1Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
ModerateSUSE bug 1212928CVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:suse:suse-microos:5.1Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.1
This update for kernel-firmware fixes the following issues:
- CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287)
ModerateSUSE bug 1213287CVE-2023-20569 at SUSECVE-2023-20569 at NVDcpe:/o:suse:suse-microos:5.1Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
ImportantSUSE bug 1214054CVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for rsync (Moderate)SUSE Linux Enterprise Micro 5.1
This update for rsync fixes the following issues:
- Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146)
- Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145)
- Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service).
- Fix --delay-updates never updates after interruption (bsc#1204538)
- Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154)
- rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387)
ModerateSUSE bug 1176160SUSE bug 1201840SUSE bug 1204538CVE-2020-14387 at SUSECVE-2020-14387 at NVDCVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
- CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure.
- CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure.
- CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege.
ImportantSUSE bug 1206418SUSE bug 1214099CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- get module prefix from kmod (bsc#1212835).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- remove more packaging cruft for sle < 12 sp3
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
ImportantSUSE bug 1199304SUSE bug 1206418SUSE bug 1207270SUSE bug 1210584SUSE bug 1211131SUSE bug 1211738SUSE bug 1211867SUSE bug 1212301SUSE bug 1212741SUSE bug 1212835SUSE bug 1212846SUSE bug 1213059SUSE bug 1213061SUSE bug 1213167SUSE bug 1213245SUSE bug 1213286SUSE bug 1213287SUSE bug 1213354SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213653SUSE bug 1213868CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- get module prefix from kmod (bsc#1212835).
- remove more packaging cruft for sle < 12 sp3
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
ImportantSUSE bug 1199304SUSE bug 1206418SUSE bug 1207270SUSE bug 1210584SUSE bug 1211131SUSE bug 1211738SUSE bug 1211867SUSE bug 1212301SUSE bug 1212741SUSE bug 1212835SUSE bug 1212846SUSE bug 1213059SUSE bug 1213061SUSE bug 1213167SUSE bug 1213245SUSE bug 1213286SUSE bug 1213287SUSE bug 1213354SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213653SUSE bug 1213868CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:suse-microos:5.1Security update for gawk (Low)SUSE Linux Enterprise Micro 5.1
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
LowSUSE bug 1214025CVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205)
- CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850)
- CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925)
- CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609)
- CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414)
- CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011)
ImportantSUSE bug 1188609SUSE bug 1190011SUSE bug 1207205SUSE bug 1212850SUSE bug 1213414SUSE bug 1213925CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2021-3750 at SUSECVE-2021-3750 at NVDCVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
ModerateSUSE bug 1027519SUSE bug 1204489SUSE bug 1213616SUSE bug 1214082SUSE bug 1214083CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:suse-microos:5.1Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.1
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
ImportantSUSE bug 1214248cpe:/o:suse:suse-microos:5.1Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
ModerateSUSE bug 1210419CVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:suse:suse-microos:5.1Security update for procps (Low)SUSE Linux Enterprise Micro 5.1
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
LowSUSE bug 1214290CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:suse-microos:5.1Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
- CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).
This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421)
ImportantSUSE bug 1214566CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
ModerateSUSE bug 1210797SUSE bug 1212368SUSE bug 1213120SUSE bug 1213229SUSE bug 1213500SUSE bug 1214107SUSE bug 1214108SUSE bug 1214109CVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:suse:suse-microos:5.1Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.1
This update for libssh2_org fixes the following issues:
- CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527)
ImportantSUSE bug 1214527CVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:suse:suse-microos:5.1Security update for icu73_2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for icu73_2 fixes the following issues:
- Update to release 73.2
* CLDR extends the support for “short” Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine
- Update to release 73.1
* Improved Japanese and Korean short-text line breaking
* Reduction of C++ memory use in date formatting
- Update to release 72.1
* Support for Unicode 15, including new characters, scripts,
emoji, and corresponding API constants.
* Support for CLDR 42 locale data with various additions and
corrections.
* Shift to tzdb 2022e. Pre-1970 data for a number of timezones
has been removed.
- bump library packagename to libicu71 to match the version.
- update to 71.1:
* updates to CLDR 41 locale data with various additions and corrections.
* phrase-based line breaking for Japanese. Existing line breaking methods
follow standards and conventions for body text but do not work well for
short Japanese text, such as in titles and headings. This new feature is
optimized for these use cases.
* support for Hindi written in Latin letters (hi_Latn). The CLDR data for
this increasingly popular locale has been significantly revised and
expanded. Note that based on user expectations, hi_Latn incorporates a
large amount of English, and can also be referred to as “Hinglish”.
* time zone data updated to version 2022a. Note that pre-1970 data for a
number of time zones has been removed, as has been the case in the upstream
tzdata release since 2021b.
- ICU-21793 Fix ucptrietest golden diff [bsc#1192935]
- Update to release 70.1:
* Unicode 14 (new characters, scripts, emoji, and API constants)
* CLDR 40 (many additions and corrections)
* Fixes for measurement unit formatting
* Can now be built with up to C++20 compilers
- ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder
- Update to release 69.1
* CLDR 39
* For Norwegian, 'no' is back to being the canonical code, with
'nb' treated as equivalent. This aligns handling of Norwegian
with other macro language codes.
* Binary prefixes in measurement units (KiB, MiB, etc.)
* Time zone offsets from local time: New APIs
BasicTimeZone::getOffsetFromLocal() (C++) and
ucal_getTimeZoneOffsetFromLocal()
- Backport ICU-21366 (bsc#1182645)
- Update to release 68.2
* Fix memory problem in FormattedStringBuilder
* Fix assertion when setKeywordValue w/ long value.
* Fix UBSan breakage on 8bit of rbbi
* fix int32_t overflow in listFormat
* Fix memory handling in MemoryPool::operator=()
* Fix memory leak in AliasReplacer
- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
Update to release 68.1:
* CLDR 38
* Measurement unit preferences
* PluralRules selection for ranges of numbers
* Locale ID canonicalization now conforms to the CLDR spec
including edge cases
* DateIntervalFormat supports output options such as capitalization
* Measurement units are normalized in skeleton string output
* Time zone data (tzdata) version 2020d
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
Update to version 67.1:
* Unicode 13 (ICU-20893, same as in ICU 66)
+ Total of 5930 new characters
+ 4 new scripts
+ 55 new emoji characters, plus additional new sequences
+ New CJK extension, first characters in plane 3: U+30000..U+3134A
* CLDR 37
+ New language at Modern coverage: Nigerian Pidgin
+ New languages at Basic coverage: Fulah (Adlam), Maithili,
Manipuri, Santali, Sindhi (Devanagari), Sundanese
+ Region containment: EU no longer includes GB
+ Unicode 13 root collation data and Chinese data for collation and transliteration
* DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442)
* Various other improvements for ECMA-402 conformance
* Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418)
* Currency formatting options for formal and other currency display name variants (ICU-20854)
* ListFormatter: new public API to select the style & type (ICU-12863)
* ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
* Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
* LocaleMatcher: New option to ignore one-way matches (ICU-20936),
and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
* acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
* Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073)
* Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
* and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
* Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
* Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531).
Update to version 66.1:
* Unicode 13 support
* Fix uses of u8'literals' broken by C++20 introduction of
incompatible char8_t type. (ICU-20972)
* use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- Remove /usr/lib(64)/icu/current [bsc#1158955].
Update to release 65.1 (jsc#SLE-11118):
* Updated to CLDR 36 locale data with many additions and
corrections, and some new measurement units.
* The Java LocaleMatcher API is improved, and ported to C++.
ModerateSUSE bug 1030253SUSE bug 1095425SUSE bug 1103893SUSE bug 1112183SUSE bug 1146907SUSE bug 1158955SUSE bug 1159131SUSE bug 1161007SUSE bug 1162882SUSE bug 1166844SUSE bug 1167603SUSE bug 1182252SUSE bug 1182645SUSE bug 1192935SUSE bug 1193951SUSE bug 354372SUSE bug 437293SUSE bug 824262CVE-2020-10531 at SUSECVE-2020-10531 at NVDCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:suse-microos:5.1Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.1
This update for ovmf fixes the following issues:
- CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371).
ImportantSUSE bug 1188371CVE-2019-11098 at SUSECVE-2019-11098 at NVDcpe:/o:suse:suse-microos:5.1Security update for libeconf (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
The following non-security bug was fixed:
- Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165).
ModerateSUSE bug 1198165SUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:suse-microos:5.1Security update for gcc12 (Important)SUSE Linux Enterprise Micro 5.1
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
ImportantSUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
The following non-security bugs were fixed:
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- Do not add and remove genksyms ifdefs
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove checker warning (jsc#PED-5738).
- kabi/severities: Ignore newly added SRSO mitigation functions
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738).
- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas: move syscall filter setup into separate function (bsc#1023051).
- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275).
- xfs: update superblock counters correctly for !lazysbcount (bsc#1214275).
ImportantSUSE bug 1023051SUSE bug 1203517SUSE bug 1210448SUSE bug 1213272SUSE bug 1213546SUSE bug 1213601SUSE bug 1213666SUSE bug 1213916SUSE bug 1213927SUSE bug 1213968SUSE bug 1213969SUSE bug 1213970SUSE bug 1213971SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214275SUSE bug 1214297SUSE bug 1214348SUSE bug 1214350SUSE bug 1214451CVE-2022-36402 at SUSECVE-2022-36402 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4385 at SUSECVE-2023-4385 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:suse:suse-microos:5.1Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.1
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
The following non-security bugs were fixed:
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- Do not add and remove genksyms ifdefs
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove checker warning (jsc#PED-5738).
- kabi/severities: Ignore newly added SRSO mitigation functions
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738).
- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas: move syscall filter setup into separate function (bsc#1023051).
- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275).
- xfs: update superblock counters correctly for !lazysbcount (bsc#1214275).
ImportantSUSE bug 1023051SUSE bug 1203517SUSE bug 1210448SUSE bug 1213272SUSE bug 1213546SUSE bug 1213601SUSE bug 1213666SUSE bug 1213916SUSE bug 1213927SUSE bug 1213968SUSE bug 1213969SUSE bug 1213970SUSE bug 1213971SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214275SUSE bug 1214297SUSE bug 1214348SUSE bug 1214350SUSE bug 1214451CVE-2022-36402 at SUSECVE-2022-36402 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4385 at SUSECVE-2023-4385 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:suse:suse-microos:5.1Security update for cni (Important)SUSE Linux Enterprise Micro 5.1
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.1Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.1
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.1Security update for containerd (Important)SUSE Linux Enterprise Micro 5.1
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.1Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.1
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:suse:suse-microos:5.1Securitys update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
ImportantSUSE bug 1205927SUSE bug 1214850CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base
name. (bsc#1214797, bsc#1193948)
Bugs fixed:
- Create minion_id with reproducible mtime
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'salt_version' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses
(bsc#1213960, bsc#1213630, bsc#1213257)
ModerateSUSE bug 1193948SUSE bug 1210994SUSE bug 1212794SUSE bug 1212844SUSE bug 1212855SUSE bug 1213257SUSE bug 1213441SUSE bug 1213630SUSE bug 1213960SUSE bug 1214796SUSE bug 1214797SUSE bug 1215489CVE-2023-20897 at SUSECVE-2023-20897 at NVDCVE-2023-20898 at SUSECVE-2023-20898 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
ImportantSUSE bug 1213616SUSE bug 1215145SUSE bug 1215474CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDcpe:/o:suse:suse-microos:5.1Security update for runc (Important)SUSE Linux Enterprise Micro 5.1
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.1Security update for mdadm (Moderate)SUSE Linux Enterprise Micro 5.1
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
ModerateSUSE bug 1214244SUSE bug 1214245CVE-2023-28736 at SUSECVE-2023-28736 at NVDCVE-2023-28938 at SUSECVE-2023-28938 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033CVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDcpe:/o:suse:suse-microos:5.1Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.1
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:suse:suse-microos:5.1Security update for shadow (Low)SUSE Linux Enterprise Micro 5.1
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
LowSUSE bug 1214806CVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889).
ModerateSUSE bug 1215889CVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
The following non-security bugs were fixed:
- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: fix flush with external metadata device (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm space maps: do not reset space map allocation cursor when committing (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm verity: fix require_signatures module_param permissions (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting down (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- kabi/severities: add mlx5 internal symbols
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix max value for 'first_minor' (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- nbd: make the config put is called before the notifying the waiter (git-fixes).
- nbd: restore default timeout when setting it to zero (git-fixes).
- net/mlx5: Allocate individual capability (bsc#1195175).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#1195175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175).
- net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175).
- net/mlx5: Use order-0 allocations for EQs (bsc#1195175).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- rbd: work around -Wuninitialized warning (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: core: Do not start concurrent async scan on same host (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: core: free sgtables in case command setup fails (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
- scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
- scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
- scsi: iscsi: Do not send data to unbound connection (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Report unbind session event when the target has been removed (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
- scsi: sr: Return correct event when media event code is 3 (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
- scsi: ufs: Clean up completed request without interrupt notification (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
ImportantSUSE bug 1195175SUSE bug 1204502SUSE bug 1206677SUSE bug 1207034SUSE bug 1207497SUSE bug 1207508SUSE bug 1207769SUSE bug 1207878CVE-2022-3606 at SUSECVE-2022-3606 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150)
- CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351)
- CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275)
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117)
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299)
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169)
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643)
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
ImportantSUSE bug 1176588SUSE bug 1202845SUSE bug 1207036SUSE bug 1207270SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212703SUSE bug 1213812SUSE bug 1214233SUSE bug 1214351SUSE bug 1214380SUSE bug 1214386SUSE bug 1215115SUSE bug 1215117SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215299SUSE bug 1215322SUSE bug 1215356CVE-2020-36766 at SUSECVE-2020-36766 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDcpe:/o:suse:suse-microos:5.1Security update for conmon (Important)SUSE Linux Enterprise Micro 5.1
This update for conmon fixes the following issues:
conmon is rebuilt with the current stable release go1.21 (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:suse:suse-microos:5.1Security update for opensc (Important)SUSE Linux Enterprise Micro 5.1
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Important)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:suse:suse-microos:5.1Security update for cni (Important)SUSE Linux Enterprise Micro 5.1
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:suse-microos:5.1Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.1
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
ImportantSUSE bug 1176588SUSE bug 1202845SUSE bug 1207270SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212703SUSE bug 1213812SUSE bug 1214233SUSE bug 1214351SUSE bug 1214380SUSE bug 1214386SUSE bug 1215115SUSE bug 1215117SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215299SUSE bug 1215322SUSE bug 1215356CVE-2020-36766 at SUSECVE-2020-36766 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDcpe:/o:suse:suse-microos:5.1Security update for suse-module-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for suse-module-tools fixes the following issues:
- Updated to version 15.3.17:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
- Updated to version 15.3.16:
- Fixed a build issue for s390x (bsc#1207853).
ImportantSUSE bug 1205767SUSE bug 1207853SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:suse:suse-microos:5.1Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.1
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-34323: Fixed a potential crash in C Xenstored due to an
incorrect assertion (XSA-440) (bsc#1215744).
- CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems
with IOMMU hardware and PCI passthrough enabled (XSA-442)
(bsc#1215746).
- CVE-2023-34325: Fixed multiple parsing issues in libfsimage
(XSA-443) (bsc#1215747).
- CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86
debugging functionality for guests (XSA-444) (bsc#1215748).
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:suse-microos:5.1Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.1
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:suse-microos:5.1Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.1
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:suse-microos:5.1Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
ImportantSUSE bug 1210778SUSE bug 1210853SUSE bug 1212051SUSE bug 1214842SUSE bug 1215095SUSE bug 1215467SUSE bug 1215518SUSE bug 1215745SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1216046SUSE bug 1216051SUSE bug 1216134CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
ImportantSUSE bug 1212051SUSE bug 1214842SUSE bug 1215095SUSE bug 1215467SUSE bug 1215518SUSE bug 1215745SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1216046CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Important)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:suse-microos:5.1Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.1
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
ImportantSUSE bug 1216654SUSE bug 1216807CVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: Integer Overflow in :history command (bsc#1216696)
ImportantSUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:suse:suse-microos:5.1Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.1
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:suse-microos:5.1Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.1
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:suse-microos:5.1Security update for tar (Moderate)SUSE Linux Enterprise Micro 5.1
This update for tar fixes the following issues:
- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).
Bug fixes:
- Fix hang when unpacking test tarball (bsc#1202436).
ModerateSUSE bug 1202436SUSE bug 1207753CVE-2022-48303 at SUSECVE-2022-48303 at NVDcpe:/o:suse:suse-microos:5.1Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.1
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:suse-microos:5.1Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.1
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
ModerateSUSE bug 1217573CVE-2023-46218 at SUSECVE-2023-46218 at NVDcpe:/o:suse:suse-microos:5.1Security update for catatonit, containerd, runc (Important)SUSE Linux Enterprise Micro 5.1
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
The following non-security bugs were fixed:
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
ImportantSUSE bug 1084909SUSE bug 1210780SUSE bug 1214037SUSE bug 1214344SUSE bug 1214764SUSE bug 1215371SUSE bug 1216058SUSE bug 1216259SUSE bug 1216584SUSE bug 1216965SUSE bug 1216976SUSE bug 1217140SUSE bug 1217332SUSE bug 1217408SUSE bug 1217780CVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
The following non-security bugs were fixed:
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
ImportantSUSE bug 1084909SUSE bug 1210780SUSE bug 1214037SUSE bug 1214344SUSE bug 1214764SUSE bug 1215371SUSE bug 1216058SUSE bug 1216259SUSE bug 1216584SUSE bug 1216965SUSE bug 1216976SUSE bug 1217140SUSE bug 1217332SUSE bug 1217408SUSE bug 1217780CVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:suse-microos:5.1Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.1
This update for c-ares fixes the following issues:
Updated to version 1.19.0:
- CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067).
ImportantSUSE bug 1208067CVE-2022-4904 at SUSECVE-2022-4904 at NVDcpe:/o:suse:suse-microos:5.1Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Important)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker, rootlesskit (Important)SUSE Linux Enterprise Micro 5.1
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
ModerateSUSE bug 1217277CVE-2023-5981 at SUSECVE-2023-5981 at NVDcpe:/o:suse:suse-microos:5.1Security update for libksba (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ModerateSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399).
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).
- CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125).
The following non-security bugs were fixed:
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- ext4: Detect already used quota file early (bsc#1206873).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
- ibmveth: Always stop tx queues during close (bsc#1065729).
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mm, memcg: do not high throttle allocators based on wraparound
- mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- mm, memcg: throttle allocators based on ancestral memory.high
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- module: Remove accidental change of module_enable_x() (git-fixes).
- module: avoid *goto*s in module_sig_check() (git-fixes).
- module: merge repetitive strings in module_sig_check() (git-fixes).
- module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).
- modules: lockdep: Suppress suspicious RCU usage warning (git-fixes).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).
- nfs: Fix an Oops in nfs_d_automount() (git-fixes).
- nfs: Fix memory leaks (git-fixes).
- nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
- nfs: Handle missing attributes in OPEN reply (bsc#1203740).
- nfs: Zero-stateid SETATTR should first return delegation (git-fixes).
- nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfs_find_open_context() may only select open files (git-fixes).
- nfs: nfs_xdr_status should record the procedure name (git-fixes).
- nfs: we do not support removing system.nfs4_acl (git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
- nfsd: Keep existing listeners on portlist error (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix error handling in NFSv4.0 callbacks (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: error out when relink swapfile (git-fixes).
- nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
- nfsv4: Fix races between open and dentry revalidation (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git-fixes).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- powerpc/xive: Add a check for memory allocation failure (git-fixes).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).
- powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Do not start a timer on an already queued rpc task (git-fixes).
- sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Handle 0 length opaque XDR object data properly (git-fixes).
- sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes).
- sunrpc: check that domain table is empty at module unload (git-fixes).
- sunrpc: stop printk reading past end of string (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- tracing: Verify if trace array exists before destroying it (git-fixes).
- udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
- udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- udf: Limit sparing table size (bsc#1206643).
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- udf: fix the problem that the disc content is not displayed (bsc#1206644).
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1203740SUSE bug 1204614SUSE bug 1204989SUSE bug 1205496SUSE bug 1205601SUSE bug 1205695SUSE bug 1206073SUSE bug 1206344SUSE bug 1206393SUSE bug 1206399SUSE bug 1206515SUSE bug 1206602SUSE bug 1206634SUSE bug 1206635SUSE bug 1206636SUSE bug 1206637SUSE bug 1206640SUSE bug 1206641SUSE bug 1206642SUSE bug 1206643SUSE bug 1206644SUSE bug 1206645SUSE bug 1206646SUSE bug 1206647SUSE bug 1206648SUSE bug 1206649SUSE bug 1206841SUSE bug 1206854SUSE bug 1206855SUSE bug 1206857SUSE bug 1206858SUSE bug 1206859SUSE bug 1206860SUSE bug 1206873SUSE bug 1206875SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206896SUSE bug 1206904SUSE bug 1207036SUSE bug 1207125CVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-cryptography, python-cryptography-vectors (Important)SUSE Linux Enterprise Micro 5.1
This update for python-cryptography, python-cryptography-vectors fixes the following issues:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066).
- CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168).
- update to 3.3.2 (bsc#1198331)
ImportantSUSE bug 1178168SUSE bug 1182066SUSE bug 1198331SUSE bug 1199282CVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143).
ModerateSUSE bug 1208143CVE-2023-0361 at SUSECVE-2023-0361 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.1
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bugs were fixed:
- Fixed a crash in the garbage collection (bsc#1188607)
- Fixed email.generator.py to not replace a non-existent header (bsc#1208443, gh#python/cpython#71508).
ImportantSUSE bug 1188607SUSE bug 1208443SUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599).
- CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
The following non-security bugs were fixed:
- add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).
- ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.
- delete config/armv7hl/default.
- delete config/armv7hl/lpae.
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: fix flush with external metadata device (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm space maps: do not reset space map allocation cursor when committing (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm verity: fix require_signatures module_param permissions (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting down (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- ext4: Fixup pages without buffers (bsc#1205495).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- hid: betop: check shape of output reports (git-fixes, bsc#1207186).
- hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
- hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- kabi/severities: add mlx5 internal symbols
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix max value for 'first_minor' (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- nbd: make the config put is called before the notifying the waiter (git-fixes).
- nbd: restore default timeout when setting it to zero (git-fixes).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- rbd: work around -Wuninitialized warning (git-fixes).
- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351).
- revert 'constraints: increase disk space for all architectures' (bsc#1203693).
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well.
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support).
- rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings.
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: core: Do not start concurrent async scan on same host (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: core: free sgtables in case command setup fails (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
- scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
- scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
- scsi: iscsi: Do not send data to unbound connection (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Report unbind session event when the target has been removed (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption (git-fixes).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
- scsi: sr: Return correct event when media event code is 3 (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
- scsi: ufs: Clean up completed request without interrupt notification (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
ImportantSUSE bug 1186449SUSE bug 1203331SUSE bug 1203332SUSE bug 1203693SUSE bug 1204502SUSE bug 1204760SUSE bug 1205149SUSE bug 1206351SUSE bug 1206677SUSE bug 1206784SUSE bug 1207034SUSE bug 1207051SUSE bug 1207134SUSE bug 1207186SUSE bug 1207237SUSE bug 1207497SUSE bug 1207508SUSE bug 1207560SUSE bug 1207773SUSE bug 1207795SUSE bug 1207845SUSE bug 1207875SUSE bug 1207878SUSE bug 1208212SUSE bug 1208599SUSE bug 1208700SUSE bug 1208741SUSE bug 1208776SUSE bug 1208816SUSE bug 1208837SUSE bug 1208845SUSE bug 1208971SUSE bug 1209008CVE-2022-3606 at SUSECVE-2022-3606 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1195 at SUSECVE-2023-1195 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
The following non-security bugs were fixed:
- cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that.
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- update suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
ImportantSUSE bug 1186449SUSE bug 1195175SUSE bug 1198438SUSE bug 1203331SUSE bug 1203332SUSE bug 1204356SUSE bug 1204662SUSE bug 1206103SUSE bug 1206351SUSE bug 1207051SUSE bug 1207575SUSE bug 1207773SUSE bug 1207795SUSE bug 1207845SUSE bug 1207875SUSE bug 1208023SUSE bug 1208153SUSE bug 1208212SUSE bug 1208700SUSE bug 1208741SUSE bug 1208776SUSE bug 1208816SUSE bug 1208837SUSE bug 1208845SUSE bug 1208971CVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-future (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-future fixes the following issues:
- CVE-2022-40899: Fixed an issue that could allow attackers to cause
an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673).
ModerateSUSE bug 1206673CVE-2022-40899 at SUSECVE-2022-40899 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
Docker was updated to 20.10.23-ce.
See upstream changelog at https://docs.docker.com/engine/release-notes/#201023
Docker was updated to 20.10.21-ce (bsc#1206065)
See upstream changelog at https://docs.docker.com/engine/release-notes/#201021
Security issues fixed:
- CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375)
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
ModerateSUSE bug 1205375SUSE bug 1206065CVE-2022-36109 at SUSECVE-2022-36109 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808).
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
- CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207).
- CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038).
- CVE-2022-1050: Fixed a use-after-free issue in pvrdma_exec_cmd() in pvrdma (bsc#1197653).
- CVE-2021-3929: Fixed a DMA reentrancy issue leads to use-after-free in nvme (bsc#1193880).
The following non-security bugs were fixed:
- Fix bsc#1202364.
ImportantSUSE bug 1180207SUSE bug 1185000SUSE bug 1193880SUSE bug 1197653SUSE bug 1198038SUSE bug 1202364SUSE bug 1205808CVE-2020-14394 at SUSECVE-2020-14394 at NVDCVE-2021-3507 at SUSECVE-2021-3507 at NVDCVE-2021-3929 at SUSECVE-2021-3929 at NVDCVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-1050 at SUSECVE-2022-1050 at NVDCVE-2022-4144 at SUSECVE-2022-4144 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:suse-microos:5.1Security update for slirp4netns (Moderate)SUSE Linux Enterprise Micro 5.1
This update for slirp4netns fixes the following issues:
- CVE-2020-29129: Fixed out-of-bounds access while processing NCSI packets (bsc#1179466).
- CVE-2020-29130: Fixed out-of-bounds access while processing ARP packets (bsc#1179467).
ModerateSUSE bug 1179466SUSE bug 1179467CVE-2020-29129 at SUSECVE-2020-29129 at NVDCVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:suse-microos:5.1Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.1
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
ModerateSUSE bug 1209282cpe:/o:suse:suse-microos:5.1Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
ImportantSUSE bug 1220770SUSE bug 1220771CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677).
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:suse-microos:5.1Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libvirt fixes the following issues:
- CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation (bsc#1221815).
ModerateSUSE bug 1221815CVE-2024-2494 at SUSECVE-2024-2494 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105).
- clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105).
- efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).
ImportantSUSE bug 1179610SUSE bug 1211226SUSE bug 1215237SUSE bug 1215375SUSE bug 1217250SUSE bug 1217709SUSE bug 1217946SUSE bug 1217947SUSE bug 1218105SUSE bug 1218184SUSE bug 1218253SUSE bug 1218258SUSE bug 1218559CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:suse:suse-microos:5.1Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:suse:suse-microos:5.1Security update for c-ares (Moderate)SUSE Linux Enterprise Micro 5.1
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:suse:suse-microos:5.1Security update for buildah (Important)SUSE Linux Enterprise Micro 5.1
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
ImportantSUSE bug 1219563SUSE bug 1220568SUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
ModerateSUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:suse:suse-microos:5.1Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.1
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:suse:suse-microos:5.1Security update for util-linux (Important)SUSE Linux Enterprise Micro 5.1
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1194038SUSE bug 1207987SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:suse:suse-microos:5.1Security update for less (Important)SUSE Linux Enterprise Micro 5.1
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for libzypp, zypper, PackageKit (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libzypp, zypper, PackageKit fixes the following issues:
- Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544)
- Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add default stripe minimum
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config
- version 17.32.0
- ProblemSolution::skipsPatchesOnly overload to handout the patches
- Show active dry-run/download-only at the commit propmpt
- Add --skip-not-applicable-patches option
- Fix printing detailed solver problem description
- Fix bash-completion to work with right adjusted numbers in the 1st column too
- Set libzypp shutdown request signal on Ctrl+C
- In the detailed view show all baseurls not just the first one (bsc#1218171)
ModerateSUSE bug 1175678SUSE bug 1218171SUSE bug 1218544SUSE bug 1221525CVE-2024-0217 at SUSECVE-2024-0217 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.1
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:suse:suse-microos:5.1Security update for shim (Important)SUSE Linux Enterprise Micro 5.1
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Important)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-idna (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556).
- CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557).
- CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560).
- CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561).
- CVE-2021-46908: Fixed incorrect permission flag for mixed signed bounds arithmetic in bpf (bsc#1220425).
- CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
- CVE-2021-46911: Fixed kernel panic (bsc#1220400).
- CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465).
- CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432).
- CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429).
- CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414).
- CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426).
- CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
- CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq (bsc#1220554).
- CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
- CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583).
- CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566).
- CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
- CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi (bsc#1220615).
- CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516).
- CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521).
- CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734).
- CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
- CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529).
- CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532).
- CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand() (bsc#1220536).
- CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697).
- CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621).
- CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663).
- CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
- CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639).
- CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
- CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743).
- CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
- CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
- CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
- CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669).
- CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670).
- CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677).
- CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
- CVE-2021-47009: Fixed memory leak on object td (bsc#1220733).
- CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630).
- CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en (bsc#1220794).
- CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678).
- CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785).
- CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685).
- CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
- CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688).
- CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753).
- CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759).
- CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
- CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758).
- CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
- CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi (bsc#1220764).
- CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
- CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
- CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779).
- CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
- CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749).
- CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
- CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
- CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic (bsc#1220846).
- CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
- CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534).
- CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
- CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541).
- CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
- CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4 (bsc#1221575).
- CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
- CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
- CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606).
- CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552).
- CVE-2021-47136: Fixed uninitialized memory access caused by allocation via zero-initialize tc skb extension in net (bsc#1221931).
- CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932).
- CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
- CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935).
- CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949).
- CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
- CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989).
- CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
- CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
- CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974).
- CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966).
- CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978).
- CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
- CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
- CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
- CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
- CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
- CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004).
- CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
- CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992).
- CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
- CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990).
- CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003).
- CVE-2021-47176: Fixed crash with illegal operation exception in dasd_device_tasklet in s390/dasd (bsc#1221996).
- CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
- CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4 (bsc#1222001).
- CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264).
- group-source-files.pl: Quote filenames (boo#1221077).
- mm: fix gup_pud_range (bsc#1220824).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). Altered because 5.3 does not do SSP
ImportantSUSE bug 1192145SUSE bug 1209657SUSE bug 1218336SUSE bug 1218447SUSE bug 1218479SUSE bug 1218562SUSE bug 1219170SUSE bug 1219264SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220400SUSE bug 1220411SUSE bug 1220413SUSE bug 1220414SUSE bug 1220425SUSE bug 1220426SUSE bug 1220429SUSE bug 1220432SUSE bug 1220442SUSE bug 1220445SUSE bug 1220465SUSE bug 1220468SUSE bug 1220475SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220516SUSE bug 1220521SUSE bug 1220528SUSE bug 1220529SUSE bug 1220532SUSE bug 1220536SUSE bug 1220554SUSE bug 1220556SUSE bug 1220557SUSE bug 1220560SUSE bug 1220561SUSE bug 1220566SUSE bug 1220575SUSE bug 1220580SUSE bug 1220583SUSE bug 1220611SUSE bug 1220615SUSE bug 1220621SUSE bug 1220625SUSE bug 1220630SUSE bug 1220631SUSE bug 1220638SUSE bug 1220639SUSE bug 1220640SUSE bug 1220662SUSE bug 1220663SUSE bug 1220669SUSE bug 1220670SUSE bug 1220677SUSE bug 1220678SUSE bug 1220685SUSE bug 1220687SUSE bug 1220688SUSE bug 1220692SUSE bug 1220697SUSE bug 1220703SUSE bug 1220706SUSE bug 1220733SUSE bug 1220734SUSE bug 1220739SUSE bug 1220743SUSE bug 1220749SUSE bug 1220751SUSE bug 1220753SUSE bug 1220758SUSE bug 1220759SUSE bug 1220764SUSE bug 1220768SUSE bug 1220769SUSE bug 1220777SUSE bug 1220779SUSE bug 1220785SUSE bug 1220790SUSE bug 1220794SUSE bug 1220824SUSE bug 1220829SUSE bug 1220836SUSE bug 1220846SUSE bug 1220850SUSE bug 1220861SUSE bug 1220871SUSE bug 1220883SUSE bug 1220946SUSE bug 1220954SUSE bug 1220969SUSE bug 1220979SUSE bug 1220982SUSE bug 1220985SUSE bug 1220987SUSE bug 1221015SUSE bug 1221044SUSE bug 1221058SUSE bug 1221061SUSE bug 1221077SUSE bug 1221088SUSE bug 1221276SUSE bug 1221293SUSE bug 1221532SUSE bug 1221534SUSE bug 1221541SUSE bug 1221548SUSE bug 1221552SUSE bug 1221575SUSE bug 1221605SUSE bug 1221606SUSE bug 1221608SUSE bug 1221830SUSE bug 1221931SUSE bug 1221932SUSE bug 1221934SUSE bug 1221935SUSE bug 1221949SUSE bug 1221952SUSE bug 1221965SUSE bug 1221966SUSE bug 1221969SUSE bug 1221973SUSE bug 1221974SUSE bug 1221978SUSE bug 1221989SUSE bug 1221990SUSE bug 1221991SUSE bug 1221992SUSE bug 1221993SUSE bug 1221994SUSE bug 1221996SUSE bug 1221997SUSE bug 1221998SUSE bug 1221999SUSE bug 1222000SUSE bug 1222001SUSE bug 1222002SUSE bug 1222003SUSE bug 1222004SUSE bug 1222117SUSE bug 1222422SUSE bug 1222585SUSE bug 1222619SUSE bug 1222660SUSE bug 1222664SUSE bug 1222669SUSE bug 1222706SUSE bug 1222878CVE-2020-36780 at SUSECVE-2020-36780 at NVDCVE-2020-36781 at SUSECVE-2020-36781 at NVDCVE-2020-36782 at SUSECVE-2020-36782 at NVDCVE-2020-36783 at SUSECVE-2020-36783 at NVDCVE-2021-46908 at SUSECVE-2021-46908 at NVDCVE-2021-46909 at SUSECVE-2021-46909 at NVDCVE-2021-46911 at SUSECVE-2021-46911 at NVDCVE-2021-46914 at SUSECVE-2021-46914 at NVDCVE-2021-46917 at SUSECVE-2021-46917 at NVDCVE-2021-46918 at SUSECVE-2021-46918 at NVDCVE-2021-46919 at SUSECVE-2021-46919 at NVDCVE-2021-46920 at SUSECVE-2021-46920 at NVDCVE-2021-46921 at SUSECVE-2021-46921 at NVDCVE-2021-46922 at SUSECVE-2021-46922 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46938 at SUSECVE-2021-46938 at NVDCVE-2021-46939 at SUSECVE-2021-46939 at NVDCVE-2021-46943 at SUSECVE-2021-46943 at NVDCVE-2021-46944 at SUSECVE-2021-46944 at NVDCVE-2021-46950 at SUSECVE-2021-46950 at NVDCVE-2021-46951 at SUSECVE-2021-46951 at NVDCVE-2021-46956 at SUSECVE-2021-46956 at NVDCVE-2021-46958 at SUSECVE-2021-46958 at NVDCVE-2021-46959 at SUSECVE-2021-46959 at NVDCVE-2021-46960 at SUSECVE-2021-46960 at NVDCVE-2021-46961 at SUSECVE-2021-46961 at NVDCVE-2021-46962 at SUSECVE-2021-46962 at NVDCVE-2021-46963 at SUSECVE-2021-46963 at NVDCVE-2021-46971 at SUSECVE-2021-46971 at NVDCVE-2021-46976 at SUSECVE-2021-46976 at NVDCVE-2021-46980 at SUSECVE-2021-46980 at NVDCVE-2021-46981 at SUSECVE-2021-46981 at NVDCVE-2021-46983 at SUSECVE-2021-46983 at NVDCVE-2021-46984 at SUSECVE-2021-46984 at NVDCVE-2021-46988 at SUSECVE-2021-46988 at NVDCVE-2021-46990 at SUSECVE-2021-46990 at NVDCVE-2021-46991 at SUSECVE-2021-46991 at NVDCVE-2021-46992 at SUSECVE-2021-46992 at NVDCVE-2021-46998 at SUSECVE-2021-46998 at NVDCVE-2021-47000 at SUSECVE-2021-47000 at NVDCVE-2021-47001 at SUSECVE-2021-47001 at NVDCVE-2021-47003 at SUSECVE-2021-47003 at NVDCVE-2021-47006 at SUSECVE-2021-47006 at NVDCVE-2021-47009 at SUSECVE-2021-47009 at NVDCVE-2021-47014 at SUSECVE-2021-47014 at NVDCVE-2021-47015 at SUSECVE-2021-47015 at NVDCVE-2021-47017 at SUSECVE-2021-47017 at NVDCVE-2021-47020 at SUSECVE-2021-47020 at NVDCVE-2021-47026 at SUSECVE-2021-47026 at NVDCVE-2021-47034 at SUSECVE-2021-47034 at NVDCVE-2021-47035 at SUSECVE-2021-47035 at NVDCVE-2021-47038 at SUSECVE-2021-47038 at NVDCVE-2021-47044 at SUSECVE-2021-47044 at NVDCVE-2021-47045 at SUSECVE-2021-47045 at NVDCVE-2021-47046 at SUSECVE-2021-47046 at NVDCVE-2021-47049 at SUSECVE-2021-47049 at NVDCVE-2021-47051 at SUSECVE-2021-47051 at NVDCVE-2021-47055 at SUSECVE-2021-47055 at NVDCVE-2021-47056 at SUSECVE-2021-47056 at NVDCVE-2021-47058 at SUSECVE-2021-47058 at NVDCVE-2021-47063 at SUSECVE-2021-47063 at NVDCVE-2021-47065 at SUSECVE-2021-47065 at NVDCVE-2021-47068 at SUSECVE-2021-47068 at NVDCVE-2021-47070 at SUSECVE-2021-47070 at NVDCVE-2021-47071 at SUSECVE-2021-47071 at NVDCVE-2021-47073 at SUSECVE-2021-47073 at NVDCVE-2021-47077 at SUSECVE-2021-47077 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47109 at SUSECVE-2021-47109 at NVDCVE-2021-47110 at SUSECVE-2021-47110 at NVDCVE-2021-47112 at SUSECVE-2021-47112 at NVDCVE-2021-47114 at SUSECVE-2021-47114 at NVDCVE-2021-47117 at SUSECVE-2021-47117 at NVDCVE-2021-47118 at SUSECVE-2021-47118 at NVDCVE-2021-47119 at SUSECVE-2021-47119 at NVDCVE-2021-47120 at SUSECVE-2021-47120 at NVDCVE-2021-47130 at SUSECVE-2021-47130 at NVDCVE-2021-47136 at SUSECVE-2021-47136 at NVDCVE-2021-47137 at SUSECVE-2021-47137 at NVDCVE-2021-47138 at SUSECVE-2021-47138 at NVDCVE-2021-47139 at SUSECVE-2021-47139 at NVDCVE-2021-47141 at SUSECVE-2021-47141 at NVDCVE-2021-47142 at SUSECVE-2021-47142 at NVDCVE-2021-47144 at SUSECVE-2021-47144 at NVDCVE-2021-47150 at SUSECVE-2021-47150 at NVDCVE-2021-47153 at SUSECVE-2021-47153 at NVDCVE-2021-47160 at SUSECVE-2021-47160 at NVDCVE-2021-47161 at SUSECVE-2021-47161 at NVDCVE-2021-47164 at SUSECVE-2021-47164 at NVDCVE-2021-47165 at SUSECVE-2021-47165 at NVDCVE-2021-47166 at SUSECVE-2021-47166 at NVDCVE-2021-47167 at SUSECVE-2021-47167 at NVDCVE-2021-47168 at SUSECVE-2021-47168 at NVDCVE-2021-47169 at SUSECVE-2021-47169 at NVDCVE-2021-47170 at SUSECVE-2021-47170 at NVDCVE-2021-47171 at SUSECVE-2021-47171 at NVDCVE-2021-47172 at SUSECVE-2021-47172 at NVDCVE-2021-47173 at SUSECVE-2021-47173 at NVDCVE-2021-47174 at SUSECVE-2021-47174 at NVDCVE-2021-47175 at SUSECVE-2021-47175 at NVDCVE-2021-47176 at SUSECVE-2021-47176 at NVDCVE-2021-47177 at SUSECVE-2021-47177 at NVDCVE-2021-47179 at SUSECVE-2021-47179 at NVDCVE-2021-47180 at SUSECVE-2021-47180 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557).
- CVE-2021-46911: Fixed kernel panic (bsc#1220400).
- CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465).
- CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432).
- CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429).
- CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414).
- CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426).
- CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516).
- CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734).
- CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529).
- CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697).
- CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621).
- CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663).
- CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
- CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670).
- CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677).
- CVE-2021-47009: Fixed memory leak on object td (bsc#1220733).
- CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630).
- CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678).
- CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685).
- CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688).
- CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753).
- CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759).
- CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534).
- CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552).
- CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932).
- CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
- CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974).
- CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978).
- CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990).
- CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
The following non-security bugs were fixed:
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- group-source-files.pl: Quote filenames (boo#1221077).
- kernel-binary: certs: Avoid trailing space
- mm: fix gup_pud_range (bsc#1220824).
ImportantSUSE bug 1184942SUSE bug 1186060SUSE bug 1192145SUSE bug 1194516SUSE bug 1208995SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218336SUSE bug 1218447SUSE bug 1218479SUSE bug 1218562SUSE bug 1219170SUSE bug 1219264SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220400SUSE bug 1220411SUSE bug 1220413SUSE bug 1220414SUSE bug 1220425SUSE bug 1220426SUSE bug 1220429SUSE bug 1220432SUSE bug 1220442SUSE bug 1220445SUSE bug 1220465SUSE bug 1220468SUSE bug 1220475SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220516SUSE bug 1220521SUSE bug 1220528SUSE bug 1220529SUSE bug 1220532SUSE bug 1220554SUSE bug 1220556SUSE bug 1220557SUSE bug 1220560SUSE bug 1220561SUSE bug 1220566SUSE bug 1220575SUSE bug 1220580SUSE bug 1220583SUSE bug 1220611SUSE bug 1220615SUSE bug 1220621SUSE bug 1220625SUSE bug 1220630SUSE bug 1220631SUSE bug 1220638SUSE bug 1220639SUSE bug 1220640SUSE bug 1220641SUSE bug 1220662SUSE bug 1220663SUSE bug 1220669SUSE bug 1220670SUSE bug 1220677SUSE bug 1220678SUSE bug 1220685SUSE bug 1220687SUSE bug 1220688SUSE bug 1220692SUSE bug 1220697SUSE bug 1220703SUSE bug 1220706SUSE bug 1220733SUSE bug 1220734SUSE bug 1220739SUSE bug 1220743SUSE bug 1220745SUSE bug 1220749SUSE bug 1220751SUSE bug 1220753SUSE bug 1220758SUSE bug 1220759SUSE bug 1220764SUSE bug 1220768SUSE bug 1220769SUSE bug 1220777SUSE bug 1220779SUSE bug 1220785SUSE bug 1220790SUSE bug 1220794SUSE bug 1220824SUSE bug 1220826SUSE bug 1220829SUSE bug 1220836SUSE bug 1220846SUSE bug 1220850SUSE bug 1220861SUSE bug 1220871SUSE bug 1220883SUSE bug 1220946SUSE bug 1220954SUSE bug 1220969SUSE bug 1220979SUSE bug 1220982SUSE bug 1220985SUSE bug 1220987SUSE bug 1221015SUSE bug 1221044SUSE bug 1221058SUSE bug 1221061SUSE bug 1221077SUSE bug 1221088SUSE bug 1221276SUSE bug 1221293SUSE bug 1221532SUSE bug 1221534SUSE bug 1221541SUSE bug 1221548SUSE bug 1221552SUSE bug 1221575SUSE bug 1221605SUSE bug 1221606SUSE bug 1221608SUSE bug 1221830SUSE bug 1221931SUSE bug 1221932SUSE bug 1221934SUSE bug 1221935SUSE bug 1221949SUSE bug 1221952SUSE bug 1221965SUSE bug 1221966SUSE bug 1221969SUSE bug 1221973SUSE bug 1221974SUSE bug 1221978SUSE bug 1221989SUSE bug 1221990SUSE bug 1221991SUSE bug 1221992SUSE bug 1221993SUSE bug 1221994SUSE bug 1221996SUSE bug 1221997SUSE bug 1221998SUSE bug 1221999SUSE bug 1222000SUSE bug 1222001SUSE bug 1222002SUSE bug 1222003SUSE bug 1222004SUSE bug 1222117SUSE bug 1222422SUSE bug 1222585SUSE bug 1222619SUSE bug 1222660SUSE bug 1222664SUSE bug 1222669SUSE bug 1222706CVE-2020-36780 at SUSECVE-2020-36780 at NVDCVE-2020-36781 at SUSECVE-2020-36781 at NVDCVE-2020-36782 at SUSECVE-2020-36782 at NVDCVE-2020-36783 at SUSECVE-2020-36783 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-46908 at SUSECVE-2021-46908 at NVDCVE-2021-46909 at SUSECVE-2021-46909 at NVDCVE-2021-46911 at SUSECVE-2021-46911 at NVDCVE-2021-46914 at SUSECVE-2021-46914 at NVDCVE-2021-46917 at SUSECVE-2021-46917 at NVDCVE-2021-46918 at SUSECVE-2021-46918 at NVDCVE-2021-46919 at SUSECVE-2021-46919 at NVDCVE-2021-46920 at SUSECVE-2021-46920 at NVDCVE-2021-46921 at SUSECVE-2021-46921 at NVDCVE-2021-46922 at SUSECVE-2021-46922 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46938 at SUSECVE-2021-46938 at NVDCVE-2021-46939 at SUSECVE-2021-46939 at NVDCVE-2021-46943 at SUSECVE-2021-46943 at NVDCVE-2021-46944 at SUSECVE-2021-46944 at NVDCVE-2021-46950 at SUSECVE-2021-46950 at NVDCVE-2021-46951 at SUSECVE-2021-46951 at NVDCVE-2021-46956 at SUSECVE-2021-46956 at NVDCVE-2021-46958 at SUSECVE-2021-46958 at NVDCVE-2021-46959 at SUSECVE-2021-46959 at NVDCVE-2021-46960 at SUSECVE-2021-46960 at NVDCVE-2021-46961 at SUSECVE-2021-46961 at NVDCVE-2021-46962 at SUSECVE-2021-46962 at NVDCVE-2021-46963 at SUSECVE-2021-46963 at NVDCVE-2021-46971 at SUSECVE-2021-46971 at NVDCVE-2021-46976 at SUSECVE-2021-46976 at NVDCVE-2021-46980 at SUSECVE-2021-46980 at NVDCVE-2021-46981 at SUSECVE-2021-46981 at NVDCVE-2021-46983 at SUSECVE-2021-46983 at NVDCVE-2021-46984 at SUSECVE-2021-46984 at NVDCVE-2021-46988 at SUSECVE-2021-46988 at NVDCVE-2021-46990 at SUSECVE-2021-46990 at NVDCVE-2021-46991 at SUSECVE-2021-46991 at NVDCVE-2021-46992 at SUSECVE-2021-46992 at NVDCVE-2021-46998 at SUSECVE-2021-46998 at NVDCVE-2021-47000 at SUSECVE-2021-47000 at NVDCVE-2021-47001 at SUSECVE-2021-47001 at NVDCVE-2021-47003 at SUSECVE-2021-47003 at NVDCVE-2021-47006 at SUSECVE-2021-47006 at NVDCVE-2021-47009 at SUSECVE-2021-47009 at NVDCVE-2021-47013 at SUSECVE-2021-47013 at NVDCVE-2021-47014 at SUSECVE-2021-47014 at NVDCVE-2021-47015 at SUSECVE-2021-47015 at NVDCVE-2021-47017 at SUSECVE-2021-47017 at NVDCVE-2021-47020 at SUSECVE-2021-47020 at NVDCVE-2021-47026 at SUSECVE-2021-47026 at NVDCVE-2021-47034 at SUSECVE-2021-47034 at NVDCVE-2021-47035 at SUSECVE-2021-47035 at NVDCVE-2021-47038 at SUSECVE-2021-47038 at NVDCVE-2021-47044 at SUSECVE-2021-47044 at NVDCVE-2021-47045 at SUSECVE-2021-47045 at NVDCVE-2021-47046 at SUSECVE-2021-47046 at NVDCVE-2021-47049 at SUSECVE-2021-47049 at NVDCVE-2021-47051 at SUSECVE-2021-47051 at NVDCVE-2021-47055 at SUSECVE-2021-47055 at NVDCVE-2021-47056 at SUSECVE-2021-47056 at NVDCVE-2021-47058 at SUSECVE-2021-47058 at NVDCVE-2021-47061 at SUSECVE-2021-47061 at NVDCVE-2021-47063 at SUSECVE-2021-47063 at NVDCVE-2021-47065 at SUSECVE-2021-47065 at NVDCVE-2021-47068 at SUSECVE-2021-47068 at NVDCVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2021-47070 at SUSECVE-2021-47070 at NVDCVE-2021-47071 at SUSECVE-2021-47071 at NVDCVE-2021-47073 at SUSECVE-2021-47073 at NVDCVE-2021-47077 at SUSECVE-2021-47077 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47109 at SUSECVE-2021-47109 at NVDCVE-2021-47110 at SUSECVE-2021-47110 at NVDCVE-2021-47112 at SUSECVE-2021-47112 at NVDCVE-2021-47114 at SUSECVE-2021-47114 at NVDCVE-2021-47117 at SUSECVE-2021-47117 at NVDCVE-2021-47118 at SUSECVE-2021-47118 at NVDCVE-2021-47119 at SUSECVE-2021-47119 at NVDCVE-2021-47120 at SUSECVE-2021-47120 at NVDCVE-2021-47130 at SUSECVE-2021-47130 at NVDCVE-2021-47136 at SUSECVE-2021-47136 at NVDCVE-2021-47137 at SUSECVE-2021-47137 at NVDCVE-2021-47138 at SUSECVE-2021-47138 at NVDCVE-2021-47139 at SUSECVE-2021-47139 at NVDCVE-2021-47141 at SUSECVE-2021-47141 at NVDCVE-2021-47142 at SUSECVE-2021-47142 at NVDCVE-2021-47144 at SUSECVE-2021-47144 at NVDCVE-2021-47150 at SUSECVE-2021-47150 at NVDCVE-2021-47153 at SUSECVE-2021-47153 at NVDCVE-2021-47160 at SUSECVE-2021-47160 at NVDCVE-2021-47161 at SUSECVE-2021-47161 at NVDCVE-2021-47164 at SUSECVE-2021-47164 at NVDCVE-2021-47165 at SUSECVE-2021-47165 at NVDCVE-2021-47166 at SUSECVE-2021-47166 at NVDCVE-2021-47167 at SUSECVE-2021-47167 at NVDCVE-2021-47168 at SUSECVE-2021-47168 at NVDCVE-2021-47169 at SUSECVE-2021-47169 at NVDCVE-2021-47170 at SUSECVE-2021-47170 at NVDCVE-2021-47171 at SUSECVE-2021-47171 at NVDCVE-2021-47172 at SUSECVE-2021-47172 at NVDCVE-2021-47173 at SUSECVE-2021-47173 at NVDCVE-2021-47174 at SUSECVE-2021-47174 at NVDCVE-2021-47175 at SUSECVE-2021-47175 at NVDCVE-2021-47176 at SUSECVE-2021-47176 at NVDCVE-2021-47177 at SUSECVE-2021-47177 at NVDCVE-2021-47179 at SUSECVE-2021-47179 at NVDCVE-2021-47180 at SUSECVE-2021-47180 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
The following non-security bugs were fixed:
- clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105).
- clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021).
- efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).
- io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709).
ImportantSUSE bug 1179610SUSE bug 1215237SUSE bug 1215375SUSE bug 1217250SUSE bug 1217709SUSE bug 1217946SUSE bug 1217947SUSE bug 1218105SUSE bug 1218253SUSE bug 1218258SUSE bug 1218559CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:suse-microos:5.1Security update for less (Important)SUSE Linux Enterprise Micro 5.1
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
ModerateSUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:suse:suse-microos:5.1Security update for sssd (Important)SUSE Linux Enterprise Micro 5.1
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
- dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
- dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113).
- net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
- tls: Fix context leak on tls_device_down (bsc#1221545).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1200313SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1211592SUSE bug 1218562SUSE bug 1218917SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220513SUSE bug 1220755SUSE bug 1220854SUSE bug 1221113SUSE bug 1221299SUSE bug 1221543SUSE bug 1221545SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222559SUSE bug 1222585SUSE bug 1222624SUSE bug 1222666SUSE bug 1222669SUSE bug 1222709SUSE bug 1222790SUSE bug 1222792SUSE bug 1222829SUSE bug 1222876SUSE bug 1222878SUSE bug 1222881SUSE bug 1222883SUSE bug 1222894SUSE bug 1222976SUSE bug 1223016SUSE bug 1223057SUSE bug 1223111SUSE bug 1223187SUSE bug 1223202SUSE bug 1223475SUSE bug 1223482SUSE bug 1223509SUSE bug 1223513SUSE bug 1223522SUSE bug 1223824SUSE bug 1223921SUSE bug 1223923SUSE bug 1223931SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223963CVE-2021-46955 at SUSECVE-2021-46955 at NVDCVE-2021-47041 at SUSECVE-2021-47041 at NVDCVE-2021-47074 at SUSECVE-2021-47074 at NVDCVE-2021-47113 at SUSECVE-2021-47113 at NVDCVE-2021-47131 at SUSECVE-2021-47131 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
- dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
- dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113).
- net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
- tls: Fix context leak on tls_device_down (bsc#1221545).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1200313SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1211592SUSE bug 1218562SUSE bug 1218917SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220513SUSE bug 1220755SUSE bug 1220854SUSE bug 1221113SUSE bug 1221299SUSE bug 1221543SUSE bug 1221545SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222559SUSE bug 1222624SUSE bug 1222666SUSE bug 1222709SUSE bug 1222790SUSE bug 1222792SUSE bug 1222829SUSE bug 1222876SUSE bug 1222881SUSE bug 1222883SUSE bug 1222894SUSE bug 1222976SUSE bug 1223016SUSE bug 1223057SUSE bug 1223111SUSE bug 1223187SUSE bug 1223202SUSE bug 1223475SUSE bug 1223482SUSE bug 1223509SUSE bug 1223513SUSE bug 1223522SUSE bug 1223824SUSE bug 1223921SUSE bug 1223923SUSE bug 1223931SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223963CVE-2021-46955 at SUSECVE-2021-46955 at NVDCVE-2021-47041 at SUSECVE-2021-47041 at NVDCVE-2021-47074 at SUSECVE-2021-47074 at NVDCVE-2021-47113 at SUSECVE-2021-47113 at NVDCVE-2021-47131 at SUSECVE-2021-47131 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDcpe:/o:suse:suse-microos:5.1Security update for perl (Important)SUSE Linux Enterprise Micro 5.1
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:suse:suse-microos:5.1Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Important)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273)
ModerateSUSE bug 1219273CVE-2023-27534 at SUSECVE-2023-27534 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476).
- cifs: avoid race conditions with parallel reconnects (bsc#1213476).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- cifs: avoid use of global locks for high contention data (bsc#1213476).
- cifs: check only tcon status on tcon related functions (bsc#1213476).
- cifs: do all necessary checks for credits within or before locking (bsc#1213476).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1213476).
- cifs: do not take exclusive lock for updating target hints (bsc#1213476).
- cifs: fix confusing debug message (bsc#1213476).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476).
- cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476).
- cifs: fix refresh of cached referrals (bsc#1213476).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476).
- cifs: fix source pathname comparison of dfs supers (bsc#1213476).
- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476).
- cifs: get rid of dns resolve worker (bsc#1213476).
- cifs: get rid of mount options string parsing (bsc#1213476).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1213476).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476).
- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- cifs: optimize reconnect of nested links (bsc#1213476).
- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- cifs: refresh root referrals (bsc#1213476).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- cifs: remove unused function (bsc#1213476).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1213476).
- cifs: return DFS root session id in DebugData (bsc#1213476).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476).
- cifs: set correct ipc status after initial tree connect (bsc#1213476).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1213476).
- cifs: set correct tcon status after initial tree connect (bsc#1213476).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- cifs: set resolved ip in sockaddr (bsc#1213476).
- cifs: share dfs connections and supers (bsc#1213476).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476).
- cifs: use fs_context for automounts (bsc#1213476).
- cifs: use origin fullpath for automounts (bsc#1213476).
- cifs: use tcon allocation functions even for dummy tcon (bsc#1213476).
- netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes).
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes).
- netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes).
- netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes).
- netfilter: nf_tables: GC transaction race with abort path (git-fixes).
- netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes).
- netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes).
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes).
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes).
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes).
- netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes).
- netfilter: nf_tables: use correct lock to protect gc_list (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_rbtree: Add missing expired checks (git-fixes).
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes).
- netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes).
- netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes).
- netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes).
- netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes).
- netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes).
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes).
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes).
- netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes).
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes).
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes).
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes).
- NFC: nxp: add NXP1002 (bsc#1185589).
- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
- smb: client: fix dfs link mount against w2k8 (git-fixes).
- smb: client: fix null auth (bsc#1213476).
- smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1151927SUSE bug 1152472SUSE bug 1154353SUSE bug 1156395SUSE bug 1174585SUSE bug 1176447SUSE bug 1176774SUSE bug 1176869SUSE bug 1178134SUSE bug 1181147SUSE bug 1184631SUSE bug 1185589SUSE bug 1185902SUSE bug 1186885SUSE bug 1188616SUSE bug 1188772SUSE bug 1189883SUSE bug 1190795SUSE bug 1191452SUSE bug 1192107SUSE bug 1194288SUSE bug 1194591SUSE bug 1196956SUSE bug 1197760SUSE bug 1198029SUSE bug 1199304SUSE bug 1200619SUSE bug 1203389SUSE bug 1206646SUSE bug 1209657SUSE bug 1210335SUSE bug 1210629SUSE bug 1213476SUSE bug 1215420SUSE bug 1216702SUSE bug 1217169SUSE bug 1220137SUSE bug 1220144SUSE bug 1220754SUSE bug 1220877SUSE bug 1220960SUSE bug 1221044SUSE bug 1221113SUSE bug 1221829SUSE bug 1222251SUSE bug 1222619SUSE bug 1222838SUSE bug 1222867SUSE bug 1223084SUSE bug 1223138SUSE bug 1223384SUSE bug 1223390SUSE bug 1223512SUSE bug 1223626SUSE bug 1223715SUSE bug 1223932SUSE bug 1223934SUSE bug 1224099SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224816SUSE bug 1224826SUSE bug 1224830SUSE bug 1224831SUSE bug 1224832SUSE bug 1224834SUSE bug 1224841SUSE bug 1224842SUSE bug 1224843SUSE bug 1224844SUSE bug 1224846SUSE bug 1224849SUSE bug 1224852SUSE bug 1224853SUSE bug 1224854SUSE bug 1224859SUSE bug 1224882SUSE bug 1224886SUSE bug 1224888SUSE bug 1224889SUSE bug 1224891SUSE bug 1224892SUSE bug 1224893SUSE bug 1224899SUSE bug 1224904SUSE bug 1224907SUSE bug 1224909SUSE bug 1224916SUSE bug 1224917SUSE bug 1224922SUSE bug 1224923SUSE bug 1224924SUSE bug 1224926SUSE bug 1224928SUSE bug 1224953SUSE bug 1224954SUSE bug 1224955SUSE bug 1224957SUSE bug 1224961SUSE bug 1224963SUSE bug 1224965SUSE bug 1224966SUSE bug 1224968SUSE bug 1224981SUSE bug 1224982SUSE bug 1224983SUSE bug 1224984SUSE bug 1224987SUSE bug 1224990SUSE bug 1224993SUSE bug 1224996SUSE bug 1224997SUSE bug 1225026SUSE bug 1225030SUSE bug 1225058SUSE bug 1225060SUSE bug 1225083SUSE bug 1225084SUSE bug 1225091SUSE bug 1225112SUSE bug 1225113SUSE bug 1225128SUSE bug 1225140SUSE bug 1225143SUSE bug 1225148SUSE bug 1225155SUSE bug 1225164SUSE bug 1225177SUSE bug 1225178SUSE bug 1225181SUSE bug 1225192SUSE bug 1225193SUSE bug 1225198SUSE bug 1225201SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225237SUSE bug 1225238SUSE bug 1225243SUSE bug 1225244SUSE bug 1225247SUSE bug 1225251SUSE bug 1225252SUSE bug 1225256SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225301SUSE bug 1225303SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225330SUSE bug 1225333SUSE bug 1225336SUSE bug 1225341SUSE bug 1225346SUSE bug 1225351SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225374SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225390SUSE bug 1225393SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225411SUSE bug 1225424SUSE bug 1225427SUSE bug 1225435SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225446SUSE bug 1225447SUSE bug 1225448SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225468SUSE bug 1225499SUSE bug 1225500SUSE bug 1225508SUSE bug 1225534CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47220 at SUSECVE-2021-47220 at NVDCVE-2021-47227 at SUSECVE-2021-47227 at NVDCVE-2021-47228 at SUSECVE-2021-47228 at NVDCVE-2021-47229 at SUSECVE-2021-47229 at NVDCVE-2021-47230 at SUSECVE-2021-47230 at NVDCVE-2021-47231 at SUSECVE-2021-47231 at NVDCVE-2021-47235 at SUSECVE-2021-47235 at NVDCVE-2021-47236 at SUSECVE-2021-47236 at NVDCVE-2021-47237 at SUSECVE-2021-47237 at NVDCVE-2021-47239 at SUSECVE-2021-47239 at NVDCVE-2021-47240 at SUSECVE-2021-47240 at NVDCVE-2021-47241 at SUSECVE-2021-47241 at NVDCVE-2021-47246 at SUSECVE-2021-47246 at NVDCVE-2021-47252 at SUSECVE-2021-47252 at NVDCVE-2021-47253 at SUSECVE-2021-47253 at NVDCVE-2021-47254 at SUSECVE-2021-47254 at NVDCVE-2021-47255 at SUSECVE-2021-47255 at NVDCVE-2021-47258 at SUSECVE-2021-47258 at NVDCVE-2021-47259 at SUSECVE-2021-47259 at NVDCVE-2021-47260 at SUSECVE-2021-47260 at NVDCVE-2021-47261 at SUSECVE-2021-47261 at NVDCVE-2021-47263 at SUSECVE-2021-47263 at NVDCVE-2021-47265 at SUSECVE-2021-47265 at NVDCVE-2021-47267 at SUSECVE-2021-47267 at NVDCVE-2021-47269 at SUSECVE-2021-47269 at NVDCVE-2021-47270 at SUSECVE-2021-47270 at NVDCVE-2021-47274 at SUSECVE-2021-47274 at NVDCVE-2021-47275 at SUSECVE-2021-47275 at NVDCVE-2021-47276 at SUSECVE-2021-47276 at NVDCVE-2021-47280 at SUSECVE-2021-47280 at NVDCVE-2021-47281 at SUSECVE-2021-47281 at NVDCVE-2021-47284 at SUSECVE-2021-47284 at NVDCVE-2021-47285 at SUSECVE-2021-47285 at NVDCVE-2021-47288 at SUSECVE-2021-47288 at NVDCVE-2021-47289 at SUSECVE-2021-47289 at NVDCVE-2021-47296 at SUSECVE-2021-47296 at NVDCVE-2021-47301 at SUSECVE-2021-47301 at NVDCVE-2021-47302 at SUSECVE-2021-47302 at NVDCVE-2021-47305 at SUSECVE-2021-47305 at NVDCVE-2021-47307 at SUSECVE-2021-47307 at NVDCVE-2021-47308 at SUSECVE-2021-47308 at NVDCVE-2021-47314 at SUSECVE-2021-47314 at NVDCVE-2021-47315 at SUSECVE-2021-47315 at NVDCVE-2021-47320 at SUSECVE-2021-47320 at NVDCVE-2021-47321 at SUSECVE-2021-47321 at NVDCVE-2021-47323 at SUSECVE-2021-47323 at NVDCVE-2021-47324 at SUSECVE-2021-47324 at NVDCVE-2021-47329 at SUSECVE-2021-47329 at NVDCVE-2021-47330 at SUSECVE-2021-47330 at NVDCVE-2021-47332 at SUSECVE-2021-47332 at NVDCVE-2021-47333 at SUSECVE-2021-47333 at NVDCVE-2021-47334 at SUSECVE-2021-47334 at NVDCVE-2021-47337 at SUSECVE-2021-47337 at NVDCVE-2021-47338 at SUSECVE-2021-47338 at NVDCVE-2021-47340 at SUSECVE-2021-47340 at NVDCVE-2021-47341 at SUSECVE-2021-47341 at NVDCVE-2021-47343 at SUSECVE-2021-47343 at NVDCVE-2021-47344 at SUSECVE-2021-47344 at NVDCVE-2021-47347 at SUSECVE-2021-47347 at NVDCVE-2021-47348 at SUSECVE-2021-47348 at NVDCVE-2021-47350 at SUSECVE-2021-47350 at NVDCVE-2021-47353 at SUSECVE-2021-47353 at NVDCVE-2021-47354 at SUSECVE-2021-47354 at NVDCVE-2021-47356 at SUSECVE-2021-47356 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476).
- cifs: avoid race conditions with parallel reconnects (bsc#1213476).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- cifs: avoid use of global locks for high contention data (bsc#1213476).
- cifs: check only tcon status on tcon related functions (bsc#1213476).
- cifs: do all necessary checks for credits within or before locking (bsc#1213476).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1213476).
- cifs: do not take exclusive lock for updating target hints (bsc#1213476).
- cifs: fix confusing debug message (bsc#1213476).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476).
- cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476).
- cifs: fix refresh of cached referrals (bsc#1213476).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476).
- cifs: fix source pathname comparison of dfs supers (bsc#1213476).
- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476).
- cifs: get rid of dns resolve worker (bsc#1213476).
- cifs: get rid of mount options string parsing (bsc#1213476).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1213476).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476).
- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- cifs: optimize reconnect of nested links (bsc#1213476).
- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- cifs: refresh root referrals (bsc#1213476).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- cifs: remove unused function (bsc#1213476).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1213476).
- cifs: return DFS root session id in DebugData (bsc#1213476).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476).
- cifs: set correct ipc status after initial tree connect (bsc#1213476).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1213476).
- cifs: set correct tcon status after initial tree connect (bsc#1213476).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- cifs: set resolved ip in sockaddr (bsc#1213476).
- cifs: share dfs connections and supers (bsc#1213476).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476).
- cifs: use fs_context for automounts (bsc#1213476).
- cifs: use origin fullpath for automounts (bsc#1213476).
- cifs: use tcon allocation functions even for dummy tcon (bsc#1213476).
- netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes).
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes).
- netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes).
- netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes).
- netfilter: nf_tables: GC transaction race with abort path (git-fixes).
- netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes).
- netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes).
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes).
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes).
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes).
- netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes).
- netfilter: nf_tables: use correct lock to protect gc_list (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_rbtree: Add missing expired checks (git-fixes).
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes).
- netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes).
- netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes).
- netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes).
- netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes).
- netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes).
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes).
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes).
- netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes).
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes).
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes).
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes).
- NFC: nxp: add NXP1002 (bsc#1185589).
- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
- smb: client: fix dfs link mount against w2k8 (git-fixes).
- smb: client: fix null auth (bsc#1213476).
- smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1151927SUSE bug 1152472SUSE bug 1154353SUSE bug 1156395SUSE bug 1174585SUSE bug 1176447SUSE bug 1176774SUSE bug 1176869SUSE bug 1178134SUSE bug 1181147SUSE bug 1184631SUSE bug 1185570SUSE bug 1185589SUSE bug 1185902SUSE bug 1186885SUSE bug 1187357SUSE bug 1188616SUSE bug 1188772SUSE bug 1189883SUSE bug 1190795SUSE bug 1191452SUSE bug 1192107SUSE bug 1194288SUSE bug 1194591SUSE bug 1196956SUSE bug 1197760SUSE bug 1198029SUSE bug 1199304SUSE bug 1200619SUSE bug 1203389SUSE bug 1206646SUSE bug 1209657SUSE bug 1210335SUSE bug 1210629SUSE bug 1213476SUSE bug 1215420SUSE bug 1216702SUSE bug 1217169SUSE bug 1220137SUSE bug 1220144SUSE bug 1220754SUSE bug 1220877SUSE bug 1220960SUSE bug 1221044SUSE bug 1221113SUSE bug 1221829SUSE bug 1222251SUSE bug 1222619SUSE bug 1222838SUSE bug 1222867SUSE bug 1223084SUSE bug 1223138SUSE bug 1223384SUSE bug 1223390SUSE bug 1223512SUSE bug 1223932SUSE bug 1223934SUSE bug 1224099SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224816SUSE bug 1224826SUSE bug 1224830SUSE bug 1224831SUSE bug 1224832SUSE bug 1224834SUSE bug 1224841SUSE bug 1224842SUSE bug 1224843SUSE bug 1224844SUSE bug 1224846SUSE bug 1224849SUSE bug 1224852SUSE bug 1224853SUSE bug 1224854SUSE bug 1224859SUSE bug 1224882SUSE bug 1224886SUSE bug 1224888SUSE bug 1224889SUSE bug 1224891SUSE bug 1224892SUSE bug 1224893SUSE bug 1224899SUSE bug 1224904SUSE bug 1224907SUSE bug 1224909SUSE bug 1224916SUSE bug 1224917SUSE bug 1224922SUSE bug 1224923SUSE bug 1224924SUSE bug 1224926SUSE bug 1224928SUSE bug 1224953SUSE bug 1224954SUSE bug 1224955SUSE bug 1224957SUSE bug 1224961SUSE bug 1224963SUSE bug 1224965SUSE bug 1224966SUSE bug 1224968SUSE bug 1224981SUSE bug 1224982SUSE bug 1224983SUSE bug 1224984SUSE bug 1224987SUSE bug 1224990SUSE bug 1224993SUSE bug 1224996SUSE bug 1224997SUSE bug 1225026SUSE bug 1225030SUSE bug 1225058SUSE bug 1225060SUSE bug 1225083SUSE bug 1225084SUSE bug 1225091SUSE bug 1225112SUSE bug 1225113SUSE bug 1225128SUSE bug 1225140SUSE bug 1225143SUSE bug 1225148SUSE bug 1225155SUSE bug 1225164SUSE bug 1225177SUSE bug 1225178SUSE bug 1225181SUSE bug 1225192SUSE bug 1225193SUSE bug 1225198SUSE bug 1225201SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225237SUSE bug 1225238SUSE bug 1225243SUSE bug 1225244SUSE bug 1225247SUSE bug 1225251SUSE bug 1225252SUSE bug 1225256SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225301SUSE bug 1225303SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225330SUSE bug 1225333SUSE bug 1225336SUSE bug 1225341SUSE bug 1225346SUSE bug 1225351SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225374SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225390SUSE bug 1225393SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225411SUSE bug 1225424SUSE bug 1225427SUSE bug 1225435SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225446SUSE bug 1225447SUSE bug 1225448SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225468SUSE bug 1225499SUSE bug 1225500SUSE bug 1225508SUSE bug 1225534CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47220 at SUSECVE-2021-47220 at NVDCVE-2021-47227 at SUSECVE-2021-47227 at NVDCVE-2021-47228 at SUSECVE-2021-47228 at NVDCVE-2021-47229 at SUSECVE-2021-47229 at NVDCVE-2021-47230 at SUSECVE-2021-47230 at NVDCVE-2021-47231 at SUSECVE-2021-47231 at NVDCVE-2021-47235 at SUSECVE-2021-47235 at NVDCVE-2021-47236 at SUSECVE-2021-47236 at NVDCVE-2021-47237 at SUSECVE-2021-47237 at NVDCVE-2021-47239 at SUSECVE-2021-47239 at NVDCVE-2021-47240 at SUSECVE-2021-47240 at NVDCVE-2021-47241 at SUSECVE-2021-47241 at NVDCVE-2021-47246 at SUSECVE-2021-47246 at NVDCVE-2021-47252 at SUSECVE-2021-47252 at NVDCVE-2021-47253 at SUSECVE-2021-47253 at NVDCVE-2021-47254 at SUSECVE-2021-47254 at NVDCVE-2021-47255 at SUSECVE-2021-47255 at NVDCVE-2021-47258 at SUSECVE-2021-47258 at NVDCVE-2021-47259 at SUSECVE-2021-47259 at NVDCVE-2021-47260 at SUSECVE-2021-47260 at NVDCVE-2021-47261 at SUSECVE-2021-47261 at NVDCVE-2021-47263 at SUSECVE-2021-47263 at NVDCVE-2021-47265 at SUSECVE-2021-47265 at NVDCVE-2021-47267 at SUSECVE-2021-47267 at NVDCVE-2021-47269 at SUSECVE-2021-47269 at NVDCVE-2021-47270 at SUSECVE-2021-47270 at NVDCVE-2021-47274 at SUSECVE-2021-47274 at NVDCVE-2021-47275 at SUSECVE-2021-47275 at NVDCVE-2021-47276 at SUSECVE-2021-47276 at NVDCVE-2021-47280 at SUSECVE-2021-47280 at NVDCVE-2021-47281 at SUSECVE-2021-47281 at NVDCVE-2021-47284 at SUSECVE-2021-47284 at NVDCVE-2021-47285 at SUSECVE-2021-47285 at NVDCVE-2021-47288 at SUSECVE-2021-47288 at NVDCVE-2021-47289 at SUSECVE-2021-47289 at NVDCVE-2021-47296 at SUSECVE-2021-47296 at NVDCVE-2021-47301 at SUSECVE-2021-47301 at NVDCVE-2021-47302 at SUSECVE-2021-47302 at NVDCVE-2021-47305 at SUSECVE-2021-47305 at NVDCVE-2021-47307 at SUSECVE-2021-47307 at NVDCVE-2021-47308 at SUSECVE-2021-47308 at NVDCVE-2021-47314 at SUSECVE-2021-47314 at NVDCVE-2021-47315 at SUSECVE-2021-47315 at NVDCVE-2021-47320 at SUSECVE-2021-47320 at NVDCVE-2021-47321 at SUSECVE-2021-47321 at NVDCVE-2021-47323 at SUSECVE-2021-47323 at NVDCVE-2021-47324 at SUSECVE-2021-47324 at NVDCVE-2021-47329 at SUSECVE-2021-47329 at NVDCVE-2021-47330 at SUSECVE-2021-47330 at NVDCVE-2021-47332 at SUSECVE-2021-47332 at NVDCVE-2021-47333 at SUSECVE-2021-47333 at NVDCVE-2021-47334 at SUSECVE-2021-47334 at NVDCVE-2021-47337 at SUSECVE-2021-47337 at NVDCVE-2021-47338 at SUSECVE-2021-47338 at NVDCVE-2021-47340 at SUSECVE-2021-47340 at NVDCVE-2021-47341 at SUSECVE-2021-47341 at NVDCVE-2021-47343 at SUSECVE-2021-47343 at NVDCVE-2021-47344 at SUSECVE-2021-47344 at NVDCVE-2021-47347 at SUSECVE-2021-47347 at NVDCVE-2021-47348 at SUSECVE-2021-47348 at NVDCVE-2021-47350 at SUSECVE-2021-47350 at NVDCVE-2021-47353 at SUSECVE-2021-47353 at NVDCVE-2021-47354 at SUSECVE-2021-47354 at NVDCVE-2021-47356 at SUSECVE-2021-47356 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:suse-microos:5.1Security update for python39 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python39 fixes the following issues:
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ModerateSUSE bug 1226447SUSE bug 1226448CVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:suse:suse-microos:5.1Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
The following non-security bugs were fixed:
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
ImportantSUSE bug 1156395SUSE bug 1171988SUSE bug 1176447SUSE bug 1176774SUSE bug 1181147SUSE bug 1191958SUSE bug 1195065SUSE bug 1195254SUSE bug 1195798SUSE bug 1202623SUSE bug 1218148SUSE bug 1219224SUSE bug 1219633SUSE bug 1222015SUSE bug 1223011SUSE bug 1223384SUSE bug 1224671SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224865SUSE bug 1225010SUSE bug 1225047SUSE bug 1225109SUSE bug 1225161SUSE bug 1225184SUSE bug 1225203SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226226SUSE bug 1226537SUSE bug 1226552SUSE bug 1226554SUSE bug 1226557SUSE bug 1226558SUSE bug 1226562SUSE bug 1226563SUSE bug 1226575SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226595SUSE bug 1226614SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226674SUSE bug 1226679SUSE bug 1226686SUSE bug 1226691SUSE bug 1226692SUSE bug 1226698SUSE bug 1226703SUSE bug 1226708SUSE bug 1226709SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226758SUSE bug 1226762SUSE bug 1226786SUSE bug 1226962CVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47247 at SUSECVE-2021-47247 at NVDCVE-2021-47311 at SUSECVE-2021-47311 at NVDCVE-2021-47328 at SUSECVE-2021-47328 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
The following non-security bugs were fixed:
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
ImportantSUSE bug 1156395SUSE bug 1171988SUSE bug 1176447SUSE bug 1176774SUSE bug 1181147SUSE bug 1191958SUSE bug 1195065SUSE bug 1195254SUSE bug 1195798SUSE bug 1202623SUSE bug 1218148SUSE bug 1219224SUSE bug 1219633SUSE bug 1222015SUSE bug 1223011SUSE bug 1224671SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224865SUSE bug 1225010SUSE bug 1225047SUSE bug 1225109SUSE bug 1225161SUSE bug 1225184SUSE bug 1225203SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226226SUSE bug 1226537SUSE bug 1226552SUSE bug 1226554SUSE bug 1226557SUSE bug 1226558SUSE bug 1226562SUSE bug 1226563SUSE bug 1226575SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226595SUSE bug 1226614SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226674SUSE bug 1226679SUSE bug 1226686SUSE bug 1226691SUSE bug 1226692SUSE bug 1226698SUSE bug 1226703SUSE bug 1226708SUSE bug 1226709SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226762SUSE bug 1226785SUSE bug 1226786SUSE bug 1226962CVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47247 at SUSECVE-2021-47247 at NVDCVE-2021-47311 at SUSECVE-2021-47311 at NVDCVE-2021-47328 at SUSECVE-2021-47328 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDcpe:/o:suse:suse-microos:5.1Security update for oniguruma (Moderate)SUSE Linux Enterprise Micro 5.1
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:suse:suse-microos:5.1Security update for cockpit (Moderate)SUSE Linux Enterprise Micro 5.1
This update for cockpit fixes the following issues:
- CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). ModerateSUSE bug 1226040CVE-2024-6126 at SUSECVE-2024-6126 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
ImportantSUSE bug 1222453SUSE bug 1227355CVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
- FIPS: Added more safe memset (bsc#1222811).
- FIPS: Adjusted AES GCM restrictions (bsc#1222830).
- FIPS: Adjusted approved ciphers (bsc#1222813, bsc#1222814, bsc#1222821,
bsc#1222822, bsc#1224118, bsc#1222807, bsc#1222828, bsc#1222834,
bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115,
bsc#1224116).
Update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
ModerateSUSE bug 1218851CVE-2023-46839 at SUSECVE-2023-46839 at NVDcpe:/o:suse:suse-microos:5.1Security update for shadow (Important)SUSE Linux Enterprise Micro 5.1
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:suse:suse-microos:5.1Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.1
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:suse-microos:5.1Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.1
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918).
- CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
The following non-security bugs were fixed:
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213)
- NFS: Clean up directory array handling (bsc#1226662).
- NFS: Clean up nfs_readdir_page_filler() (bsc#1226662).
- NFS: Clean up readdir struct nfs_cache_array (bsc#1226662).
- NFS: Do not discard readdir results (bsc#1226662).
- NFS: Do not overfill uncached readdir pages (bsc#1226662).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662).
- NFS: Fix up directory verifier races (bsc#1226662).
- NFS: Further optimisations for 'ls -l' (bsc#1226662).
- NFS: More readdir cleanups (bsc#1226662).
- NFS: Reduce number of RPC calls when doing uncached readdir (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Support larger readdir buffers (bsc#1226662).
- NFS: Use the 64-bit server readdir cookies when possible (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- X.509: Fix the parser of extended key usage for length (bsc#1218820 bsc#1226666).
- nfs: optimise readdir cache page invalidation (bsc#1226662).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
ImportantSUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1221539SUSE bug 1222728SUSE bug 1222824SUSE bug 1223863SUSE bug 1224918SUSE bug 1225431SUSE bug 1226519SUSE bug 1226550SUSE bug 1226574SUSE bug 1226662SUSE bug 1226666SUSE bug 1227213SUSE bug 1227362SUSE bug 1227487SUSE bug 1227716SUSE bug 1227750SUSE bug 1227810SUSE bug 1227836SUSE bug 1227976SUSE bug 1228013SUSE bug 1228040SUSE bug 1228114SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228743CVE-2021-47126 at SUSECVE-2021-47126 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2021-47291 at SUSECVE-2021-47291 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-setuptools (Important)SUSE Linux Enterprise Micro 5.1
This update for python-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
ModerateSUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:suse:suse-microos:5.1Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.1
This update for kernel-firmware fixes the following issues:
- CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463).
- CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539).
- CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824).
- CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918).
- CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
- CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
The following non-security bugs were fixed:
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213)
- nfs: Clean up directory array handling (bsc#1226662).
- nfs: Clean up nfs_readdir_page_filler() (bsc#1226662).
- nfs: Clean up readdir struct nfs_cache_array (bsc#1226662).
- nfs: Do not discard readdir results (bsc#1226662).
- nfs: Do not overfill uncached readdir pages (bsc#1226662).
- nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662).
- nfs: Fix up directory verifier races (bsc#1226662).
- nfs: Further optimisations for 'ls -l' (bsc#1226662).
- nfs: More readdir cleanups (bsc#1226662).
- nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662).
- nfs: Reduce use of uncached readdir (bsc#1226662).
- nfs: Support larger readdir buffers (bsc#1226662).
- nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662).
- nfs: optimise readdir cache page invalidation (bsc#1226662).
- nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666).
ImportantSUSE bug 1065729SUSE bug 1179610SUSE bug 1186463SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1221539SUSE bug 1222728SUSE bug 1222824SUSE bug 1223863SUSE bug 1224918SUSE bug 1225404SUSE bug 1225431SUSE bug 1226519SUSE bug 1226550SUSE bug 1226574SUSE bug 1226575SUSE bug 1226662SUSE bug 1226666SUSE bug 1226785SUSE bug 1227213SUSE bug 1227362SUSE bug 1227487SUSE bug 1227716SUSE bug 1227750SUSE bug 1227810SUSE bug 1227836SUSE bug 1227976SUSE bug 1228013SUSE bug 1228040SUSE bug 1228114SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228743CVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-47126 at SUSECVE-2021-47126 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2021-47291 at SUSECVE-2021-47291 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDcpe:/o:suse:suse-microos:5.1Security update for runc (Important)SUSE Linux Enterprise Micro 5.1
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968)
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
Other fixes:
- Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311)
ImportantSUSE bug 1212968SUSE bug 1215311SUSE bug 1227322CVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
ImportantSUSE bug 1228574SUSE bug 1228575CVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed sensitive information disclosure in log files in go-retryablehttp (bsc#1227052)
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:suse:suse-microos:5.1Security update for buildah, docker (Critical)SUSE Linux Enterprise Micro 5.1
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
- CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535)
ModerateSUSE bug 1228535SUSE bug 1230093CVE-2024-7264 at SUSECVE-2024-7264 at NVDCVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Important)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:suse:suse-microos:5.1Security update for runc (Low)SUSE Linux Enterprise Micro 5.1
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
ImportantSUSE bug 1176447SUSE bug 1195668SUSE bug 1195928SUSE bug 1195957SUSE bug 1196018SUSE bug 1196516SUSE bug 1196823SUSE bug 1202346SUSE bug 1209636SUSE bug 1209799SUSE bug 1210629SUSE bug 1216834SUSE bug 1222251SUSE bug 1225109SUSE bug 1225584SUSE bug 1227832SUSE bug 1227924SUSE bug 1227928SUSE bug 1227932SUSE bug 1227935SUSE bug 1227941SUSE bug 1227942SUSE bug 1227945SUSE bug 1227952SUSE bug 1227964SUSE bug 1227969SUSE bug 1227985SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227997SUSE bug 1228000SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228015SUSE bug 1228020SUSE bug 1228037SUSE bug 1228045SUSE bug 1228060SUSE bug 1228062SUSE bug 1228066SUSE bug 1228466SUSE bug 1228516SUSE bug 1228576SUSE bug 1228959SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229510SUSE bug 1229512SUSE bug 1229598SUSE bug 1229604SUSE bug 1229607SUSE bug 1229620SUSE bug 1229621SUSE bug 1229624SUSE bug 1229626SUSE bug 1229629SUSE bug 1229630SUSE bug 1229637SUSE bug 1229641SUSE bug 1229657SUSE bug 1229707CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48933 at SUSECVE-2022-48933 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002).
ImportantSUSE bug 1176447SUSE bug 1195668SUSE bug 1195928SUSE bug 1195957SUSE bug 1196018SUSE bug 1196516SUSE bug 1196823SUSE bug 1202346SUSE bug 1209636SUSE bug 1209799SUSE bug 1210629SUSE bug 1216834SUSE bug 1220185SUSE bug 1220186SUSE bug 1222251SUSE bug 1222728SUSE bug 1223948SUSE bug 1225109SUSE bug 1225584SUSE bug 1227832SUSE bug 1227924SUSE bug 1227928SUSE bug 1227932SUSE bug 1227935SUSE bug 1227941SUSE bug 1227942SUSE bug 1227945SUSE bug 1227952SUSE bug 1227964SUSE bug 1227969SUSE bug 1227985SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228015SUSE bug 1228020SUSE bug 1228037SUSE bug 1228045SUSE bug 1228060SUSE bug 1228062SUSE bug 1228066SUSE bug 1228114SUSE bug 1228516SUSE bug 1228576SUSE bug 1228959SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229510SUSE bug 1229512SUSE bug 1229598SUSE bug 1229604SUSE bug 1229607SUSE bug 1229620SUSE bug 1229621SUSE bug 1229624SUSE bug 1229626SUSE bug 1229629SUSE bug 1229630SUSE bug 1229637SUSE bug 1229641SUSE bug 1229657SUSE bug 1229707CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48933 at SUSECVE-2022-48933 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596CVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
The following non-security bugs were fixed:
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)
ImportantSUSE bug 1228002CVE-2022-48791 at SUSECVE-2022-48791 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2024-5642: buffer overread when NPN is used and invalid values are sent to the OpenSSL API. (bsc#1227233)
ModerateSUSE bug 1227233CVE-2024-5642 at SUSECVE-2024-5642 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ModerateSUSE bug 1230366CVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:suse:suse-microos:5.1Security update for python36 (Important)SUSE Linux Enterprise Micro 5.1
This update for python36 fixes the following issues:
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
ImportantSUSE bug 1230227CVE-2024-6232 at SUSECVE-2024-6232 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:suse:suse-microos:5.1Security update for libpcap (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:suse:suse-microos:5.1Security update for opensc (Low)SUSE Linux Enterprise Micro 5.1
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
The following non-security bugs were fixed:
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326).
- ext4: add reserved GDT blocks check (bsc#1230326).
- ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- No -rt specific changes this merge.
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326).
ImportantSUSE bug 1226666SUSE bug 1227487SUSE bug 1229633SUSE bug 1230015SUSE bug 1230245SUSE bug 1230326SUSE bug 1230398SUSE bug 1230434SUSE bug 1230519SUSE bug 1230767CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46695 at SUSECVE-2024-46695 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519).
- CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145).
The following non-security bugs were fixed:
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326).
- ext4: add reserved GDT blocks check (bsc#1230326).
- ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326).
ImportantSUSE bug 1220826SUSE bug 1226145SUSE bug 1226666SUSE bug 1227487SUSE bug 1228466SUSE bug 1229633SUSE bug 1230015SUSE bug 1230245SUSE bug 1230326SUSE bug 1230398SUSE bug 1230434SUSE bug 1230519SUSE bug 1230767CVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46695 at SUSECVE-2024-46695 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622).
- CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624).
Bug fixes:
- Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542).
ImportantSUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
- CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961).
- CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960).
- CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
- kernel-binary: vdso: Own module_dir
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- mkspec-dtb: add toplevel symlinks also on arm
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
ImportantSUSE bug 1195775SUSE bug 1204171SUSE bug 1205796SUSE bug 1209290SUSE bug 1216223SUSE bug 1218562SUSE bug 1219125SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1228743SUSE bug 1229042SUSE bug 1229454SUSE bug 1229456SUSE bug 1230429SUSE bug 1230454SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231887SUSE bug 1231890SUSE bug 1231893SUSE bug 1231895SUSE bug 1231936SUSE bug 1231938SUSE bug 1231942SUSE bug 1231960SUSE bug 1231961SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1232033SUSE bug 1232069SUSE bug 1232070SUSE bug 1232097SUSE bug 1232136SUSE bug 1232145SUSE bug 1232262SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47589: igbvf: fix double free in `igbvf_probe` (bsc#1226557).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
- CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069).
- CVE-2022-48991: khugepaged: retract_page_tables() remember to test exit (bsc#1232070 prerequisity).
- CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961).
- CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
- kernel-binary: vdso: Own module_dir
- mkspec-dtb: add toplevel symlinks also on arm
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
ImportantSUSE bug 1195775SUSE bug 1204171SUSE bug 1205796SUSE bug 1206344SUSE bug 1209290SUSE bug 1216223SUSE bug 1218562SUSE bug 1219125SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226211SUSE bug 1226212SUSE bug 1226557SUSE bug 1228743SUSE bug 1229042SUSE bug 1229454SUSE bug 1229456SUSE bug 1230429SUSE bug 1230454SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231887SUSE bug 1231890SUSE bug 1231893SUSE bug 1231895SUSE bug 1231936SUSE bug 1231938SUSE bug 1231942SUSE bug 1231960SUSE bug 1231961SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1232033SUSE bug 1232069SUSE bug 1232070SUSE bug 1232097SUSE bug 1232136SUSE bug 1232145SUSE bug 1232262SUSE bug 1232280SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Low)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070)
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
- e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778).
- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778).
- net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1198778).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778).
- net: ena: Change the name of bad_csum variable (bsc#1198778).
- net: ena: Extract recurring driver reset code into a function (bsc#1198778).
- net: ena: Flush XDP packets on error (bsc#1198778).
- net: ena: Improve error logging in driver (bsc#1198778).
- net: ena: Move reset completion print to the reset function (bsc#1198778).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
- net: ena: Remove module param and change message severity (bsc#1198778).
- net: ena: Remove redundant return code check (bsc#1198778).
- net: ena: Remove unused code (bsc#1198778).
- net: ena: Set tx_info->xdpf value to NULL (bsc#1198778).
- net: ena: Update XDP verdict upon failure (bsc#1198778).
- net: ena: Use bitmask to indicate packet redirection (bsc#1198778).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
- net: ena: add device distinct log prefix to files (bsc#1198778).
- net: ena: add jiffies of last napi call to stats (bsc#1198778).
- net: ena: aggregate doorbell common operations into a function (bsc#1198778).
- net: ena: aggregate stats increase into a function (bsc#1198778).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
- net: ena: fix coding style nits (bsc#1198778).
- net: ena: fix inaccurate print type (bsc#1198778).
- net: ena: introduce XDP redirect implementation (bsc#1198778).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
- net: ena: re-organize code to improve readability (bsc#1198778).
- net: ena: remove extra words from comments (bsc#1198778).
- net: ena: store values in their appropriate variables types (bsc#1198778).
- net: ena: use build_skb() in RX path (bsc#1198778).
- net: ena: use constant value for net_device allocation (bsc#1198778).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353).
ImportantSUSE bug 1154353SUSE bug 1198778SUSE bug 1218644SUSE bug 1220927SUSE bug 1231939SUSE bug 1231940SUSE bug 1231958SUSE bug 1231962SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1232006SUSE bug 1232163SUSE bug 1232172SUSE bug 1232224SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557CVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52524: net: nfc: llcp: Add lock when modifying device list (bsc#1220927).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
The following non-security bugs were fixed:
- e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778).
- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778).
- net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1198778).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778).
- net: ena: Change the name of bad_csum variable (bsc#1198778).
- net: ena: Extract recurring driver reset code into a function (bsc#1198778).
- net: ena: Flush XDP packets on error (bsc#1198778).
- net: ena: Improve error logging in driver (bsc#1198778).
- net: ena: Move reset completion print to the reset function (bsc#1198778).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
- net: ena: Remove module param and change message severity (bsc#1198778).
- net: ena: Remove redundant return code check (bsc#1198778).
- net: ena: Remove unused code (bsc#1198778).
- net: ena: Set tx_info->xdpf value to NULL (bsc#1198778).
- net: ena: Update XDP verdict upon failure (bsc#1198778).
- net: ena: Use bitmask to indicate packet redirection (bsc#1198778).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
- net: ena: add device distinct log prefix to files (bsc#1198778).
- net: ena: add jiffies of last napi call to stats (bsc#1198778).
- net: ena: aggregate doorbell common operations into a function (bsc#1198778).
- net: ena: aggregate stats increase into a function (bsc#1198778).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
- net: ena: fix coding style nits (bsc#1198778).
- net: ena: fix inaccurate print type (bsc#1198778).
- net: ena: introduce XDP redirect implementation (bsc#1198778).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
- net: ena: re-organize code to improve readability (bsc#1198778).
- net: ena: remove extra words from comments (bsc#1198778).
- net: ena: store values in their appropriate variables types (bsc#1198778).
- net: ena: use build_skb() in RX path (bsc#1198778).
- net: ena: use constant value for net_device allocation (bsc#1198778).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
- tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353).
ImportantSUSE bug 1154353SUSE bug 1198778SUSE bug 1218644SUSE bug 1220927SUSE bug 1231939SUSE bug 1231940SUSE bug 1231958SUSE bug 1231962SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1232006SUSE bug 1232163SUSE bug 1232172SUSE bug 1232224SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557CVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDcpe:/o:suse:suse-microos:5.1Security update for ovmf (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ovmf fixes the following issues:
- CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount (bsc#1225889)
ModerateSUSE bug 1225889CVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Important)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:suse-microos:5.1Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.1
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:suse:suse-microos:5.1Security update for runc (Important)SUSE Linux Enterprise Micro 5.1
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ImportantSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
ImportantSUSE bug 1108281SUSE bug 1193285SUSE bug 1216702SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1219053SUSE bug 1219120SUSE bug 1219412SUSE bug 1219434CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
- CVE-2022-48566: Use CRYPTO_memcmp() for compare_digest (bsc#1214691).
ModerateSUSE bug 1210638SUSE bug 1214691CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
ImportantSUSE bug 1108281SUSE bug 1193285SUSE bug 1215275SUSE bug 1216702SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1219053SUSE bug 1219120SUSE bug 1219412SUSE bug 1219434CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Important)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:suse:suse-microos:5.1Security update for libssh (Important)SUSE Linux Enterprise Micro 5.1
This update for libssh fixes the following issues:
Update to version 0.9.8 (jsc#PED-7719):
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
Update to version 0.9.7:
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
Update to version 0.9.6 (bsc#1189608, CVE-2021-3634):
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6
Update to 0.9.5 (bsc#1174713, CVE-2020-16135):
* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite
Update to version 0.9.4
* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
* Fix possible Denial of Service attack when using AES-CTR-ciphers
CVE-2020-1730 (bsc#1168699)
Update to version 0.9.3
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095)
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
Update to version 0.9.2
* Fixed libssh-config.cmake
* Fixed issues with rsa algorithm negotiation (T191)
* Fixed detection of OpenSSL ed25519 support (T197)
Update to version 0.9.1
* Added support for Ed25519 via OpenSSL
* Added support for X25519 via OpenSSL
* Added support for localuser in Match keyword
* Fixed Match keyword to be case sensitive
* Fixed compilation with LibreSSL
* Fixed error report of channel open (T75)
* Fixed sftp documentation (T137)
* Fixed known_hosts parsing (T156)
* Fixed build issue with MinGW (T157)
* Fixed build with gcc 9 (T164)
* Fixed deprecation issues (T165)
* Fixed known_hosts directory creation (T166)
- Split out configuration to separate package to not mess up the
library packaging and coinstallation
Update to verion 0.9.0
* Added support for AES-GCM
* Added improved rekeying support
* Added performance improvements
* Disabled blowfish support by default
* Fixed several ssh config parsing issues
* Added support for DH Group Exchange KEX
* Added support for Encrypt-then-MAC mode
* Added support for parsing server side configuration file
* Added support for ECDSA/Ed25519 certificates
* Added FIPS 140-2 compatibility
* Improved known_hosts parsing
* Improved documentation
* Improved OpenSSL API usage for KEX, DH, and signatures
- Add libssh client and server config files
ImportantSUSE bug 1158095SUSE bug 1168699SUSE bug 1174713SUSE bug 1189608SUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-16135 at SUSECVE-2020-16135 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDCVE-2021-3634 at SUSECVE-2021-3634 at NVDCVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:suse:suse-microos:5.1Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.1
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Important)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Important)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:suse:suse-microos:5.1Security update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:suse-microos:5.1Security update for tar (Low)SUSE Linux Enterprise Micro 5.1
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:suse:suse-microos:5.1Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.1
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:suse:suse-microos:5.1Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.1
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:suse-microos:5.1Security update for sudo (Important)SUSE Linux Enterprise Micro 5.1
This update for sudo fixes the following issues:
- CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026).
Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389).
ImportantSUSE bug 1219026SUSE bug 1220389CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
ImportantSUSE bug 1219666CVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
The following non-security bugs were fixed:
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1155518SUSE bug 1184436SUSE bug 1185988SUSE bug 1186286SUSE bug 1200599SUSE bug 1207653SUSE bug 1212514SUSE bug 1213456SUSE bug 1216223SUSE bug 1218195SUSE bug 1218689SUSE bug 1218915SUSE bug 1219127SUSE bug 1219128SUSE bug 1219146SUSE bug 1219295SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219915SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220253SUSE bug 1220255SUSE bug 1220328SUSE bug 1220330SUSE bug 1220344SUSE bug 1220398SUSE bug 1220409SUSE bug 1220416SUSE bug 1220418SUSE bug 1220421SUSE bug 1220436SUSE bug 1220444SUSE bug 1220459SUSE bug 1220469SUSE bug 1220482SUSE bug 1220526SUSE bug 1220538SUSE bug 1220570SUSE bug 1220572SUSE bug 1220599SUSE bug 1220627SUSE bug 1220641SUSE bug 1220649SUSE bug 1220660SUSE bug 1220700SUSE bug 1220735SUSE bug 1220736SUSE bug 1220737SUSE bug 1220742SUSE bug 1220745SUSE bug 1220767SUSE bug 1220796SUSE bug 1220825SUSE bug 1220826SUSE bug 1220831SUSE bug 1220845SUSE bug 1220860SUSE bug 1220863SUSE bug 1220870SUSE bug 1220917SUSE bug 1220918SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1221039SUSE bug 1221040CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2020-36777 at SUSECVE-2020-36777 at NVDCVE-2020-36784 at SUSECVE-2020-36784 at NVDCVE-2021-46904 at SUSECVE-2021-46904 at NVDCVE-2021-46905 at SUSECVE-2021-46905 at NVDCVE-2021-46906 at SUSECVE-2021-46906 at NVDCVE-2021-46915 at SUSECVE-2021-46915 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46953 at SUSECVE-2021-46953 at NVDCVE-2021-46964 at SUSECVE-2021-46964 at NVDCVE-2021-46966 at SUSECVE-2021-46966 at NVDCVE-2021-46968 at SUSECVE-2021-46968 at NVDCVE-2021-46974 at SUSECVE-2021-46974 at NVDCVE-2021-46989 at SUSECVE-2021-46989 at NVDCVE-2021-47005 at SUSECVE-2021-47005 at NVDCVE-2021-47012 at SUSECVE-2021-47012 at NVDCVE-2021-47013 at SUSECVE-2021-47013 at NVDCVE-2021-47054 at SUSECVE-2021-47054 at NVDCVE-2021-47060 at SUSECVE-2021-47060 at NVDCVE-2021-47061 at SUSECVE-2021-47061 at NVDCVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2021-47076 at SUSECVE-2021-47076 at NVDCVE-2021-47078 at SUSECVE-2021-47078 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
The following non-security bugs were fixed:
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk.
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1200599SUSE bug 1207653SUSE bug 1212514SUSE bug 1213456SUSE bug 1216223SUSE bug 1218195SUSE bug 1218689SUSE bug 1218915SUSE bug 1219127SUSE bug 1219128SUSE bug 1219146SUSE bug 1219295SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219915SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220253SUSE bug 1220255SUSE bug 1220328SUSE bug 1220330SUSE bug 1220344SUSE bug 1220398SUSE bug 1220409SUSE bug 1220416SUSE bug 1220418SUSE bug 1220421SUSE bug 1220436SUSE bug 1220444SUSE bug 1220459SUSE bug 1220469SUSE bug 1220482SUSE bug 1220526SUSE bug 1220538SUSE bug 1220570SUSE bug 1220572SUSE bug 1220599SUSE bug 1220627SUSE bug 1220641SUSE bug 1220649SUSE bug 1220660SUSE bug 1220689SUSE bug 1220700SUSE bug 1220735SUSE bug 1220736SUSE bug 1220737SUSE bug 1220742SUSE bug 1220745SUSE bug 1220767SUSE bug 1220796SUSE bug 1220825SUSE bug 1220826SUSE bug 1220831SUSE bug 1220845SUSE bug 1220860SUSE bug 1220863SUSE bug 1220870SUSE bug 1220917SUSE bug 1220918SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1221039SUSE bug 1221040CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2020-36777 at SUSECVE-2020-36777 at NVDCVE-2020-36784 at SUSECVE-2020-36784 at NVDCVE-2021-46904 at SUSECVE-2021-46904 at NVDCVE-2021-46905 at SUSECVE-2021-46905 at NVDCVE-2021-46906 at SUSECVE-2021-46906 at NVDCVE-2021-46915 at SUSECVE-2021-46915 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46953 at SUSECVE-2021-46953 at NVDCVE-2021-46964 at SUSECVE-2021-46964 at NVDCVE-2021-46966 at SUSECVE-2021-46966 at NVDCVE-2021-46968 at SUSECVE-2021-46968 at NVDCVE-2021-46974 at SUSECVE-2021-46974 at NVDCVE-2021-46989 at SUSECVE-2021-46989 at NVDCVE-2021-47005 at SUSECVE-2021-47005 at NVDCVE-2021-47012 at SUSECVE-2021-47012 at NVDCVE-2021-47013 at SUSECVE-2021-47013 at NVDCVE-2021-47054 at SUSECVE-2021-47054 at NVDCVE-2021-47060 at SUSECVE-2021-47060 at NVDCVE-2021-47061 at SUSECVE-2021-47061 at NVDCVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2021-47076 at SUSECVE-2021-47076 at NVDCVE-2021-47078 at SUSECVE-2021-47078 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865).
ModerateSUSE bug 1218865CVE-2023-5981 at SUSECVE-2023-5981 at NVDCVE-2024-0553 at SUSECVE-2024-0553 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:suse:suse-microos:5.1Security update for vim (Important)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).
Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1219885CVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.1
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
ImportantSUSE bug 1238591SUSE bug 1239625SUSE bug 1239637CVE-2023-40403 at SUSECVE-2023-40403 at NVDCVE-2024-55549 at SUSECVE-2024-55549 at NVDCVE-2025-24855 at SUSECVE-2025-24855 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
ModerateSUSE bug 1238879CVE-2025-27516 at SUSECVE-2025-27516 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
ImportantSUSE bug 1239330CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker, docker-stable (Important)SUSE Linux Enterprise Micro 5.1
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
ImportantSUSE bug 1237367SUSE bug 1239185SUSE bug 1239322CVE-2024-23650 at SUSECVE-2024-23650 at NVDCVE-2024-29018 at SUSECVE-2024-29018 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDcpe:/o:suse:suse-microos:5.1Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.1
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
ModerateSUSE bug 1234452cpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
ImportantSUSE bug 1239618CVE-2024-8176 at SUSECVE-2024-8176 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867).
- CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
- CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969).
ImportantSUSE bug 1065729SUSE bug 1179878SUSE bug 1180814SUSE bug 1185762SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197227SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200217SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1203769SUSE bug 1207186SUSE bug 1209547SUSE bug 1210647SUSE bug 1213167SUSE bug 1224867SUSE bug 1225742SUSE bug 1230326SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1235433SUSE bug 1235528SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237723SUSE bug 1237726SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237746SUSE bug 1237748SUSE bug 1237752SUSE bug 1237778SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237788SUSE bug 1237798SUSE bug 1237810SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237823SUSE bug 1237829SUSE bug 1237831SUSE bug 1237839SUSE bug 1237840SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237903SUSE bug 1237916SUSE bug 1237918SUSE bug 1237932SUSE bug 1237940SUSE bug 1237941SUSE bug 1237951SUSE bug 1237954SUSE bug 1237958SUSE bug 1237963SUSE bug 1237983SUSE bug 1237984SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1238000SUSE bug 1238007SUSE bug 1238013SUSE bug 1238022SUSE bug 1238030SUSE bug 1238036SUSE bug 1238046SUSE bug 1238071SUSE bug 1238079SUSE bug 1238096SUSE bug 1238099SUSE bug 1238103SUSE bug 1238108SUSE bug 1238111SUSE bug 1238123SUSE bug 1238126SUSE bug 1238131SUSE bug 1238135SUSE bug 1238139SUSE bug 1238146SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238177SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238235SUSE bug 1238236SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238249SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238269SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238284SUSE bug 1238289SUSE bug 1238293SUSE bug 1238306SUSE bug 1238307SUSE bug 1238313SUSE bug 1238327SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238343SUSE bug 1238372SUSE bug 1238373SUSE bug 1238377SUSE bug 1238382SUSE bug 1238386SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238413SUSE bug 1238416SUSE bug 1238417SUSE bug 1238419SUSE bug 1238420SUSE bug 1238429SUSE bug 1238430SUSE bug 1238435SUSE bug 1238441SUSE bug 1238443SUSE bug 1238454SUSE bug 1238462SUSE bug 1238467SUSE bug 1238469SUSE bug 1238539SUSE bug 1238543SUSE bug 1238546SUSE bug 1238599SUSE bug 1238600SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238633SUSE bug 1238635SUSE bug 1238638SUSE bug 1238639SUSE bug 1238641SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238653SUSE bug 1238655SUSE bug 1238663SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238805SUSE bug 1238809SUSE bug 1238814SUSE bug 1238815SUSE bug 1238819SUSE bug 1238821SUSE bug 1238822SUSE bug 1238823SUSE bug 1238825SUSE bug 1238835SUSE bug 1238838SUSE bug 1238868SUSE bug 1238869SUSE bug 1238871SUSE bug 1238892SUSE bug 1238893SUSE bug 1238911SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238948SUSE bug 1238949SUSE bug 1238952SUSE bug 1239001SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239454SUSE bug 1239969SUSE bug 1240207SUSE bug 1240213SUSE bug 1240218SUSE bug 1240227SUSE bug 1240272SUSE bug 1240276SUSE bug 1240288CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-47248 at SUSECVE-2021-47248 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49446 at SUSECVE-2022-49446 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867).
- CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
- CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969).
ImportantSUSE bug 1065729SUSE bug 1179878SUSE bug 1180814SUSE bug 1185762SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197227SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200217SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1203769SUSE bug 1207186SUSE bug 1209547SUSE bug 1210647SUSE bug 1213167SUSE bug 1224867SUSE bug 1225742SUSE bug 1230326SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1235433SUSE bug 1235528SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237723SUSE bug 1237726SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237746SUSE bug 1237748SUSE bug 1237752SUSE bug 1237778SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237788SUSE bug 1237798SUSE bug 1237810SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237823SUSE bug 1237829SUSE bug 1237831SUSE bug 1237839SUSE bug 1237840SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237903SUSE bug 1237916SUSE bug 1237918SUSE bug 1237932SUSE bug 1237940SUSE bug 1237941SUSE bug 1237951SUSE bug 1237954SUSE bug 1237958SUSE bug 1237963SUSE bug 1237983SUSE bug 1237984SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1238000SUSE bug 1238007SUSE bug 1238013SUSE bug 1238022SUSE bug 1238030SUSE bug 1238036SUSE bug 1238046SUSE bug 1238071SUSE bug 1238079SUSE bug 1238096SUSE bug 1238099SUSE bug 1238103SUSE bug 1238108SUSE bug 1238111SUSE bug 1238123SUSE bug 1238126SUSE bug 1238131SUSE bug 1238135SUSE bug 1238139SUSE bug 1238146SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238177SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238235SUSE bug 1238236SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238249SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238269SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238284SUSE bug 1238289SUSE bug 1238293SUSE bug 1238306SUSE bug 1238307SUSE bug 1238313SUSE bug 1238327SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238343SUSE bug 1238372SUSE bug 1238373SUSE bug 1238377SUSE bug 1238386SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238413SUSE bug 1238416SUSE bug 1238417SUSE bug 1238419SUSE bug 1238420SUSE bug 1238429SUSE bug 1238430SUSE bug 1238435SUSE bug 1238441SUSE bug 1238443SUSE bug 1238454SUSE bug 1238462SUSE bug 1238467SUSE bug 1238469SUSE bug 1238539SUSE bug 1238543SUSE bug 1238546SUSE bug 1238599SUSE bug 1238600SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238633SUSE bug 1238635SUSE bug 1238638SUSE bug 1238639SUSE bug 1238641SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238653SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238805SUSE bug 1238809SUSE bug 1238814SUSE bug 1238815SUSE bug 1238819SUSE bug 1238821SUSE bug 1238822SUSE bug 1238823SUSE bug 1238825SUSE bug 1238835SUSE bug 1238838SUSE bug 1238868SUSE bug 1238869SUSE bug 1238871SUSE bug 1238892SUSE bug 1238893SUSE bug 1238911SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238948SUSE bug 1238949SUSE bug 1238952SUSE bug 1239001SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239454SUSE bug 1239969SUSE bug 1240207SUSE bug 1240213SUSE bug 1240218SUSE bug 1240227SUSE bug 1240272SUSE bug 1240276SUSE bug 1240288CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-47248 at SUSECVE-2021-47248 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49446 at SUSECVE-2022-49446 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:suse-microos:5.1Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.1
This update for dnsmasq fixes the following issues:
- Version update to 2.90:
- CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823)
- CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826)
ImportantSUSE bug 1200344SUSE bug 1207174SUSE bug 1214884SUSE bug 1219823SUSE bug 1219826SUSE bug 1235517CVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.1
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
ModerateSUSE bug 1232234CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:suse-microos:5.1Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.1
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
ModerateSUSE bug 1239749CVE-2024-40635 at SUSECVE-2024-40635 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for mozjs60 fixes the following issues:
- CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837).
ModerateSUSE bug 1234837CVE-2024-56431 at SUSECVE-2024-56431 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
ModerateSUSE bug 1241453SUSE bug 1241551CVE-2025-32414 at SUSECVE-2025-32414 at NVDCVE-2025-32415 at SUSECVE-2025-32415 at NVDcpe:/o:suse:suse-microos:5.1Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
ModerateSUSE bug 1241020SUSE bug 1241078SUSE bug 1241189CVE-2025-29087 at SUSECVE-2025-29087 at NVDCVE-2025-29088 at SUSECVE-2025-29088 at NVDCVE-2025-3277 at SUSECVE-2025-3277 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
ModerateSUSE bug 1240897CVE-2025-3360 at SUSECVE-2025-3360 at NVDcpe:/o:suse:suse-microos:5.1Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.1
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
ModerateSUSE bug 1241678CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:suse-microos:5.1Security update for rsync (Important)SUSE Linux Enterprise Micro 5.1
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
ImportantSUSE bug 1234101SUSE bug 1234102SUSE bug 1234103SUSE bug 1234104SUSE bug 1235475SUSE bug 1235895CVE-2024-12085 at SUSECVE-2024-12085 at NVDCVE-2024-12086 at SUSECVE-2024-12086 at NVDCVE-2024-12087 at SUSECVE-2024-12087 at NVDCVE-2024-12088 at SUSECVE-2024-12088 at NVDCVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
ImportantSUSE bug 1207034SUSE bug 1207878SUSE bug 1221980SUSE bug 1234931SUSE bug 1235433SUSE bug 1237984SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1240210SUSE bug 1240308SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241404SUSE bug 1241405SUSE bug 1241407SUSE bug 1241408CVE-2020-36789 at SUSECVE-2020-36789 at NVDCVE-2021-47163 at SUSECVE-2021-47163 at NVDCVE-2021-47668 at SUSECVE-2021-47668 at NVDCVE-2021-47669 at SUSECVE-2021-47669 at NVDCVE-2021-47670 at SUSECVE-2021-47670 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
ModerateSUSE bug 1228634SUSE bug 1232533SUSE bug 1241012SUSE bug 1241045CVE-2025-32728 at SUSECVE-2025-32728 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49111: Bluetooth: Fix use after free in hci_send_acl (bsc#1237984).
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
ImportantSUSE bug 1207034SUSE bug 1207878SUSE bug 1221980SUSE bug 1234931SUSE bug 1235433SUSE bug 1237984SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1240210SUSE bug 1240308SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241404SUSE bug 1241405SUSE bug 1241407SUSE bug 1241408CVE-2020-36789 at SUSECVE-2020-36789 at NVDCVE-2021-47163 at SUSECVE-2021-47163 at NVDCVE-2021-47668 at SUSECVE-2021-47668 at NVDCVE-2021-47669 at SUSECVE-2021-47669 at NVDCVE-2021-47670 at SUSECVE-2021-47670 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)
- CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
- Updates for functional issues.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2)
| ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2)
| GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6
| LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3
| EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5
| GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3
| MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores
| TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile
| TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile
ModerateSUSE bug 1243123CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-43420 at SUSECVE-2024-43420 at NVDCVE-2024-45332 at SUSECVE-2024-45332 at NVDCVE-2025-20012 at SUSECVE-2025-20012 at NVDCVE-2025-20054 at SUSECVE-2025-20054 at NVDCVE-2025-20103 at SUSECVE-2025-20103 at NVDCVE-2025-20623 at SUSECVE-2025-20623 at NVDCVE-2025-24495 at SUSECVE-2025-24495 at NVDcpe:/o:suse:suse-microos:5.1Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
- Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
ModerateSUSE bug 1237147SUSE bug 1237180SUSE bug 1241938SUSE bug 1243106CVE-2025-22247 at SUSECVE-2025-22247 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-setuptools (Important)SUSE Linux Enterprise Micro 5.1
This update for python-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
ImportantSUSE bug 1243313CVE-2025-47273 at SUSECVE-2025-47273 at NVDcpe:/o:suse:suse-microos:5.1Security update for brotli (Moderate)SUSE Linux Enterprise Micro 5.1
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
ModerateSUSE bug 1175825CVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:suse:suse-microos:5.1Security update for augeas (Low)SUSE Linux Enterprise Micro 5.1
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
LowSUSE bug 1239909CVE-2025-2588 at SUSECVE-2025-2588 at NVDcpe:/o:suse:suse-microos:5.1Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.1
This update for iputils fixes the following issues:
Security fixes:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300).
Other bug fixes:
- Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284).
ModerateSUSE bug 1242300SUSE bug 1243284CVE-2025-47268 at SUSECVE-2025-47268 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Important)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
ImportantSUSE bug 1234128SUSE bug 1243317CVE-2025-4802 at SUSECVE-2025-4802 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
ModerateSUSE bug 1234282SUSE bug 1238043SUSE bug 1243117CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2025-1713 at SUSECVE-2025-1713 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
ModerateSUSE bug 1243273CVE-2025-4516 at SUSECVE-2025-4516 at NVDcpe:/o:suse:suse-microos:5.1Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
ModerateSUSE bug 1242844CVE-2025-4373 at SUSECVE-2025-4373 at NVDcpe:/o:suse:suse-microos:5.1Security update for sysstat (Moderate)SUSE Linux Enterprise Micro 5.1
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
ModerateSUSE bug 1202473SUSE bug 1205224SUSE bug 1211507CVE-2022-39377 at SUSECVE-2022-39377 at NVDCVE-2023-33204 at SUSECVE-2023-33204 at NVDcpe:/o:suse:suse-microos:5.1Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.1
This update for grub2 fixes the following issues:
- CVE-2023-4692: nfs: out-of-bounds write at fs/ntfs.c may lead to unsigned code execution (bsc#1215935).
- CVE-2023-4693: nfs: out-of-bounds read at fs/ntfs.c (bsc#1215936).
- CVE-2024-45774: heap overflows in JPEG parser (bsc#1233609).
- CVE-2024-45775: missing NULL check in extcmd parser (bsc#1233610).
- CVE-2024-45776: overflow in .MO file (gettext) handling (bsc#1233612).
- CVE-2024-45777: integer overflow in gettext (bsc#1233613).
- CVE-2024-45778: bfs filesystem not fuzzing stable (bsc#1233606).
- CVE-2024-45779: bfs: heap overflow (bsc#1233608).
- CVE-2024-45780: overflow in tar/cpio (bsc#1233614).
- CVE-2024-45781: ufs: strcpy overflow (bsc#1233617).
- CVE-2024-45782: hfs: strcpy overflow (bsc#1233615).
- CVE-2024-45783: hfsplus: refcount overflow (bsc#1233616).
- CVE-2024-56737: heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem (bsc#1234958).
- CVE-2025-0622: command/gpg: Use-after-free due to hooks not being removed on module unload (bsc#1236317).
- CVE-2025-0624: net: Out-of-bounds write in grub_net_search_config_file() (bsc#1236316).
- CVE-2025-0677: ufs: Integer overflow may lead to heap based out-of-bounds write when handling symlinks (bsc#1237002).
- CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data (bsc#1237006).
- CVE-2025-0684: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237008).
- CVE-2025-0685: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237009).
- CVE-2025-0686: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data (bsc#1237010).
- CVE-2025-0689: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution (bsc#1237011).
- CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write (bsc#1237012).
- CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure boot is enabled (bsc#1237013).
- CVE-2025-1125: fs/hfs: Interger overflow may lead to heap based out-of-bounds write (bsc#1237014).
Other bugfixes:
- Bump upstream SBAT generation to 5
ImportantSUSE bug 1215935SUSE bug 1215936SUSE bug 1233606SUSE bug 1233608SUSE bug 1233609SUSE bug 1233610SUSE bug 1233612SUSE bug 1233613SUSE bug 1233614SUSE bug 1233615SUSE bug 1233616SUSE bug 1233617SUSE bug 1234958SUSE bug 1236316SUSE bug 1236317SUSE bug 1237002SUSE bug 1237006SUSE bug 1237008SUSE bug 1237009SUSE bug 1237010SUSE bug 1237011SUSE bug 1237012SUSE bug 1237013SUSE bug 1237014CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDCVE-2024-45774 at SUSECVE-2024-45774 at NVDCVE-2024-45775 at SUSECVE-2024-45775 at NVDCVE-2024-45776 at SUSECVE-2024-45776 at NVDCVE-2024-45777 at SUSECVE-2024-45777 at NVDCVE-2024-45778 at SUSECVE-2024-45778 at NVDCVE-2024-45779 at SUSECVE-2024-45779 at NVDCVE-2024-45780 at SUSECVE-2024-45780 at NVDCVE-2024-45781 at SUSECVE-2024-45781 at NVDCVE-2024-45782 at SUSECVE-2024-45782 at NVDCVE-2024-45783 at SUSECVE-2024-45783 at NVDCVE-2024-56737 at SUSECVE-2024-56737 at NVDCVE-2025-0622 at SUSECVE-2025-0622 at NVDCVE-2025-0624 at SUSECVE-2025-0624 at NVDCVE-2025-0677 at SUSECVE-2025-0677 at NVDCVE-2025-0678 at SUSECVE-2025-0678 at NVDCVE-2025-0684 at SUSECVE-2025-0684 at NVDCVE-2025-0685 at SUSECVE-2025-0685 at NVDCVE-2025-0686 at SUSECVE-2025-0686 at NVDCVE-2025-0689 at SUSECVE-2025-0689 at NVDCVE-2025-0690 at SUSECVE-2025-0690 at NVDCVE-2025-1118 at SUSECVE-2025-1118 at NVDCVE-2025-1125 at SUSECVE-2025-1125 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611).
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2024-56705: media: atomisp: add check for rgby_data memory allocation failure (bsc#1235568).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22028: media: vimc: skip .s_stream() for stopped entities (bsc#1241362).
- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37846: arm64: mops: Do not dereference src reg for a set operation (bsc#1242963).
- CVE-2025-40364: io_uring: fix io_req_prep_async with provided buffers (bsc#1241637).
The following non-security bugs were fixed:
- blk: Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139).
- x86/entry: Remove skip_r11rcx (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745)
- kernel: Remove debug flavor (bsc#1243919).
- devm-helpers: Add resource managed version of work init (bsc#1242745).
- rpm: fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- workqueue: Add resource managed version of delayed work init (bsc#1242745)
ImportantSUSE bug 1154353SUSE bug 1170891SUSE bug 1173139SUSE bug 1184350SUSE bug 1184611SUSE bug 1185010SUSE bug 1190358SUSE bug 1190428SUSE bug 1201644SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1207198SUSE bug 1210337SUSE bug 1213476SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1235568SUSE bug 1237981SUSE bug 1238032SUSE bug 1238394SUSE bug 1238471SUSE bug 1240802SUSE bug 1241362SUSE bug 1241593SUSE bug 1241637SUSE bug 1242145SUSE bug 1242147SUSE bug 1242150SUSE bug 1242154SUSE bug 1242215SUSE bug 1242232SUSE bug 1242245SUSE bug 1242264SUSE bug 1242270SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242366SUSE bug 1242378SUSE bug 1242385SUSE bug 1242387SUSE bug 1242391SUSE bug 1242392SUSE bug 1242402SUSE bug 1242409SUSE bug 1242416SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242455SUSE bug 1242464SUSE bug 1242473SUSE bug 1242481SUSE bug 1242484SUSE bug 1242493SUSE bug 1242527SUSE bug 1242542SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242551SUSE bug 1242580SUSE bug 1242597SUSE bug 1242686SUSE bug 1242689SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242736SUSE bug 1242745SUSE bug 1242749SUSE bug 1242762SUSE bug 1242835SUSE bug 1242963SUSE bug 1243919CVE-2020-36790 at SUSECVE-2020-36790 at NVDCVE-2020-36791 at SUSECVE-2020-36791 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2024-56705 at SUSECVE-2024-56705 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22028 at SUSECVE-2025-22028 at NVDCVE-2025-22121 at SUSECVE-2025-22121 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37846 at SUSECVE-2025-37846 at NVDCVE-2025-40364 at SUSECVE-2025-40364 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745).
- devm-helpers: Add resource managed version of work init (bsc#1242745).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- workqueue: Add resource managed version of delayed work init (bsc#1242745).
- Remove debug flavor (bsc#1243919).
ImportantSUSE bug 1154353SUSE bug 1156395SUSE bug 1170891SUSE bug 1173139SUSE bug 1184350SUSE bug 1184611SUSE bug 1185010SUSE bug 1188772SUSE bug 1189883SUSE bug 1190358SUSE bug 1190428SUSE bug 1201644SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1207198SUSE bug 1209657SUSE bug 1210337SUSE bug 1213476SUSE bug 1214842SUSE bug 1216702SUSE bug 1220754SUSE bug 1220985SUSE bug 1221015SUSE bug 1221044SUSE bug 1223932SUSE bug 1224099SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224831SUSE bug 1224832SUSE bug 1224834SUSE bug 1224841SUSE bug 1224843SUSE bug 1224846SUSE bug 1224849SUSE bug 1224854SUSE bug 1224859SUSE bug 1224882SUSE bug 1224889SUSE bug 1224891SUSE bug 1224892SUSE bug 1224893SUSE bug 1224904SUSE bug 1225360SUSE bug 1225411SUSE bug 1231193SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1238471SUSE bug 1240802SUSE bug 1242145SUSE bug 1242147SUSE bug 1242150SUSE bug 1242154SUSE bug 1242215SUSE bug 1242232SUSE bug 1242245SUSE bug 1242264SUSE bug 1242270SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242366SUSE bug 1242378SUSE bug 1242385SUSE bug 1242387SUSE bug 1242391SUSE bug 1242392SUSE bug 1242402SUSE bug 1242409SUSE bug 1242416SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242455SUSE bug 1242464SUSE bug 1242473SUSE bug 1242481SUSE bug 1242484SUSE bug 1242493SUSE bug 1242527SUSE bug 1242542SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242551SUSE bug 1242580SUSE bug 1242597SUSE bug 1242686SUSE bug 1242689SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242736SUSE bug 1242745SUSE bug 1242749SUSE bug 1242762SUSE bug 1242835SUSE bug 1243919CVE-2020-36790 at SUSECVE-2020-36790 at NVDCVE-2020-36791 at SUSECVE-2020-36791 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47220 at SUSECVE-2021-47220 at NVDCVE-2021-47229 at SUSECVE-2021-47229 at NVDCVE-2021-47231 at SUSECVE-2021-47231 at NVDCVE-2021-47236 at SUSECVE-2021-47236 at NVDCVE-2021-47239 at SUSECVE-2021-47239 at NVDCVE-2021-47240 at SUSECVE-2021-47240 at NVDCVE-2021-47246 at SUSECVE-2021-47246 at NVDCVE-2021-47252 at SUSECVE-2021-47252 at NVDCVE-2021-47255 at SUSECVE-2021-47255 at NVDCVE-2021-47260 at SUSECVE-2021-47260 at NVDCVE-2021-47288 at SUSECVE-2021-47288 at NVDCVE-2021-47296 at SUSECVE-2021-47296 at NVDCVE-2021-47314 at SUSECVE-2021-47314 at NVDCVE-2021-47315 at SUSECVE-2021-47315 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
ModerateSUSE bug 1244039CVE-2024-47081 at SUSECVE-2024-47081 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam (Important)SUSE Linux Enterprise Micro 5.1
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
ImportantSUSE bug 1243226SUSE bug 1244509CVE-2025-6018 at SUSECVE-2025-6018 at NVDCVE-2025-6020 at SUSECVE-2025-6020 at NVDcpe:/o:suse:suse-microos:5.1Security update for systemd (Important)SUSE Linux Enterprise Micro 5.1
This update for systemd fixes the following issues:
- CVE-2025-4598: Race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
- CVE-2023-26604: Privilege escalation via the less pager (bsc#1208958).
- CVE-2022-4415: systemd-coredump was not respecting fs.suid_dumpable kernel setting (bsc#1205000).
Other bugfixes:
- clarify passno and noauto combination in /etc/fstab (bsc#1211725)
- handle -EINTR return from bus_poll() (bsc#1215241)
- /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
ImportantSUSE bug 1205000SUSE bug 1208958SUSE bug 1211576SUSE bug 1211725SUSE bug 1215241SUSE bug 1243935CVE-2022-4415 at SUSECVE-2022-4415 at NVDCVE-2023-26604 at SUSECVE-2023-26604 at NVDCVE-2025-4598 at SUSECVE-2025-4598 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
The following non-security bugs were fixed:
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
ImportantSUSE bug 1215304SUSE bug 1220927SUSE bug 1220937SUSE bug 1230697SUSE bug 1232436SUSE bug 1234281SUSE bug 1234690SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234963SUSE bug 1235004SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235246SUSE bug 1235480SUSE bug 1235584CVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:suse-microos:5.1Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
ModerateSUSE bug 1244079CVE-2025-40909 at SUSECVE-2025-40909 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam_pkcs11 (Important)SUSE Linux Enterprise Micro 5.1
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:suse-microos:5.1Security update for ignition (Important)SUSE Linux Enterprise Micro 5.1
This update for ignition fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192).
ImportantSUSE bug 1239192CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2025-4516: CPython DecodeError Handling Vulnerability (bsc#1243273)
Other fixes:
- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
migration (bsc#1233012)
- Update vendored ipaddress module to 3.8 equivalent
- Limit buffer size for IPv6 address parsing (bsc#1244401).
ModerateSUSE bug 1233012SUSE bug 1243273SUSE bug 1244401CVE-2025-4516 at SUSECVE-2025-4516 at NVDcpe:/o:suse:suse-microos:5.1Security update for icu (Important)SUSE Linux Enterprise Micro 5.1
This update for icu fixes the following issues:
- CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721).
ImportantSUSE bug 1161007SUSE bug 1167603SUSE bug 1193951SUSE bug 1243721CVE-2020-21913 at SUSECVE-2020-21913 at NVDCVE-2025-5222 at SUSECVE-2025-5222 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam-config (Important)SUSE Linux Enterprise Micro 5.1
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:suse-microos:5.1Recommended update for podman (Moderate)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- Added patch to remove using rw as a default mount option (bsc#1239776)
ModerateSUSE bug 1239776CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:suse-microos:5.1Security update for sudo (Important)SUSE Linux Enterprise Micro 5.1
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
ImportantSUSE bug 1245274CVE-2025-32462 at SUSECVE-2025-32462 at NVDcpe:/o:suse:suse-microos:5.1Security update for runc (Low)SUSE Linux Enterprise Micro 5.1
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
ModerateSUSE bug 1228776SUSE bug 1239602CVE-2024-41965 at SUSECVE-2024-41965 at NVDCVE-2025-29768 at SUSECVE-2025-29768 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
ImportantSUSE bug 1244554SUSE bug 1244557SUSE bug 1244590SUSE bug 1244700CVE-2025-49794 at SUSECVE-2025-49794 at NVDCVE-2025-49796 at SUSECVE-2025-49796 at NVDCVE-2025-6021 at SUSECVE-2025-6021 at NVDCVE-2025-6170 at SUSECVE-2025-6170 at NVDcpe:/o:suse:suse-microos:5.1Security update for libssh (Important)SUSE Linux Enterprise Micro 5.1
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
ImportantSUSE bug 1245309SUSE bug 1245310SUSE bug 1245311SUSE bug 1245314CVE-2025-4877 at SUSECVE-2025-4877 at NVDCVE-2025-4878 at SUSECVE-2025-4878 at NVDCVE-2025-5318 at SUSECVE-2025-5318 at NVDCVE-2025-5372 at SUSECVE-2025-5372 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
ModerateSUSE bug 1239765SUSE bug 1240150SUSE bug 1241830SUSE bug 1242114SUSE bug 1243833SUSE bug 1244035CVE-2025-0495 at SUSECVE-2025-0495 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
The following non-security bugs were fixed:
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
ImportantSUSE bug 1215304SUSE bug 1220927SUSE bug 1220937SUSE bug 1230697SUSE bug 1232436SUSE bug 1234281SUSE bug 1234690SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234963SUSE bug 1235004SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235246SUSE bug 1235480SUSE bug 1235584CVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch')
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- drop ax25 drivers (bsc#1238471).
- drop hamradio drivers (bsc#1238471).
- drop netrom drivers (bsc#1238471).
- drop rose drivers (bsc#1238471).
- kabi/severities: workaround kABI checker complains after AX25 and HAMRADIO removals KABI: symbol asc2ax(mod:net/ax25/ax25) lost KABI: symbol ax25_bcast(mod:net/ax25/ax25) lost KABI: symbol ax25_defaddr(mod:net/ax25/ax25) lost KABI: symbol ax25_display_timer(mod:net/ax25/ax25) lost KABI: symbol ax25_find_cb(mod:net/ax25/ax25) lost KABI: symbol ax25_findbyuid(mod:net/ax25/ax25) lost KABI: symbol ax25_header_ops(mod:net/ax25/ax25) lost KABI: symbol ax25_ip_xmit(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_register(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_release(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_register(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_release(mod:net/ax25/ax25) lost KABI: symbol ax25_protocol_release(mod:net/ax25/ax25) lost KABI: symbol ax25_register_pid(mod:net/ax25/ax25) lost KABI: symbol ax25_send_frame(mod:net/ax25/ax25) lost KABI: symbol ax25_uid_policy(mod:net/ax25/ax25) lost KABI: symbol ax25cmp(mod:net/ax25/ax25) lost KABI: symbol ax2asc(mod:net/ax25/ax25) lost KABI: symbol hdlcdrv_arbitrate(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_receiver(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_register(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_transmitter(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_unregister(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol null_ax25_address(mod:net/ax25/ax25) lost
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). When compiler different from the one which was used to configure the kernel is used to build modules a warning is issued and the build continues. This could be turned into an error but that would be too restrictive. The generated kernel-devel makefile could set the compiler but then the main Makefile as to be patched to assign CC with ?= This causes run_oldconfig failure on SUSE-2024 and kbuild config check failure on SUSE-2025. This cannot be hardcoded to one version in a regular patch because the value is expected to be configurable at mkspec time. Patch the Makefile after aplyin patches in rpm prep step instead. A check is added to verify that the sed command did indeed apply the change.
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag.
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202810SUSE bug 1202860SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1211226SUSE bug 1212051SUSE bug 1218184SUSE bug 1224095SUSE bug 1225820SUSE bug 1226514SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238471SUSE bug 1238570SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242414SUSE bug 1242504SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244337SUSE bug 1244764SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244782SUSE bug 1244783SUSE bug 1244786SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244804SUSE bug 1244813SUSE bug 1244815SUSE bug 1244816SUSE bug 1244825SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244841SUSE bug 1244842SUSE bug 1244845SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244856SUSE bug 1244861SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244885SUSE bug 1244886SUSE bug 1244887SUSE bug 1244899SUSE bug 1244901SUSE bug 1244902SUSE bug 1244908SUSE bug 1244936SUSE bug 1244941SUSE bug 1244943SUSE bug 1244945SUSE bug 1244948SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244976SUSE bug 1244979SUSE bug 1244984SUSE bug 1244986SUSE bug 1244992SUSE bug 1245006SUSE bug 1245007SUSE bug 1245024SUSE bug 1245031SUSE bug 1245033SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245072SUSE bug 1245073SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245183SUSE bug 1245195SUSE bug 1245265SUSE bug 1245348SUSE bug 1245455CVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50091 at SUSECVE-2022-50091 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:suse-microos:5.1Security update for xen (Important)SUSE Linux Enterprise Micro 5.1
This update for xen fixes the following issues:
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
ImportantSUSE bug 1238896SUSE bug 1244644SUSE bug 1246112CVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2025-27465 at SUSECVE-2025-27465 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202810SUSE bug 1202860SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1211226SUSE bug 1212051SUSE bug 1218184SUSE bug 1224095SUSE bug 1225820SUSE bug 1226514SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238471SUSE bug 1238570SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242414SUSE bug 1242504SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244337SUSE bug 1244764SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244782SUSE bug 1244783SUSE bug 1244786SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244804SUSE bug 1244813SUSE bug 1244815SUSE bug 1244816SUSE bug 1244825SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244841SUSE bug 1244842SUSE bug 1244845SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244856SUSE bug 1244861SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244885SUSE bug 1244886SUSE bug 1244887SUSE bug 1244899SUSE bug 1244901SUSE bug 1244902SUSE bug 1244908SUSE bug 1244936SUSE bug 1244941SUSE bug 1244943SUSE bug 1244945SUSE bug 1244948SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244976SUSE bug 1244979SUSE bug 1244984SUSE bug 1244986SUSE bug 1244992SUSE bug 1245006SUSE bug 1245007SUSE bug 1245024SUSE bug 1245031SUSE bug 1245033SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245072SUSE bug 1245073SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245183SUSE bug 1245195SUSE bug 1245265SUSE bug 1245348SUSE bug 1245455CVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50091 at SUSECVE-2022-50091 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:suse-microos:5.1Security update for coreutils (Moderate)SUSE Linux Enterprise Micro 5.1
This update for coreutils fixes the following issues:
Security fixes:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
Other fixes:
- ls: avoid triggering automounts (bsc#1221632)
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
ModerateSUSE bug 1219321SUSE bug 1221632SUSE bug 1243767CVE-2025-5278 at SUSECVE-2025-5278 at NVDcpe:/o:suse:suse-microos:5.1Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.1
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
ModerateSUSE bug 1243450CVE-2024-23337 at SUSECVE-2024-23337 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Important)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
ImportantSUSE bug 1244032SUSE bug 1244056SUSE bug 1244059SUSE bug 1244060SUSE bug 1244061SUSE bug 1244705CVE-2024-12718 at SUSECVE-2024-12718 at NVDCVE-2025-4138 at SUSECVE-2025-4138 at NVDCVE-2025-4330 at SUSECVE-2025-4330 at NVDCVE-2025-4435 at SUSECVE-2025-4435 at NVDCVE-2025-4517 at SUSECVE-2025-4517 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDcpe:/o:suse:suse-microos:5.1Security update for polkit (Important)SUSE Linux Enterprise Micro 5.1
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
ImportantSUSE bug 1246472CVE-2025-7519 at SUSECVE-2025-7519 at NVDcpe:/o:suse:suse-microos:5.1Security update for salt (Important)SUSE Linux Enterprise Micro 5.1
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2024-38822: Fixed Minion token validation (bsc#1244561)
- CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)
- CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)
- CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)
- CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)
- CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)
- CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)
- CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)
- CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)
- CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574)
- CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)
- CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)
- Other bugs fixed:
- Added subsystem filter to udev.exportdb (bsc#1236621)
- Fixed Ubuntu 24.04 test failures
- Fixed refresh of osrelease and related grains on Python 3.10+
- Fixed issue requiring proper Python flavor for dependencies
ImportantSUSE bug 1236621SUSE bug 1243268SUSE bug 1244561SUSE bug 1244564SUSE bug 1244565SUSE bug 1244566SUSE bug 1244567SUSE bug 1244568SUSE bug 1244570SUSE bug 1244571SUSE bug 1244572SUSE bug 1244574SUSE bug 1244575CVE-2024-38822 at SUSECVE-2024-38822 at NVDCVE-2024-38823 at SUSECVE-2024-38823 at NVDCVE-2024-38824 at SUSECVE-2024-38824 at NVDCVE-2024-38825 at SUSECVE-2024-38825 at NVDCVE-2025-22236 at SUSECVE-2025-22236 at NVDCVE-2025-22237 at SUSECVE-2025-22237 at NVDCVE-2025-22238 at SUSECVE-2025-22238 at NVDCVE-2025-22239 at SUSECVE-2025-22239 at NVDCVE-2025-22240 at SUSECVE-2025-22240 at NVDCVE-2025-22241 at SUSECVE-2025-22241 at NVDCVE-2025-22242 at SUSECVE-2025-22242 at NVDCVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:suse-microos:5.1Security update for boost (Important)SUSE Linux Enterprise Micro 5.1
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
ImportantSUSE bug 1245936CVE-2016-9840 at SUSECVE-2016-9840 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
ImportantSUSE bug 1246232SUSE bug 1246267SUSE bug 1246299CVE-2025-32988 at SUSECVE-2025-32988 at NVDCVE-2025-32990 at SUSECVE-2025-32990 at NVDCVE-2025-6395 at SUSECVE-2025-6395 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
ImportantSUSE bug 1246296CVE-2025-7425 at SUSECVE-2025-7425 at NVDcpe:/o:suse:suse-microos:5.1Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.1
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
ImportantSUSE bug 1246597CVE-2025-6965 at SUSECVE-2025-6965 at NVDcpe:/o:suse:suse-microos:5.1Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ModerateSUSE bug 1234959CVE-2024-56738 at SUSECVE-2024-56738 at NVDcpe:/o:suse:suse-microos:5.1Security update for dpkg (Moderate)SUSE Linux Enterprise Micro 5.1
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
ModerateSUSE bug 1245573CVE-2025-6297 at SUSECVE-2025-6297 at NVDcpe:/o:suse:suse-microos:5.1Security update for libgcrypt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
ModerateSUSE bug 1221107CVE-2024-2236 at SUSECVE-2024-2236 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249).
ModerateSUSE bug 1247249CVE-2025-8194 at SUSECVE-2025-8194 at NVDcpe:/o:suse:suse-microos:5.1Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.1
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
Other bugfixes:
- Fixed ping on s390x that printed invalid ttl (bsc#1243284).
ModerateSUSE bug 1243284SUSE bug 1243772CVE-2025-48964 at SUSECVE-2025-48964 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
ImportantSUSE bug 1245320CVE-2025-6032 at SUSECVE-2025-6032 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50211: md-raid10: fix KASAN warning (bsc#1245140).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
ImportantSUSE bug 1210629SUSE bug 1233551SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1239644SUSE bug 1242414SUSE bug 1242417SUSE bug 1245140SUSE bug 1245217SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246186SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349CVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
ImportantSUSE bug 1233551SUSE bug 1234863SUSE bug 1236333SUSE bug 1239644SUSE bug 1242414SUSE bug 1242417SUSE bug 1245217SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246186SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349CVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-Jinja2 (Important)SUSE Linux Enterprise Micro 5.1
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
- Update to Docker 28.3.3-ce.
- CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367)
ModerateSUSE bug 1246556SUSE bug 1247367CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:suse-microos:5.1Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.1
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
ModerateSUSE bug 1244116CVE-2025-48060 at SUSECVE-2025-48060 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.1
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
ModerateSUSE bug 1232234SUSE bug 1246221CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
ModerateSUSE bug 1244925CVE-2025-50181 at SUSECVE-2025-50181 at NVDcpe:/o:suse:suse-microos:5.1Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ignition fixes the following issues:
- CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input (bsc#1248548)
ModerateSUSE bug 1248548CVE-2022-28948 at SUSECVE-2022-28948 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
ImportantSUSE bug 1236460CVE-2022-49043 at SUSECVE-2022-49043 at NVDcpe:/o:suse:suse-microos:5.1Security update for python-future (Important)SUSE Linux Enterprise Micro 5.1
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
ImportantSUSE bug 1248124CVE-2025-50817 at SUSECVE-2025-50817 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
| GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
| ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
| LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
| MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases:
All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
ImportantSUSE bug 1248438CVE-2025-20053 at SUSECVE-2025-20053 at NVDCVE-2025-20109 at SUSECVE-2025-20109 at NVDCVE-2025-22839 at SUSECVE-2025-22839 at NVDCVE-2025-22840 at SUSECVE-2025-22840 at NVDCVE-2025-22889 at SUSECVE-2025-22889 at NVDCVE-2025-26403 at SUSECVE-2025-26403 at NVDCVE-2025-32086 at SUSECVE-2025-32086 at NVDcpe:/o:suse:suse-microos:5.1Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic
standards.
To avoid problems with those, SUSE has by default now disabled those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in `krb5.conf`:
```
[libdefaults]
allow_des3 = true
allow_rc4 = true
```
ModerateSUSE bug 1241219CVE-2025-3576 at SUSECVE-2025-3576 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
ModerateSUSE bug 1246602SUSE bug 1246604SUSE bug 1247938SUSE bug 1247939CVE-2025-53905 at SUSECVE-2025-53905 at NVDCVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2025-55157 at SUSECVE-2025-55157 at NVDCVE-2025-55158 at SUSECVE-2025-55158 at NVDcpe:/o:suse:suse-microos:5.1Security update for net-tools (Moderate)SUSE Linux Enterprise Micro 5.1
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
ModerateSUSE bug 1243581SUSE bug 1246608SUSE bug 1248410SUSE bug 1248687SUSE bug 142461CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Important)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954).
- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- Disable N_GSM (jsc#PED-8240).
ImportantSUSE bug 1199657SUSE bug 1229334SUSE bug 1238954SUSE bug 1240799SUSE bug 1241433SUSE bug 1242780SUSE bug 1243278SUSE bug 1244824SUSE bug 1245970SUSE bug 1246073SUSE bug 1246473SUSE bug 1246781SUSE bug 1246911SUSE bug 1247143SUSE bug 1247314SUSE bug 1247374SUSE bug 1247437SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248306SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954).
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- Disable N_GSM (bsc#1244824 jsc#PED-8240).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
ImportantSUSE bug 1229334SUSE bug 1238954SUSE bug 1240799SUSE bug 1241433SUSE bug 1242780SUSE bug 1243278SUSE bug 1244824SUSE bug 1245970SUSE bug 1246073SUSE bug 1246473SUSE bug 1246781SUSE bug 1246911SUSE bug 1247143SUSE bug 1247314SUSE bug 1247374SUSE bug 1247437SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248306SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:suse-microos:5.1Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.1
This update for open-vm-tools fixes the following issues:
- CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373).
ImportantSUSE bug 1250373CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:suse-microos:5.1Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ignition fixes the following issues:
CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518)
ModerateSUSE bug 1236518CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libxslt fixes the following issues:
- CVE-2025-10911: fixed use-after-free with key data stored cross-RVT (bsc#1250553)
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2025-9566: fixed an issue where kube play command could cause host files to get overwritten (bsc#1249154)
ImportantSUSE bug 1249154CVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:suse-microos:5.1Security update for expat (Important)SUSE Linux Enterprise Micro 5.1
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
ModerateSUSE bug 1226463SUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libxslt fixes the following issues:
- last fix caused a regression, patch was temporary disabled [bsc#1250553]
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
- CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
- CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140).
- CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186)
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186)
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206883SUSE bug 1206884SUSE bug 1209287SUSE bug 1209291SUSE bug 1210124SUSE bug 1210584SUSE bug 1213061SUSE bug 1213666SUSE bug 1215150SUSE bug 1216976SUSE bug 1220185SUSE bug 1220186SUSE bug 1240784SUSE bug 1241353SUSE bug 1243278SUSE bug 1244337SUSE bug 1245110SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247172SUSE bug 1247239SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248847SUSE bug 1249186SUSE bug 1249200SUSE bug 1249220SUSE bug 1249346SUSE bug 1249538SUSE bug 1249604SUSE bug 1249664SUSE bug 1249667SUSE bug 1249700SUSE bug 1249713SUSE bug 1249716SUSE bug 1249718SUSE bug 1249734SUSE bug 1249740SUSE bug 1249743SUSE bug 1249747SUSE bug 1249808SUSE bug 1249825SUSE bug 1249827SUSE bug 1249840SUSE bug 1249846SUSE bug 1249880SUSE bug 1249885SUSE bug 1249908SUSE bug 1249918SUSE bug 1249923SUSE bug 1249930SUSE bug 1249947SUSE bug 1249949SUSE bug 1250002SUSE bug 1250009SUSE bug 1250014SUSE bug 1250041SUSE bug 1250131SUSE bug 1250132SUSE bug 1250140SUSE bug 1250180SUSE bug 1250183SUSE bug 1250187SUSE bug 1250257SUSE bug 1250269SUSE bug 1250277SUSE bug 1250301SUSE bug 1250313SUSE bug 1250391SUSE bug 1250392SUSE bug 1250394SUSE bug 1250522SUSE bug 1250764SUSE bug 1250767SUSE bug 1250774SUSE bug 1250787SUSE bug 1250790SUSE bug 1250797SUSE bug 1250799SUSE bug 1250823SUSE bug 1250847SUSE bug 1250850SUSE bug 1250853SUSE bug 1250868SUSE bug 1250890SUSE bug 1250891CVE-2021-4460 at SUSECVE-2021-4460 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-21969 at SUSECVE-2025-21969 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
- CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
- CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140).
- CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- git_sort: Make tests independent of environment.
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- scripts/python/kss-dashboard: attempt getting smash data
- scripts/python/kss-dashboard: fetch into repos if stale
- scripts/python/kss-dashboard: implement CVSSv3.1 score consistency check
- scripts/python/kss-dashboard: prepare for the alternative CVE branch
- scripts/python/kss-dashboard: simplify control flow
- scripts/python/kss-dashboard: speed up patch checking a bit
- scripts/python/kss-dashboard: use decorator to handle exceptions
- scripts/tar-up: Remove mkspec only affter running it.
- scripts: Import arch-symbols script from packaging
- scripts: Import guards script from packaging
- scripts: test_linux_git.py: Do not complain about missing cwd
- sequence-patch: Use arch-symbols
- suse_git/header: Complain about patch filenames over 100 characters.
- tar-up: Also sort generated tar archives
- tar-up: Handle multiple levels of symlinks
- tar-up: Normalize file modes to ones supported by git
- tar-up: Remove mkspec and its inputs as from target directory (bsc#1250522).
- tar-up: Remove the $build_dir prefix when in $build_dir
- tar-up: Set owner of files in generated tar archives to root rather than nobody
- tar_up: Handle symlinks in rpm directory
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206883SUSE bug 1206884SUSE bug 1209287SUSE bug 1209291SUSE bug 1210124SUSE bug 1210584SUSE bug 1213061SUSE bug 1213666SUSE bug 1215150SUSE bug 1216976SUSE bug 1220185SUSE bug 1220186SUSE bug 1233640SUSE bug 1240784SUSE bug 1241353SUSE bug 1243278SUSE bug 1244337SUSE bug 1244729SUSE bug 1245110SUSE bug 1245956SUSE bug 1245963SUSE bug 1246879SUSE bug 1246968SUSE bug 1247172SUSE bug 1247239SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248847SUSE bug 1249186SUSE bug 1249200SUSE bug 1249220SUSE bug 1249346SUSE bug 1249538SUSE bug 1249604SUSE bug 1249664SUSE bug 1249667SUSE bug 1249700SUSE bug 1249713SUSE bug 1249716SUSE bug 1249718SUSE bug 1249734SUSE bug 1249740SUSE bug 1249743SUSE bug 1249747SUSE bug 1249808SUSE bug 1249825SUSE bug 1249827SUSE bug 1249840SUSE bug 1249846SUSE bug 1249880SUSE bug 1249885SUSE bug 1249908SUSE bug 1249918SUSE bug 1249923SUSE bug 1249930SUSE bug 1249947SUSE bug 1249949SUSE bug 1250002SUSE bug 1250009SUSE bug 1250014SUSE bug 1250041SUSE bug 1250131SUSE bug 1250132SUSE bug 1250140SUSE bug 1250180SUSE bug 1250183SUSE bug 1250187SUSE bug 1250189SUSE bug 1250257SUSE bug 1250269SUSE bug 1250277SUSE bug 1250301SUSE bug 1250313SUSE bug 1250337SUSE bug 1250391SUSE bug 1250392SUSE bug 1250394SUSE bug 1250522SUSE bug 1250764SUSE bug 1250767SUSE bug 1250774SUSE bug 1250787SUSE bug 1250790SUSE bug 1250797SUSE bug 1250799SUSE bug 1250823SUSE bug 1250847SUSE bug 1250850SUSE bug 1250853SUSE bug 1250868SUSE bug 1250890SUSE bug 1250891CVE-2021-4460 at SUSECVE-2021-4460 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50412 at SUSECVE-2022-50412 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53220 at SUSECVE-2023-53220 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-21969 at SUSECVE-2025-21969 at NVDCVE-2025-38011 at SUSECVE-2025-38011 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38216 at SUSECVE-2025-38216 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDcpe:/o:suse:suse-microos:5.1Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.1
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
ModerateSUSE bug 1236588SUSE bug 1236590CVE-2025-0167 at SUSECVE-2025-0167 at NVDCVE-2025-0725 at SUSECVE-2025-0725 at NVDcpe:/o:suse:suse-microos:5.1Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.1
This update for protobuf fixes the following issues:
- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
messages can lead to crash due to a `RecursionError` (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.1
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function that could cause a denial of service (bsc#1251979)
ImportantSUSE bug 1251979CVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:suse-microos:5.1Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.1
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1.
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
ImportantSUSE bug 1251263CVE-2025-9187 at SUSECVE-2025-9187 at NVDcpe:/o:suse:suse-microos:5.1Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.1
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
ModerateSUSE bug 1246974SUSE bug 1249375CVE-2025-8114 at SUSECVE-2025-8114 at NVDCVE-2025-8277 at SUSECVE-2025-8277 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
ImportantSUSE bug 1248988SUSE bug 1252376SUSE bug 1252543CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
ModerateSUSE bug 1236705CVE-2025-0938 at SUSECVE-2025-0938 at NVDcpe:/o:suse:suse-microos:5.1Security update for libtasn1 (Important)SUSE Linux Enterprise Micro 5.1
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
ImportantSUSE bug 1236878CVE-2024-12133 at SUSECVE-2024-12133 at NVDcpe:/o:suse:suse-microos:5.1Security update for glibc (Low)SUSE Linux Enterprise Micro 5.1
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
LowSUSE bug 1236282CVE-2025-0395 at SUSECVE-2025-0395 at NVDcpe:/o:suse:suse-microos:5.1Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.1
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
- CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
- CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
ModerateSUSE bug 1237096CVE-2024-31068 at SUSECVE-2024-31068 at NVDCVE-2024-36293 at SUSECVE-2024-36293 at NVDCVE-2024-37020 at SUSECVE-2024-37020 at NVDCVE-2024-39355 at SUSECVE-2024-39355 at NVDcpe:/o:suse:suse-microos:5.1Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.1
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
ModerateSUSE bug 1237040CVE-2025-26465 at SUSECVE-2025-26465 at NVDcpe:/o:suse:suse-microos:5.1Security update for qemu (Important)SUSE Linux Enterprise Micro 5.1
This update for qemu fixes the following issues:
- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915).
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007).
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845).
Other fixes:
- Fix ipxe build with new binutils (bsc#1219733, bsc#1219722).
ImportantSUSE bug 1219722SUSE bug 1219733SUSE bug 1222845SUSE bug 1229007SUSE bug 1230915CVE-2024-3447 at SUSECVE-2024-3447 at NVDCVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:suse:suse-microos:5.1Security update for pam_pkcs11 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062).
- CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to
crash (bsc#1237058).
ModerateSUSE bug 1237058SUSE bug 1237062CVE-2025-24031 at SUSECVE-2025-24031 at NVDCVE-2025-24032 at SUSECVE-2025-24032 at NVDcpe:/o:suse:suse-microos:5.1Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.1
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
ModerateSUSE bug 1229685SUSE bug 1229822SUSE bug 1230078SUSE bug 1235695SUSE bug 1236151SUSE bug 1237137CVE-2024-43790 at SUSECVE-2024-43790 at NVDCVE-2024-43802 at SUSECVE-2024-43802 at NVDCVE-2024-45306 at SUSECVE-2024-45306 at NVDCVE-2025-1215 at SUSECVE-2025-1215 at NVDCVE-2025-22134 at SUSECVE-2025-22134 at NVDCVE-2025-24014 at SUSECVE-2025-24014 at NVDcpe:/o:suse:suse-microos:5.1Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.1
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
ModerateSUSE bug 1236974CVE-2024-12243 at SUSECVE-2024-12243 at NVDcpe:/o:suse:suse-microos:5.1Security update for procps (Important)SUSE Linux Enterprise Micro 5.1
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
ImportantSUSE bug 1214290SUSE bug 1236842CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:suse-microos:5.1Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.1
This update for ovmf fixes the following issues:
- CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages.
(bsc#1218879)
- CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880)
- CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881)
- CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882)
- CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883)
- CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message.
(bsc#1218884)
- CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message.
(bsc#1218885)
ImportantSUSE bug 1218879SUSE bug 1218880SUSE bug 1218881SUSE bug 1218882SUSE bug 1218883SUSE bug 1218884SUSE bug 1218885CVE-2023-45229 at SUSECVE-2023-45229 at NVDCVE-2023-45230 at SUSECVE-2023-45230 at NVDCVE-2023-45231 at SUSECVE-2023-45231 at NVDCVE-2023-45232 at SUSECVE-2023-45232 at NVDCVE-2023-45233 at SUSECVE-2023-45233 at NVDCVE-2023-45234 at SUSECVE-2023-45234 at NVDCVE-2023-45235 at SUSECVE-2023-45235 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847, bsc#1231847, bsc#1237389).
- NFS: Reduce readdir stack usage (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).
ImportantSUSE bug 1215420SUSE bug 1224763SUSE bug 1231847SUSE bug 1233112SUSE bug 1234025SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235441SUSE bug 1235466SUSE bug 1235645SUSE bug 1235759SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1236104SUSE bug 1237389CVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDcpe:/o:suse:suse-microos:5.1Security update for podman (Important)SUSE Linux Enterprise Micro 5.1
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
- CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
- CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
- CVE-2024-6104: Fixed hashicorp/go-retryablehttp writing sensitive information to log files (bsc#1227052)
- CVE-2023-45288: Fixed golang.org/x/net/http2 excessive resource consumption when receiving too many headers (bsc#1236507)
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
* Required for rootless mode as a regular user has no permission
to load kernel modules
- Refactor network backend dependencies:
* podman requires either netavark or cni-plugins. On ALP, require
netavark, otherwise prefer netavark but don't force it.
* This fixes missing cni-plugins in some scenarios
* Default to netavark everywhere where it's available
ImportantSUSE bug 1214612SUSE bug 1215807SUSE bug 1215926SUSE bug 1217828SUSE bug 1221677SUSE bug 1227052SUSE bug 1231208SUSE bug 1231230SUSE bug 1231499SUSE bug 1231698SUSE bug 1236270SUSE bug 1236507SUSE bug 1237641CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-11218 at SUSECVE-2024-11218 at NVDCVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDCVE-2024-9676 at SUSECVE-2024-9676 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:suse-microos:5.1Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.1
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
ModerateSUSE bug 1234089SUSE bug 1237335CVE-2024-29018 at SUSECVE-2024-29018 at NVDcpe:/o:suse:suse-microos:5.1Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.1
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
ModerateSUSE bug 1236619CVE-2025-24528 at SUSECVE-2025-24528 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
ImportantSUSE bug 1215420SUSE bug 1224700SUSE bug 1225742SUSE bug 1232919SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236757SUSE bug 1236761SUSE bug 1236821SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237768SUSE bug 1238033CVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:suse-microos:5.1Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.1
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus -revert (bsc#1237160).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Reduce readdir stack usage (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
ImportantSUSE bug 1215420SUSE bug 1224700SUSE bug 1224763SUSE bug 1225742SUSE bug 1231847SUSE bug 1232919SUSE bug 1233112SUSE bug 1234025SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235441SUSE bug 1235466SUSE bug 1235645SUSE bug 1235759SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1236104SUSE bug 1236757SUSE bug 1236761SUSE bug 1236821SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237160SUSE bug 1237389SUSE bug 1237768SUSE bug 1238033CVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:suse-microos:5.1Security update for python3 (Low)SUSE Linux Enterprise Micro 5.1
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
LowSUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:suse-microos:5.1Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.1
This update for libxml2 fixes the following issues:
- CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363).
- CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418).
ImportantSUSE bug 1237363SUSE bug 1237370SUSE bug 1237418CVE-2024-56171 at SUSECVE-2024-56171 at NVDCVE-2025-24928 at SUSECVE-2025-24928 at NVDCVE-2025-27113 at SUSECVE-2025-27113 at NVDcpe:/o:suse:suse-microos:5.1Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.1
This update for rsync fixes the following issues:
- CVE-2024-12747: Fixed race condition in handling symbolic links (bsc#1235475)
- Broken rsyncd after protocol bump, regression reported (bsc#1237187).
- Bump protocol version to 32 - make it easier to show server is patched.
ModerateSUSE bug 1235475SUSE bug 1237187CVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:suse-microos:5.1Security update for freetype2 (Important)SUSE Linux Enterprise Micro 5.1
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
ImportantSUSE bug 1239465CVE-2025-27363 at SUSECVE-2025-27363 at NVDcpe:/o:suse:suse-microos:5.1Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.2
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
ModerateSUSE bug 1195258CVE-2021-22570 at SUSECVE-2021-22570 at NVDcpe:/o:suse:suse-microos:5.2Security update for zlib (Important)SUSE Linux Enterprise Micro 5.2
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
ImportantSUSE bug 1197459CVE-2018-25032 at SUSECVE-2018-25032 at NVDcpe:/o:suse:suse-microos:5.2Security update for yaml-cpp (Moderate)SUSE Linux Enterprise Micro 5.2
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
ModerateSUSE bug 1121227SUSE bug 1121230SUSE bug 1122004SUSE bug 1122021CVE-2018-20573 at SUSECVE-2018-20573 at NVDCVE-2018-20574 at SUSECVE-2018-20574 at NVDCVE-2019-6285 at SUSECVE-2019-6285 at NVDCVE-2019-6292 at SUSECVE-2019-6292 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
Mozilla NSS 3.68.3 (bsc#1197903):
- CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11
tokens are removed while in use.
ImportantSUSE bug 1197903CVE-2022-1097 at SUSECVE-2022-1097 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsolv, libzypp, zypper (Important)SUSE Linux Enterprise Micro 5.2
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
ImportantSUSE bug 1184501SUSE bug 1194848SUSE bug 1195999SUSE bug 1196061SUSE bug 1196317SUSE bug 1196368SUSE bug 1196514SUSE bug 1196925SUSE bug 1197134cpe:/o:suse:suse-microos:5.2Security update for xz (Important)SUSE Linux Enterprise Micro 5.2
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
ImportantSUSE bug 1198062CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
- CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
- CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
- CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
- ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- block: update io_ticks when io hang (bsc#1197817).
- block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
- bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
- btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
- btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
- btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
- btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
- btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
- btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
- btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
- btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
- btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
- btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
- btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
- crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
- crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
- driver core: dd: fix return value of __setup handler (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
- drm/doc: overview before functions for drm_writeback.c (git-fixes).
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- drm/i915/gem: add missing boundary check in vm_access (git-fixes).
- drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
- drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
- drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- ecryptfs: Fix typo in message (bsc#1197811).
- ext2: correct max file size computing (bsc#1197820).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
- fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
- HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
- iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
- iio: inkern: make a best effort on offset calculation (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- iwlwifi: do not advertise TWT support (git-fixes).
- KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- mac80211: refuse aggregations sessions before authorized (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: hantro: Fix overfill bottom register field name (git-fixes).
- media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
- media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- memory: emif: Add check for setup_interrupts (git-fixes).
- memory: emif: check the pointer temp in get_device_details() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
- mm_zone: add function to check if managed dma zone exists (bsc#1197501).
- mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes).
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes).
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes).
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
- net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: watchdog: hold device global xmit lock during tx disable (git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- net/smc: Reset conn->lgr when link group registration fails (git-fixes).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
- NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
- pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
- pinctrl: samsung: drop pin banks references on error paths (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).
- s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352).
- s390/kexec_file: fix error handling when applying relocations (git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
- s390/module: fix loading modules with a lot of relocations (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
- Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes).
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- usb: bdc: remove duplicated error message (git-fixes).
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes).
- usb: dwc3: qcom: add IRQ check (git-fixes).
- usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
- x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134).
- x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1175667SUSE bug 1177028SUSE bug 1178134SUSE bug 1179639SUSE bug 1180153SUSE bug 1189562SUSE bug 1194649SUSE bug 1195640SUSE bug 1195926SUSE bug 1196018SUSE bug 1196196SUSE bug 1196478SUSE bug 1196761SUSE bug 1196823SUSE bug 1197227SUSE bug 1197243SUSE bug 1197300SUSE bug 1197302SUSE bug 1197331SUSE bug 1197343SUSE bug 1197366SUSE bug 1197389SUSE bug 1197462SUSE bug 1197501SUSE bug 1197534SUSE bug 1197661SUSE bug 1197675SUSE bug 1197702SUSE bug 1197811SUSE bug 1197812SUSE bug 1197815SUSE bug 1197817SUSE bug 1197819SUSE bug 1197820SUSE bug 1197888SUSE bug 1197889SUSE bug 1197894SUSE bug 1197914SUSE bug 1198027SUSE bug 1198028SUSE bug 1198029SUSE bug 1198030SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033CVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-microos:5.2Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.2
This update for dnsmasq fixes the following issues:
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
ImportantSUSE bug 1197872CVE-2022-0934 at SUSECVE-2022-0934 at NVDcpe:/o:suse:suse-microos:5.2Recommended update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
- Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions processed at the same time (bsc#1197637)
- Fix salt-ssh opts poisoning. (bsc#1197637)
- Clear network interfaces cache on grains request. (bsc#1196050)
- Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432)
- Restrict 'state.orchestrate_single' to pass a pillar value if it exists. (bsc#1194632)
ImportantSUSE bug 1182851SUSE bug 1194632SUSE bug 1196050SUSE bug 1196432SUSE bug 1197417SUSE bug 1197533SUSE bug 1197637CVE-2022-22934 at SUSECVE-2022-22934 at NVDCVE-2022-22935 at SUSECVE-2022-22935 at NVDCVE-2022-22936 at SUSECVE-2022-22936 at NVDCVE-2022-22941 at SUSECVE-2022-22941 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823)
- CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227)
- CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028)
- CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027)
- CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030).
- CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029)
- CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031)
- CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032)
- CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033)
- CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331)
- CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702)
- CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761)
- CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462)
- CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366)
- CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343)
The following non-security bugs were fixed:
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes).
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes).
- ACPI: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes).
- ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes).
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018).
- block: update io_ticks when io hang (bsc#1197817).
- block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819).
- bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes).
- bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028).
- btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649).
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649).
- btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649).
- btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649).
- btrfs: check if a log tree exists at inode_logged() (bsc#1194649).
- btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name exists (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649).
- btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649).
- btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649).
- btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649).
- btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649).
- btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649).
- btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: use the correct max-length for dentry_path_raw() (bsc1196196).
- clk: actions: Terminate clk_div_table with sentinel element (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes).
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes).
- crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes).
- crypto: ccree - do not attempt 0 len DMA mappings (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: qat - do not cast parameter in bit operations (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501).
- driver core: dd: fix return value of __setup handler (git-fixes).
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes).
- drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes).
- drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes).
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes).
- drm/doc: overview before functions for drm_writeback.c (git-fixes).
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- drm/i915/gem: add missing boundary check in vm_access (git-fixes).
- drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes).
- drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes).
- drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes).
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes).
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- ecryptfs: Fix typo in message (bsc#1197811).
- ext2: correct max file size computing (bsc#1197820).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes).
- fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815).
- HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259).
- iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is available (git-fixes).
- iio: inkern: make a best effort on offset calculation (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- iwlwifi: do not advertise TWT support (git-fixes).
- KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134).
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- mac80211: refuse aggregations sessions before authorized (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: hantro: Fix overfill bottom register field name (git-fixes).
- media: Revert 'media: em28xx: add missing em28xx_close_extension' (git-fixes).
- media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe() (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame (git-fixes).
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- memory: emif: Add check for setup_interrupts (git-fixes).
- memory: emif: check the pointer temp in get_device_details() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- misc: sgi-gru: Do not cast parameter in bit operations (git-fixes).
- mm_zone: add function to check if managed dma zone exists (bsc#1197501).
- mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes).
- mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes).
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes).
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes).
- net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes).
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018).
- net: watchdog: hold device global xmit lock during tx disable (git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- net/smc: Reset conn->lgr when link group registration fails (git-fixes).
- netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389).
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Do not report writeback errors in nfs_getattr() (git-fixes).
- NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes).
- NFS: Do not skip directory entries when doing uncached readdir (git-fixes).
- NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes).
- NFS: Fix another issue with a list iterator pointing to the head (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes).
- pinctrl: mediatek: paris: Fix 'argument' argument type for mtk_pinconf_get() (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes).
- pinctrl: samsung: drop pin banks references on error paths (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- printk: Add panic_in_progress helper (bsc#1197894).
- printk: disable optimistic spin during panic (bsc#1197894).
- pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes).
- s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes).
- s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352).
- s390/kexec_file: fix error handling when applying relocations (git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions (git-fixes).
- s390/module: fix loading modules with a lot of relocations (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675).
- scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661).
- serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes).
- spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
- team: protect features update by RCU to avoid deadlock (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup() (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes).
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes).
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- usb: bdc: remove duplicated error message (git-fixes).
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes).
- usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes).
- usb: dwc3: qcom: add IRQ check (git-fixes).
- usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes).
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes).
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes).
- x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134).
- x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134).
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134).
- x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134).
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1175667SUSE bug 1177028SUSE bug 1178134SUSE bug 1179639SUSE bug 1180153SUSE bug 1189562SUSE bug 1194625SUSE bug 1194649SUSE bug 1195640SUSE bug 1195926SUSE bug 1196018SUSE bug 1196196SUSE bug 1196478SUSE bug 1196761SUSE bug 1196823SUSE bug 1197227SUSE bug 1197243SUSE bug 1197300SUSE bug 1197302SUSE bug 1197331SUSE bug 1197343SUSE bug 1197366SUSE bug 1197389SUSE bug 1197462SUSE bug 1197501SUSE bug 1197534SUSE bug 1197661SUSE bug 1197675SUSE bug 1197677SUSE bug 1197702SUSE bug 1197811SUSE bug 1197812SUSE bug 1197815SUSE bug 1197817SUSE bug 1197819SUSE bug 1197820SUSE bug 1197888SUSE bug 1197889SUSE bug 1197894SUSE bug 1198027SUSE bug 1198028SUSE bug 1198029SUSE bug 1198030SUSE bug 1198031SUSE bug 1198032SUSE bug 1198033SUSE bug 1198077CVE-2021-45868 at SUSECVE-2021-45868 at NVDCVE-2022-0850 at SUSECVE-2022-0850 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-1011 at SUSECVE-2022-1011 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1055 at SUSECVE-2022-1055 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-1198 at SUSECVE-2022-1198 at NVDCVE-2022-1199 at SUSECVE-2022-1199 at NVDCVE-2022-1205 at SUSECVE-2022-1205 at NVDCVE-2022-27666 at SUSECVE-2022-27666 at NVDCVE-2022-28388 at SUSECVE-2022-28388 at NVDCVE-2022-28389 at SUSECVE-2022-28389 at NVDCVE-2022-28390 at SUSECVE-2022-28390 at NVDcpe:/o:suse:suse-microos:5.2Security update for cifs-utils (Important)SUSE Linux Enterprise Micro 5.2
This update for cifs-utils fixes the following issues:
- CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216).
ImportantSUSE bug 1197216CVE-2022-27239 at SUSECVE-2022-27239 at NVDcpe:/o:suse:suse-microos:5.2Security update for firewalld, golang-github-prometheus-prometheus (Important)SUSE Linux Enterprise Micro 5.2
This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:
Security fixes for golang-github-prometheus-prometheus:
- CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling
requests with non-standard HTTP methods (bsc#1196338).
Other non security changes for golang-github-prometheus-prometheus:
- Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`.
- Only recommends `firewalld-prometheus-config` as prometheus does not require it to run.
- Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)
Other non security changes for firewalld:
- Provide dummy `firewalld-prometheus-config` package (bsc#1197042)
ImportantSUSE bug 1196338SUSE bug 1197042CVE-2022-21698 at SUSECVE-2022-21698 at NVDcpe:/o:suse:suse-microos:5.2Security update for libslirp (Important)SUSE Linux Enterprise Micro 5.2
This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
ImportantSUSE bug 1187364SUSE bug 1187366SUSE bug 1187367SUSE bug 1198773CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that
could cause a denial of service in the host (bsc#1197423).
- CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts
using VT-d IOMMU hardware, which could lead to a denial of service in the host
(bsc#1197425).
- CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory
corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be
leveraged by an attacker to cause a denial of service in the host (bsc#1197426).
ModerateSUSE bug 1197423SUSE bug 1197425SUSE bug 1197426CVE-2022-26356 at SUSECVE-2022-26356 at NVDCVE-2022-26357 at SUSECVE-2022-26357 at NVDCVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDcpe:/o:suse:suse-microos:5.2Security update for tar (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tar fixes the following issues:
- CVE-2021-20193: Fixed a memory leak in read_header() in list.c (bsc#1181131).
- CVE-2019-9923: Fixed a null-pointer dereference in pax_decode_header in sparse.c (bsc#1130496).
- CVE-2018-20482: Fixed infinite read loop in sparse_dump_region in sparse.c (bsc#1120610).
- Update to GNU tar 1.34:
* Fix extraction over pipe
* Fix memory leak in read_header (CVE-2021-20193) (bsc#1181131)
* Fix extraction when . and .. are unreadable
* Gracefully handle duplicate symlinks when extracting
* Re-initialize supplementary groups when switching to user
privileges
- Update to GNU tar 1.33:
* POSIX extended format headers do not include PID by default
* --delay-directory-restore works for archives with reversed
member ordering
* Fix extraction of a symbolic link hardlinked to another
symbolic link
* Wildcards in exclude-vcs-ignore mode don't match slash
* Fix the --no-overwrite-dir option
* Fix handling of chained renames in incremental backups
* Link counting works for file names supplied with -T
* Accept only position-sensitive (file-selection) options in file
list files
- prepare usrmerge (bsc#1029961)
- Update to GNU 1.32
* Fix the use of --checkpoint without explicit --checkpoint-action
* Fix extraction with the -U option
* Fix iconv usage on BSD-based systems
* Fix possible NULL dereference (savannah bug #55369)
[bsc#1130496] [CVE-2019-9923]
* Improve the testsuite
- Update to GNU 1.31
* Fix heap-buffer-overrun with --one-top-level, bug introduced
with the addition of that option in 1.28
* Support for zstd compression
* New option '--zstd' instructs tar to use zstd as compression
program. When listing, extractng and comparing, zstd compressed
archives are recognized automatically. When '-a' option is in
effect, zstd compression is selected if the destination archive
name ends in '.zst' or '.tzst'.
* The -K option interacts properly with member names given in the
command line. Names of members to extract can be specified along
with the '-K NAME' option. In this case, tar will extract NAME
and those of named members that appear in the archive after it,
which is consistent with the semantics of the option. Previous
versions of tar extracted NAME, those of named members that
appeared before it, and everything after it.
* Fix CVE-2018-20482 - When creating archives with the --sparse
option, previous versions of tar would loop endlessly if a
sparse file had been truncated while being archived.
ModerateSUSE bug 1029961SUSE bug 1120610SUSE bug 1130496SUSE bug 1181131CVE-2018-20482 at SUSECVE-2018-20482 at NVDCVE-2019-9923 at SUSECVE-2019-9923 at NVDCVE-2021-20193 at SUSECVE-2021-20193 at NVDcpe:/o:suse:suse-microos:5.2Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libvirt fixes the following issues:
- CVE-2022-0897: Fixed a crash in nwfilter when counting number of network filters (bsc#1197636).
The following non-security bugs were fixed:
- qemu: Improve save operation by increasing pipe size
c61d1e9b-virfile-set-pipe-size.patch,
47d6d185-virfile-fix-indent.patch,
cd7acb33-virfile-report-error.patch
bsc#1196625
- qemu: Directly query KVM for TSC scaling support
5df2c492-use-kvm-for-tsc-scaling.patch
bsc#1193364
ModerateSUSE bug 1193364SUSE bug 1196625SUSE bug 1197636CVE-2022-0897 at SUSECVE-2022-0897 at NVDcpe:/o:suse:suse-microos:5.2Security update for ldb (Low)SUSE Linux Enterprise Micro 5.2
This update for ldb fixes the following issues:
- Update to version 2.4.2
- CVE-2021-3670: Fixed an issue where the LDAP server MaxQueryDuration value
would not be honoured (bsc#1198397).
LowSUSE bug 1198397CVE-2021-3670 at SUSECVE-2021-3670 at NVDcpe:/o:suse:suse-microos:5.2Security update for gzip (Important)SUSE Linux Enterprise Micro 5.2
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
ImportantSUSE bug 1198062SUSE bug 1198922CVE-2022-1271 at SUSECVE-2022-1271 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
ModerateSUSE bug 1198614SUSE bug 1198723SUSE bug 1198766CVE-2022-22576 at SUSECVE-2022-22576 at NVDCVE-2022-27775 at SUSECVE-2022-27775 at NVDCVE-2022-27776 at SUSECVE-2022-27776 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).
- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
- ACPI: processor idle: Check for architectural support for LPI (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
- ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- arm64: dts: ls1028a: fix memory node (git-fixes)
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
- bnx2x: fix napi API usage sequence (bsc#1198217).
- bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
- cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: fix bad fids sent over wire (bsc#1197157).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
- direct-io: defer alignment check until after the EOF check (bsc#1197656).
- direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
- dma-debug: fix return value of __setup handlers (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
- dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
- Documentation: add link to stable release candidate tree (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd: Add USBC connector ID (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: check basic audio support on CEA extension block (git-fixes).
- drm/edid: Do not clear formats if using deep color (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
- drm/mediatek: Add AAL output size configuration (git-fixes).
- drm/mediatek: Fix aal size config (git-fixes).
- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- fibmap: Reject negative block numbers (bsc#1198448).
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
- livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
- media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
- mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
- power: supply: axp20x_battery: properly report current when discharging (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
- random: check for signal_pending() outside of need_resched() check (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
- RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
- rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
- rpm: Use bash for %() expansion (jsc#SLE-18234).
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Handle low memory situations in call_status() (git-fixes).
- USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- USB: dwc3: gadget: Return proper request status (git-fixes).
- USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- video: fbdev: w100fb: Reset global state (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- x86/pm: Save the MSR validity status at context setup (bsc#1198400).
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
- xen: fix is_xen_pmu() (git-fixes).
- xen/blkfront: fix comment for need_copy (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
ImportantSUSE bug 1028340SUSE bug 1071995SUSE bug 1137728SUSE bug 1152472SUSE bug 1152489SUSE bug 1177028SUSE bug 1179878SUSE bug 1182073SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1193556SUSE bug 1193842SUSE bug 1194625SUSE bug 1195651SUSE bug 1195926SUSE bug 1196018SUSE bug 1196114SUSE bug 1196367SUSE bug 1196514SUSE bug 1196639SUSE bug 1196942SUSE bug 1197157SUSE bug 1197391SUSE bug 1197656SUSE bug 1197660SUSE bug 1197677SUSE bug 1197914SUSE bug 1197926SUSE bug 1198077SUSE bug 1198217SUSE bug 1198330SUSE bug 1198400SUSE bug 1198413SUSE bug 1198437SUSE bug 1198448SUSE bug 1198484SUSE bug 1198515SUSE bug 1198516SUSE bug 1198534SUSE bug 1198742SUSE bug 1198825SUSE bug 1198989SUSE bug 1199012SUSE bug 1199024CVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-0707 at SUSECVE-2021-0707 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-4154 at SUSECVE-2021-4154 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDcpe:/o:suse:suse-microos:5.2Security update for openldap2 (Important)SUSE Linux Enterprise Micro 5.2
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
ImportantSUSE bug 1199240CVE-2022-29155 at SUSECVE-2022-29155 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release (bnc#1198515).
- CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNRPC subsystem (bnc#1198330).
- CVE-2022-28748: Fixed memory lead over the network by ax88179_178a devices (bsc#1196018).
- CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect (bsc#1199012).
- CVE-2022-1419: Fixed a concurrency use-after-free in vgem_gem_dumb_create (bsc#1198742).
- CVE-2022-1353: Fixed access controll to kernel memory in the pfkey_register function in net/key/af_key.c (bnc#1198516).
- CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in drivers/gpu/drm/drm_lease.c (bnc#1197914).
- CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the user address (bsc#1197660).
- CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).
- CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system (bnc#1193842).
- CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call (bnc#1187055).
- CVE-2021-20321: Fixed a race condition accessing file object in the OverlayFS subsystem in the way users do rename in specific way with OverlayFS. A local user could have used this flaw to crash the system (bnc#1191647).
- CVE-2021-20292: Fixed object validation prior to performing operations on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem (bnc#1183723).
- CVE-2021-0707: Fixed possible memory corruption due to a use after free inside dma_buf_releas e of dma-buf.c (bnc#1198437).
- CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).
The following non-security bugs were fixed:
- ACPI: processor idle: Check for architectural support for LPI (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020 (git-fixes).
- ALSA: pcm: Test for 'silence' field in struct 'pcm_format_data' (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- arm64: dts: ls1028a: fix memory node (git-fixes)
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m (bsc#1199024).
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for devm_snd_soc_register_component (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai name (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs (git-fixes).
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ath9k: Properly clear TX status area before reporting to mac80211 (git-fixes).
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Make sure bfqg for which we are queueing requests is online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).
- bnx2x: fix napi API usage sequence (bsc#1198217).
- bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- brcmfmac: firmware: Allocate space for default boardrev in nvram (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params (git-fixes).
- cfg80211: hold bss_lock while updating nontrans_list (git-fixes).
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- cifs: fix bad fids sent over wire (bsc#1197157).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).
- direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).
- direct-io: defer alignment check until after the EOF check (bsc#1197656).
- direct-io: do not force writeback for reads beyond EOF (bsc#1197656).
- dma-debug: fix return value of __setup handlers (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).
- dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: Revert 'dmaengine: shdma: Fix runtime PM imbalance on error' (git-fixes).
- Documentation: add link to stable release candidate tree (git-fixes).
- drm: add a locked version of drm_is_current_master (bsc#1197914).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm: drm_file struct kABI compatibility workaround (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock (bsc#1197914).
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm/amd: Add USBC connector ID (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (git-fixes).
- drm/amd/display: do not ignore alpha property on pre-multiplied mode (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array() (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev (git-fixes).
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- drm/edid: check basic audio support on CEA extension block (git-fixes).
- drm/edid: Do not clear formats if using deep color (git-fixes).
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- drm/i915: Call i915_globals_exit() if pci_register_device() fails (git-fixes).
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).
- drm/mediatek: Add AAL output size configuration (git-fixes).
- drm/mediatek: Fix aal size config (git-fixes).
- drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init() (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare (git-fixes).
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
- drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() usage (git-fixes).
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- fibmap: Reject negative block numbers (bsc#1198448).
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).
- firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER (git-fixes).
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).
- livepatch: Do not block removal of patches that are safe to unload (bsc#1071995).
- lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).
- media: cx88-mpeg: clear interrupt status register before streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is missing (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).
- mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is complete (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- net: asix: add proper error handling of usb read errors (git-fixes).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe() (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Use struct_size() helper in mana_gd_create_dma_region() (bsc#1195651).
- net: mcs7830: handle usb read errors properly (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init (git-fixes).
- power: supply: axp20x_battery: properly report current when discharging (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong false return (git-fixes).
- power: supply: wm8350-power: Add missing free in free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for wm8350_register_irq (git-fixes).
- powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).
- powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106, git-fixes).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299).
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (bsc#1198413).
- random: check for signal_pending() outside of need_resched() check (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).
- RDMA/mlx5: Do not remove cache MRs when a delay is needed (jsc#SLE-15175).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (jsc#SLE-15175).
- regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).
- rpm: Run external scriptlets on uninstall only when available (bsc#1196514 bsc#1196114 bsc#1196942).
- rpm: Use bash for %() expansion (jsc#SLE-18234).
- rpm/*.spec.in: remove backtick usage
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926, bsc#1198484)
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378).
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands (git-fixes).
- scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove() (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340 bsc#1198825).
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and controller (git-fixes).
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op() (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree (git-fixes).
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Handle low memory situations in call_status() (git-fixes).
- USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- USB: dwc3: gadget: Return proper request status (git-fixes).
- USB: dwc3: omap: fix 'unbalanced disables for smps10_out1' on omap5evm (git-fixes).
- USB: gadget: uvc: Fix crash when encoding data for usb request (git-fixes).
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c (git-fixes).
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- video: fbdev: w100fb: Reset global state (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- x86/pm: Save the MSR validity status at context setup (bsc#1198400).
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO (git-fixes).
- x86/speculation: Restore speculation related MSRs during S3 resume (bsc#1198400).
- xen: fix is_xen_pmu() (git-fixes).
- xen/blkfront: fix comment for need_copy (git-fixes).
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx() (git-fixes).
ImportantSUSE bug 1028340SUSE bug 1071995SUSE bug 1137728SUSE bug 1152472SUSE bug 1152489SUSE bug 1177028SUSE bug 1179878SUSE bug 1182073SUSE bug 1183723SUSE bug 1187055SUSE bug 1191647SUSE bug 1193556SUSE bug 1193842SUSE bug 1194625SUSE bug 1195651SUSE bug 1195926SUSE bug 1196018SUSE bug 1196114SUSE bug 1196367SUSE bug 1196514SUSE bug 1196639SUSE bug 1196942SUSE bug 1197157SUSE bug 1197391SUSE bug 1197656SUSE bug 1197660SUSE bug 1197677SUSE bug 1197914SUSE bug 1197926SUSE bug 1198077SUSE bug 1198217SUSE bug 1198330SUSE bug 1198400SUSE bug 1198413SUSE bug 1198437SUSE bug 1198448SUSE bug 1198484SUSE bug 1198515SUSE bug 1198516SUSE bug 1198534SUSE bug 1198742SUSE bug 1198825SUSE bug 1198989SUSE bug 1199012SUSE bug 1199024CVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-0707 at SUSECVE-2021-0707 at NVDCVE-2021-20292 at SUSECVE-2021-20292 at NVDCVE-2021-20321 at SUSECVE-2021-20321 at NVDCVE-2021-38208 at SUSECVE-2021-38208 at NVDCVE-2021-4154 at SUSECVE-2021-4154 at NVDCVE-2022-0812 at SUSECVE-2022-0812 at NVDCVE-2022-1158 at SUSECVE-2022-1158 at NVDCVE-2022-1280 at SUSECVE-2022-1280 at NVDCVE-2022-1353 at SUSECVE-2022-1353 at NVDCVE-2022-1419 at SUSECVE-2022-1419 at NVDCVE-2022-1516 at SUSECVE-2022-1516 at NVDCVE-2022-28356 at SUSECVE-2022-28356 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-28893 at SUSECVE-2022-28893 at NVDCVE-2022-29156 at SUSECVE-2022-29156 at NVDcpe:/o:suse:suse-microos:5.2Security update for e2fsprogs (Important)SUSE Linux Enterprise Micro 5.2
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
ImportantSUSE bug 1198446CVE-2022-1304 at SUSECVE-2022-1304 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd, docker (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd, docker fixes the following issues:
- CVE-2022-24769: Fixed incorrect default inheritable capabilities (bsc#1197517).
- CVE-2022-23648: Fixed directory traversal issue (bsc#1196441).
- CVE-2022-27191: Fixed a crash in a golang.org/x/crypto/ssh server (bsc#1197284).
- CVE-2021-43565: Fixed a panic in golang.org/x/crypto by empty plaintext packet (bsc#1193930).
ImportantSUSE bug 1193930SUSE bug 1196441SUSE bug 1197284SUSE bug 1197517CVE-2021-43565 at SUSECVE-2021-43565 at NVDCVE-2022-23648 at SUSECVE-2022-23648 at NVDCVE-2022-24769 at SUSECVE-2022-24769 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220510 release. (bsc#1199423)
Updated to Intel CPU Microcode 20220419 release. (bsc#1198717)
- CVE-2022-21151: Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access (bsc#1199423).
ModerateSUSE bug 1198717SUSE bug 1199423CVE-2022-21151 at SUSECVE-2022-21151 at NVDcpe:/o:suse:suse-microos:5.2Security update for libslirp (Important)SUSE Linux Enterprise Micro 5.2
This update for libslirp fixes the following issues:
- CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364).
- CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367).
- CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366).
- Fix a dhcp regression [bsc#1198773]
ImportantSUSE bug 1187364SUSE bug 1187366SUSE bug 1187367SUSE bug 1198773CVE-2021-3592 at SUSECVE-2021-3592 at NVDCVE-2021-3594 at SUSECVE-2021-3594 at NVDCVE-2021-3595 at SUSECVE-2021-3595 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
ImportantSUSE bug 1196490SUSE bug 1199132CVE-2022-23308 at SUSECVE-2022-23308 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDcpe:/o:suse:suse-microos:5.2Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.2
This update for kernel-firmware fixes the following issues:
Update AMD ucode and SEV firmware
- (CVE-2021-26339, CVE-2021-26373, CVE-2021-26347, CVE-2021-26376,
CVE-2021-26375, CVE-2021-26378, CVE-2021-26372, CVE-2021-26339,
CVE-2021-26348, CVE-2021-26342, CVE-2021-26388, CVE-2021-26349,
CVE-2021-26364, CVE-2021-26312, CVE-2021-26350, CVE-2021-46744,
bsc#1199459, bsc#1199470)
ModerateSUSE bug 1199459SUSE bug 1199470CVE-2021-26312 at SUSECVE-2021-26312 at NVDCVE-2021-26339 at SUSECVE-2021-26339 at NVDCVE-2021-26342 at SUSECVE-2021-26342 at NVDCVE-2021-26347 at SUSECVE-2021-26347 at NVDCVE-2021-26348 at SUSECVE-2021-26348 at NVDCVE-2021-26349 at SUSECVE-2021-26349 at NVDCVE-2021-26350 at SUSECVE-2021-26350 at NVDCVE-2021-26364 at SUSECVE-2021-26364 at NVDCVE-2021-26372 at SUSECVE-2021-26372 at NVDCVE-2021-26373 at SUSECVE-2021-26373 at NVDCVE-2021-26375 at SUSECVE-2021-26375 at NVDCVE-2021-26376 at SUSECVE-2021-26376 at NVDCVE-2021-26378 at SUSECVE-2021-26378 at NVDCVE-2021-26388 at SUSECVE-2021-26388 at NVDCVE-2021-46744 at SUSECVE-2021-46744 at NVDcpe:/o:suse:suse-microos:5.2Security update for fribidi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for fribidi fixes the following issues:
- CVE-2022-25308: Fixed stack out of bounds read (bsc#1196147).
- CVE-2022-25309: Fixed heap-buffer-overflow in fribidi_cap_rtl_to_unicode (bsc#1196148).
- CVE-2022-25310: Fixed NULL pointer dereference in fribidi_remove_bidi_marks (bsc#1196150).
ModerateSUSE bug 1196147SUSE bug 1196148SUSE bug 1196150CVE-2022-25308 at SUSECVE-2022-25308 at NVDCVE-2022-25309 at SUSECVE-2022-25309 at NVDCVE-2022-25310 at SUSECVE-2022-25310 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2022-26691: Fixed an authentication bypass and code execution vulnerability (bsc#1199474)
ImportantSUSE bug 1199474CVE-2022-26691 at SUSECVE-2022-26691 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Important)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
ImportantSUSE bug 1199223SUSE bug 1199224CVE-2022-27781 at SUSECVE-2022-27781 at NVDCVE-2022-27782 at SUSECVE-2022-27782 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2022-0561: Fixed null source pointer passed as an argument to memcpy() within TIFFFetchStripThing() in tif_dirread.c (bsc#1195964).
- CVE-2022-0562: Fixed null source pointer passed as an argument to memcpy() within TIFFReadDirectory() in tif_dirread.c (bsc#1195965).
- CVE-2022-0865: Fixed assertion failure in TIFFReadAndRealloc (bsc#1197066).
- CVE-2022-0909: Fixed divide by zero error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197072).
- CVE-2022-0924: Fixed out-of-bounds read error in tiffcp that could have led to a denial-of-service via a crafted tiff file (bsc#1197073).
- CVE-2022-0908: Fixed null source pointer passed as an argument to memcpy in TIFFFetchNormalTag() (bsc#1197074).
- CVE-2022-1056: Fixed out-of-bounds read error in tiffcrop that could have led to a denial-of-service via a crafted tiff file (bsc#1197631).
- CVE-2022-0891: Fixed heap buffer overflow in extractImageSection (bsc#1197068).
ImportantSUSE bug 1195964SUSE bug 1195965SUSE bug 1197066SUSE bug 1197068SUSE bug 1197072SUSE bug 1197073SUSE bug 1197074SUSE bug 1197631CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-0562 at SUSECVE-2022-0562 at NVDCVE-2022-0865 at SUSECVE-2022-0865 at NVDCVE-2022-0891 at SUSECVE-2022-0891 at NVDCVE-2022-0908 at SUSECVE-2022-0908 at NVDCVE-2022-0909 at SUSECVE-2022-0909 at NVDCVE-2022-0924 at SUSECVE-2022-0924 at NVDCVE-2022-1056 at SUSECVE-2022-1056 at NVDcpe:/o:suse:suse-microos:5.2Security update for pcre2 (Important)SUSE Linux Enterprise Micro 5.2
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-microos:5.2Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.2
This update for grub2 fixes the following issues:
Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
- CVE-2021-3695: Fixed that a crafted PNG grayscale image could lead to out-of-bounds write in heap (bsc#1191184)
- CVE-2021-3696: Fixed that a crafted PNG image could lead to out-of-bound write during huffman table handling (bsc#1191185)
- CVE-2021-3697: Fixed that a crafted JPEG image could lead to buffer underflow write in the heap (bsc#1191186)
- CVE-2022-28733: Fixed fragmentation math in net/ip (bsc#1198460)
- CVE-2022-28734: Fixed an out-of-bound write for split http headers (bsc#1198493)
- CVE-2022-28735: Fixed some verifier framework changes (bsc#1198495)
- CVE-2022-28736: Fixed a use-after-free in chainloader command (bsc#1198496)
- Update SBAT security contact (bsc#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused when the root LV is completely in the boot LUN (bsc#1197948)
ImportantSUSE bug 1191184SUSE bug 1191185SUSE bug 1191186SUSE bug 1193282SUSE bug 1197948SUSE bug 1198460SUSE bug 1198493SUSE bug 1198495SUSE bug 1198496SUSE bug 1198581CVE-2021-3695 at SUSECVE-2021-3695 at NVDCVE-2021-3696 at SUSECVE-2021-3696 at NVDCVE-2021-3697 at SUSECVE-2021-3697 at NVDCVE-2022-28733 at SUSECVE-2022-28733 at NVDCVE-2022-28734 at SUSECVE-2022-28734 at NVDCVE-2022-28735 at SUSECVE-2022-28735 at NVDCVE-2022-28736 at SUSECVE-2022-28736 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361: Fixed IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues (XSA-400) (bsc#1197426)
- CVE-2022-26362: Fixed race condition in typeref acquisition (bsc#1199965)
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (bsc#1199966)
ImportantSUSE bug 1027519SUSE bug 1197426SUSE bug 1199965SUSE bug 1199966CVE-2022-26358 at SUSECVE-2022-26358 at NVDCVE-2022-26359 at SUSECVE-2022-26359 at NVDCVE-2022-26360 at SUSECVE-2022-26360 at NVDCVE-2022-26361 at SUSECVE-2022-26361 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472)
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
The following non-security bugs were fixed:
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
- ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
- dim: initialize all struct fields (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
- driver: core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register (bsc#1178134).
- firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
- firewire: remove check of list iterator against head past the loop body (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured (git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals (git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
- mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- net: korina: fix return value (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- NFS: Do not invalidate inode attributes on delegation return (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections (bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response (git-fixes).
- revert scsi: qla2xxx: Changes to support FCP2 Target (bsc#1198438).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h> (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
ImportantSUSE bug 1055117SUSE bug 1061840SUSE bug 1065729SUSE bug 1103269SUSE bug 1118212SUSE bug 1153274SUSE bug 1154353SUSE bug 1156395SUSE bug 1158266SUSE bug 1167773SUSE bug 1176447SUSE bug 1178134SUSE bug 1180100SUSE bug 1183405SUSE bug 1188885SUSE bug 1195826SUSE bug 1196426SUSE bug 1196478SUSE bug 1196570SUSE bug 1196840SUSE bug 1197446SUSE bug 1197472SUSE bug 1197601SUSE bug 1197675SUSE bug 1198438SUSE bug 1198577SUSE bug 1198971SUSE bug 1198989SUSE bug 1199035SUSE bug 1199052SUSE bug 1199063SUSE bug 1199114SUSE bug 1199314SUSE bug 1199505SUSE bug 1199507SUSE bug 1199564SUSE bug 1199626SUSE bug 1199631SUSE bug 1199650SUSE bug 1199670SUSE bug 1199839SUSE bug 1200019SUSE bug 1200045SUSE bug 1200046SUSE bug 1200192SUSE bug 1200216CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).
ImportantSUSE bug 1070955SUSE bug 1191770SUSE bug 1192167SUSE bug 1192902SUSE bug 1192903SUSE bug 1192904SUSE bug 1193466SUSE bug 1193905SUSE bug 1194093SUSE bug 1194216SUSE bug 1194217SUSE bug 1194388SUSE bug 1194872SUSE bug 1194885SUSE bug 1195004SUSE bug 1195203SUSE bug 1195332SUSE bug 1195354SUSE bug 1196361SUSE bug 1198596SUSE bug 1198748SUSE bug 1199331SUSE bug 1199333SUSE bug 1199334SUSE bug 1199651SUSE bug 1199655SUSE bug 1199693SUSE bug 1199745SUSE bug 1199747SUSE bug 1199936SUSE bug 1200010SUSE bug 1200011SUSE bug 1200012CVE-2017-17087 at SUSECVE-2017-17087 at NVDCVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3875 at SUSECVE-2021-3875 at NVDCVE-2021-3903 at SUSECVE-2021-3903 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3968 at SUSECVE-2021-3968 at NVDCVE-2021-3973 at SUSECVE-2021-3973 at NVDCVE-2021-3974 at SUSECVE-2021-3974 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4069 at SUSECVE-2021-4069 at NVDCVE-2021-4136 at SUSECVE-2021-4136 at NVDCVE-2021-4166 at SUSECVE-2021-4166 at NVDCVE-2021-4192 at SUSECVE-2021-4192 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0128 at SUSECVE-2022-0128 at NVDCVE-2022-0213 at SUSECVE-2022-0213 at NVDCVE-2022-0261 at SUSECVE-2022-0261 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0359 at SUSECVE-2022-0359 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0392 at SUSECVE-2022-0392 at NVDCVE-2022-0407 at SUSECVE-2022-0407 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDCVE-2022-0696 at SUSECVE-2022-0696 at NVDCVE-2022-1381 at SUSECVE-2022-1381 at NVDCVE-2022-1420 at SUSECVE-2022-1420 at NVDCVE-2022-1616 at SUSECVE-2022-1616 at NVDCVE-2022-1619 at SUSECVE-2022-1619 at NVDCVE-2022-1620 at SUSECVE-2022-1620 at NVDCVE-2022-1733 at SUSECVE-2022-1733 at NVDCVE-2022-1735 at SUSECVE-2022-1735 at NVDCVE-2022-1771 at SUSECVE-2022-1771 at NVDCVE-2022-1785 at SUSECVE-2022-1785 at NVDCVE-2022-1796 at SUSECVE-2022-1796 at NVDCVE-2022-1851 at SUSECVE-2022-1851 at NVDCVE-2022-1897 at SUSECVE-2022-1897 at NVDCVE-2022-1898 at SUSECVE-2022-1898 at NVDCVE-2022-1927 at SUSECVE-2022-1927 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1966: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
-
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).
- devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
ImportantSUSE bug 1177282SUSE bug 1199365SUSE bug 1200015SUSE bug 1200143SUSE bug 1200144SUSE bug 1200206SUSE bug 1200207SUSE bug 1200249SUSE bug 1200259SUSE bug 1200263SUSE bug 1200268SUSE bug 1200529CVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. (bsc#1200019)
- CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted btrfs filesystem image. (bnc#1158266)
- CVE-2022-1729: Fixed a sys_perf_event_open() race condition against self (bsc#1199507).
- CVE-2022-1184: Fixed an use-after-free and memory errors in ext4 when mounting and operating on a corrupted image. (bsc#1198577)
- CVE-2022-1652: Fixed a statically allocated error counter inside the floppy kernel module (bsc#1199063).
- CVE-2022-20008: Fixed bug that allows to read kernel heap memory due to uninitialized data in mmc_blk_read_single of block.c. (bnc#1199564)
- CVE-2022-30594: Fixed restriction bypass on setting the PT_SUSPEND_SECCOMP flag (bnc#1199505).
- CVE-2022-0168: Fixed a NULL pointer dereference in smb2_ioctl_query_info. (bsc#1197472)
- CVE-2021-33061: Fixed insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1196426).
- CVE-2022-20141: Fixwed an use after free due to improper locking. This bug could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. (bnc#1200604)
- CVE-2022-21123: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21125: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21180: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21166: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-21127: Fixed a stale MMIO data transient which can be exploited to speculatively/transiently disclose information via spectre like attacks. (bsc#1199650)
- CVE-2022-1975: Fixed a sleep-in-atomic bug that allows attacker to crash linux kernel by simulating nfc device from user-space. (bsc#1200143)
- CVE-2022-1974: Fixed an use-after-free that could causes kernel crash by simulating an nfc device from user-space. (bsc#1200144)
- CVE-2020-26541: Enforce the secure boot forbidden signature database (aka dbx) protection mechanism. (bnc#1177282)
- CVE-2022-32250: Fixed an use-after-free bug in the netfilter subsystem. This flaw allowed a local attacker with user access to cause a privilege escalation issue. (bnc#1200015)
The following non-security bugs were fixed:
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (git-fixes).
- ACPI: property: Release subnode properties with data nodes (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632 (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9520 laptop (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before dereferencing it (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6 (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- ARM: mediatek: select arch timer for mt7629 (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- ARM: tegra: Move panels to AUX bus (git-fixes)
- arm64: avoid fixmap race condition when create pud mapping (git-fixes)
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- arm64: paravirt: Use RCU read locks to guard stolen_time (git-fixes).
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- ASoC: atmel-classd: Remove endianness flag on class d component (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator frequency (git-fixes).
- ASoC: dapm: Do not fold register value changes into notifications (git-fixes).
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom control (git-fixes).
- ASoC: max98090: Move check for invalid values before casting in max98090_put_enab_tlv() (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put() (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure (git-fixes).
- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_* (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (git-fixes).
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable (git-fixes).
- batman-adv: Do not skb_split skbuffs with frag_list (git-fixes).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line (bsc#1200045).
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- blk-mq: Fix wrong wakeup batch configuration which will cause hang (bsc#1200263).
- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (bsc#1200259).
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing (git-fixes).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ceph: fix setting of xattrs on async created inodes (bsc#1200192).
- cfg80211: set custom regdomain after wiphy registration (git-fixes).
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (bsc#1199839).
- clk: at91: generated: consider range when calculating best rate (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances (git-fixes).
- copy_process(): Move fd_install() out of sighand->siglock critical section (bsc#1199626).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove (git-fixes).
- crypto: x86 - eliminate anonymous module_init and module_exit (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions (git-fixes).
- dim: initialize all struct fields (git-fixes).
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (git-fixes).
- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (git-fixes).
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (git-fixes).
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117 ltc#159753).
- docs: submitting-patches: Fix crossref to 'The canonical patch format' (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of list iterator (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes (git-fixes).
- drbd: use bdev_alignment_offset instead of queue_alignment_offset (git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (git-fixes).
- drivers/base/memory: fix an unlikely reference counting issue in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (git-fixes).
- drm: sti: do not use kernel-doc markers (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct dce_{version, environment} types (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (git-fixes).
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/atomic: Force bridge self-refresh-exit on CRTC switch (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm/edid: fix invalid EDID extension block filtering (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm/i915: fix i915_globals_exit() section mismatch error (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/msm/dsi: fix address for second DSI PHY on SDM660 (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit functions (git-fixes).
- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (git-fixes).
- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (git-fixes).
- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01 (git-fixes).
- drm/plane: Move range check for format_count earlier (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm/vc4: txp: Do not set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled (git-fixes).
- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- EDAC/synopsys: Read the error count from the correct register (bsc#1178134).
- efi: Add missing prototype for efi_capsule_setup_info (git-fixes).
- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (git-fixes).
- fbcon: Consistently protect deferred_takeover with console_lock() (git-fixes).
- firewire: core: extend card->lock in fw_core_handle_bus_reset (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback() (git-fixes).
- firewire: remove check of list iterator against head past the loop body (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (git-fixes).
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS response (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator (git-fixes).
- ftrace: Clean up hash direct_functions on register failures (git-fixes).
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- genirq/timings: Fix error return code in (git-fixes)
- genirq/timings: Prevent potential array overflow in (git-fixes)
- gma500: fix an incorrect NULL check on list iterator (git-fixes).
- gpio: adp5588: Remove support for platform setup and teardown callbacks (git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target bit (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (git-fixes).
- gpio: pca953x: use the correct register address to do regcache sync (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges' (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured (git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad (git-fixes).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory (git-fixes).
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- i2c: cadence: Increase timeout per message if necessary (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (git-fixes).
- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (git-fixes).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (jsc#SLE-12878).
- ice: Clear default forwarding VSI during VSI release (jsc#SLE-12878).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (jsc#SLE-7926).
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (git-fixes).
- Input: add bounds checking to input_set_capability() (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- Input: ili210x - fix reset timing (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe (git-fixes).
- Input: stmfts - do not leave device disabled in stmfts_input_open (git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open (git-fixes).
- iommu/amd: Increase timeout waiting for GA log enablement (bsc#1199052).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Do not send reset commands if FW isn't running (bsc#1167773).
- ionic: fix missing pci_release_regions() on error in ionic_probe() (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean() (jsc#SLE-16649).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ipw2x00: Fix potential NULL dereference in libipw_xmit() (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (git-fixes).
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2 (git-fixes).
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG (bsc#1198971).
- kABI: ivtv: restore caps member (git-fixes).
- Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH (git-fixes).
- KVM: fix wrong exception emulation in check_rdtsc (git-fixes).
- KVM: nVMX: Invalidate all roots when emulating INVVPID without EPT (git-fixes).
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (git-fixes).
- KVM: nVMX: Set LDTR to its architecturally defined value on nested VM-Exit (git-fixes).
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested VM-Enter (git-fixes).
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- KVM: VMX: Fix stale docs for kvm-intel.emulate_invalid_guest_state (git-fixes).
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush (git-fixes).
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR emulation (git-fixes).
- KVM: x86: clflushopt should be treated as a no-op by emulation (git-fixes).
- KVM: x86: Do not force set BSP bit when local APIC is managed by userspace (git-fixes).
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce (git-fixes).
- KVM: x86: Immediately reset the MMU context when the SMM flag is cleared (git-fixes).
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode (git-fixes).
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest (git-fixes).
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any BSP (git-fixes).
- KVM: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode (git-fixes).
- KVM: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (git-fixes).
- KVM: x86/emulator: Defer not-present segment check in __load_segment_descriptor() (git-fixes).
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (git-fixes).
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- lan743x: remove redundant assignment to variable rx_process_result (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989) The update was reverted due to some regression on older hardware. These have been fixed in the meantime, thus update the driver.
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- media: cx25821: Fix the warning when removing the module (git-fixes).
- media: davinci: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM enable (git-fixes).
- media: davinci: vpif: fix use-after-free on driver unbind (git-fixes).
- media: media-entity.h: Fix documentation for media_create_intf_link (git-fixes).
- media: netup_unidvb: Do not leak SPI master in probe error path (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev() (git-fixes).
- media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (git-fixes).
- media: saa7134: fix incorrect use to determine if list is empty (git-fixes).
- media: uvcvideo: Fix missing check to determine if element is found in list (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- media: videobuf2: Fix the size printk format (git-fixes).
- media: vim2m: Register video device after setting up internals (git-fixes).
- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (jsc#SLE-15176, jsc#SLE-16387).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol() (git-fixes).
- mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list (git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the constant (git-fixes).
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- mtd: rawnand: Fix return value check of wait_for_completion_timeout (git-fixes).
- mtd: spi-nor: core: Check written SR value in spi_nor_write_16bit_sr_and_check() (git-fixes).
- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (git-fixes).
- net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes).
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes).
- net: hns3: add a check for index in hclge_get_rss_key() (git-fixes).
- net: hns3: clear inited state and stop client after failed to register netdev (bsc#1154353).
- net: hns3: fix bug when PF set the duplicate MAC address for VFs (jsc#SLE-14777).
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- net: korina: fix return value (git-fixes).
- net: rtlwifi: properly check for alloc_workqueue() failure (git-fixes).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1183405).
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- net/mlx5e: Fix the calling of update_buffer_lossy() API (jsc#SLE-15172).
- netdevice: demote the type of some dev_addr_set() helpers (bsc#1200216).
- netfilter: conntrack: connection timeout after re-register (bsc#1199035).
- netfilter: conntrack: move synack init code to helper (bsc#1199035).
- netfilter: conntrack: re-init state for retransmitted syn-ack (bsc#1199035).
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options (bsc#1199035).
- netfilter: nf_conntrack_tcp: re-init for syn packets only (bsc#1199035).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (bsc#1176447).
- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (git-fixes).
- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (git-fixes).
- NFC: netlink: fix sleep in atomic bug when firmware download timeout (git-fixes).
- NFC: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- NFC: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes).
- NFC: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- NFC: st21nfca: fix memory leaks in EVT_TRANSACTION handling (git-fixes).
- NFS: Do not report ENOSPC write errors twice (git-fixes).
- NFS: limit use of ACCESS cache for negative responses (bsc#1196570).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- NFSv4: Do not invalidate inode attributes on delegation return (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- nvme-tcp: allow selecting the network interface for connections (bsc#1199670).
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for OPT_HOST_IFACE (bsc#1199670).
- objtool: Fix type of reloc::addend (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure (git-fixes).
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- PCI: hv: Fix NUMA node assignment when kernel boots with custom NUMA topology (bsc#1199365).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in phy_mdm6600_probe (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in omap_usb2_enable_clocks (git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map() (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- pinctrl/rockchip: support deferring other gpio params (git-fixes).
- ping: fix the sk_bound_dev_if match in ping_lookup (bsc#1195826).
- ping: remove pr_err from ping_lookup (bsc#1195826).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout occurs (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (git-fixes).
- platform/x86: wmi: Fix driver->notify() vs ->probe() race (git-fixes).
- platform/x86: wmi: Replace read_takes_no_args with a flags field (git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117 ltc#159753).
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521 git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- powerpc/fadump: fix PT_LOAD segment for boot memory area (bsc#1103269 ltc#169948 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get STF barrier requirements from device-tree (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xive: Add some error handling code to 'xive_spapr_init()' (git-fixes).
- powerpc/xive: Fix refcount leak in xive_spapr_init (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct (git-fixes).
- qlcnic: Fix error code in probe (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (git-fixes).
- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (git-fixes).
- rtc: mt6397: check return value after calling platform_get_resource() (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector packed decimal facility (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock (git-fixes).
- s390/cio: Fix the 'type' field in s390_cio_tpi tracepoint (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207 LTC#198454).
- s390/dasd: Fix read for ESE with blksize 4k (bsc#1200206 LTC#198455).
- s390/dasd: Fix read inconsistency for ESE DASD devices (bsc#1200206 LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices (bsc#1200207 LTC#198454).
- s390/ftrace: fix ftrace_update_ftrace_func implementation (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST flag (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM guests (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto masks (git-fixes).
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl (git-fixes).
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl (git-fixes).
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- sched/topology: Skip updating masks for non-online nodes (bsc#1197446 ltc#183000).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits (bsc#1199631).
- scsi: hisi_sas: Change permission of parameter prot_mask (git-fixes).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric parameters (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a new FLOGI (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Correct CRC32 calculation for congestion stats (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE (bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled (bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event() (bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4() (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure (bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock (bsc#1200045).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted (bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic disable (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports (bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for ELS_RDF path (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports link down (bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for trunk groups (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link down or aborted (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe rescan (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for NVMe I/O (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field (bsc#1200045).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix command initialization in pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in pm80XX_send_read_log() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix payload initialization in pm80xx_set_thermal_config() (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63 (git-fixes).
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init and module_exit (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character (git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration (git-fixes).
- serial: 8250: core: Remove unneeded linux/pm_runtime.h (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (git-fixes).
- serial: 8250: pxa: Remove unneeded linux/pm_runtime.h (git-fixes).
- serial: digicolor-usart: Do not allow CS5-6 (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write() (git-fixes).
- serial: pch: do not overwrite xmit->buf[0] by x_char (git-fixes).
- serial: rda-uart: Do not allow CS5-6 (git-fixes).
- serial: sh-sci: Do not allow CS5-6 (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity (git-fixes).
- serial: txx9: Do not allow CS5-6 (git-fixes).
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- smp: Fix offline cpu check in flush_smp_call_function_queue() (git-fixes).
- smsc911x: allow using IRQ0 (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (git-fixes).
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (git-fixes).
- soc: rockchip: Fix refcount leak in rockchip_grf_init (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking (git-fixes).
- spi: Introduce device-managed SPI controller allocation (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend (git-fixes).
- spi: spi-fsl-qspi: check return value after calling platform_get_resource_byname() (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init() (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- SUNRPC: Ensure that the gssproxy client can start in a connected state (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- thermal/drivers/bcm2711: Do not clamp temperature at zero (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (git-fixes).
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (git-fixes).
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- timers: Fix warning condition in __run_timers() (git-fixes)
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (bsc#1065729).
- tracing: Fix potential double free in create_var_ref() (git-fixes).
- tracing: Fix return value of trace_pid_write() (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: fix deadlock caused by calling printk() under tty_port->lock (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port (git-fixes).
- tty: serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (git-fixes).
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: gadget: do not reset gadget's driver->bus (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (git-fixes).
- usb: hcd-pci: Fully suspend across freeze/thaw cycle (git-fixes).
- usb: host: isp116x: check return value after calling platform_get_resource() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe() (git-fixes).
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe (git-fixes).
- usb: new quirk for Dell Gen 2 devices (git-fixes).
- usb: quirks: add a Realtek card reader (git-fixes).
- usb: quirks: add STRING quirk for VCOM device (git-fixes).
- usb: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (git-fixes).
- usb: serial: option: add Fibocom L610 modem (git-fixes).
- usb: serial: option: add Fibocom MA510 modem (git-fixes).
- usb: serial: option: add Quectel BG95 modem (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/MV32-WB (git-fixes).
- usb: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (git-fixes).
- usb: serial: pl2303: add device id for HP LM930 Display (git-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM7590 (git-fixes).
- usb: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (git-fixes).
- usb: storage: karma: fix rio_karma_init return (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: typec: tcpci: Do not skip cleanup in .remove() on error (git-fixes).
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- usb: typec: ucsi: Fix role swapping (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd (git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly (git-fixes).
- vringh: Fix loop descriptors check in the indirect cases (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to 500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
ImportantSUSE bug 1055117SUSE bug 1061840SUSE bug 1065729SUSE bug 1103269SUSE bug 1118212SUSE bug 1153274SUSE bug 1154353SUSE bug 1156395SUSE bug 1158266SUSE bug 1167773SUSE bug 1176447SUSE bug 1177282SUSE bug 1178134SUSE bug 1180100SUSE bug 1183405SUSE bug 1188885SUSE bug 1195826SUSE bug 1196426SUSE bug 1196478SUSE bug 1196570SUSE bug 1196840SUSE bug 1197446SUSE bug 1197472SUSE bug 1197601SUSE bug 1197675SUSE bug 1198438SUSE bug 1198577SUSE bug 1198971SUSE bug 1198989SUSE bug 1199035SUSE bug 1199052SUSE bug 1199063SUSE bug 1199114SUSE bug 1199314SUSE bug 1199365SUSE bug 1199505SUSE bug 1199507SUSE bug 1199564SUSE bug 1199626SUSE bug 1199631SUSE bug 1199650SUSE bug 1199670SUSE bug 1199839SUSE bug 1200015SUSE bug 1200019SUSE bug 1200045SUSE bug 1200046SUSE bug 1200143SUSE bug 1200144SUSE bug 1200192SUSE bug 1200206SUSE bug 1200207SUSE bug 1200216SUSE bug 1200249SUSE bug 1200259SUSE bug 1200263SUSE bug 1200529SUSE bug 1200549SUSE bug 1200604CVE-2019-19377 at SUSECVE-2019-19377 at NVDCVE-2020-26541 at SUSECVE-2020-26541 at NVDCVE-2021-33061 at SUSECVE-2021-33061 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-1652 at SUSECVE-2022-1652 at NVDCVE-2022-1729 at SUSECVE-2022-1729 at NVDCVE-2022-1966 at SUSECVE-2022-1966 at NVDCVE-2022-1972 at SUSECVE-2022-1972 at NVDCVE-2022-1974 at SUSECVE-2022-1974 at NVDCVE-2022-1975 at SUSECVE-2022-1975 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21127 at SUSECVE-2022-21127 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-21180 at SUSECVE-2022-21180 at NVDCVE-2022-30594 at SUSECVE-2022-30594 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
- CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that could be used to bypass PAM authentication (bsc#1200566)
ImportantSUSE bug 1200566CVE-2022-22967 at SUSECVE-2022-22967 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
ModerateSUSE bug 1185637SUSE bug 1199166SUSE bug 1200550CVE-2022-1292 at SUSECVE-2022-1292 at NVDCVE-2022-2068 at SUSECVE-2022-2068 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2022-26354: Fixed missing virtqueue detach on error can lead to memory leak (bsc#1198712)
- CVE-2021-4207: Fixed double fetch in qxl_cursor() can lead to heap buffer overflow (bsc#1198037)
- CVE-2021-4206: Fixed integer overflow in cursor_alloc() can lead to heap buffer overflow (bsc#1198035)
ImportantSUSE bug 1197084SUSE bug 1198035SUSE bug 1198037SUSE bug 1198712SUSE bug 1199018SUSE bug 1199924CVE-2021-4206 at SUSECVE-2021-4206 at NVDCVE-2021-4207 at SUSECVE-2021-4207 at NVDCVE-2022-26354 at SUSECVE-2022-26354 at NVDcpe:/o:suse:suse-microos:5.2Security update for s390-tools (Important)SUSE Linux Enterprise Micro 5.2
This update of s390-tools fixes the following issue:
- rebuild with new secure boot key due to grub2 boothole 3 issues (bsc#1198581)
ImportantSUSE bug 1198581cpe:/o:suse:suse-microos:5.2Security update for curl (Important)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
ImportantSUSE bug 1200735SUSE bug 1200737CVE-2022-32206 at SUSECVE-2022-32206 at NVDCVE-2022-32208 at SUSECVE-2022-32208 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
ImportantSUSE bug 1201099CVE-2022-2097 at SUSECVE-2022-2097 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd, docker and runc (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd, docker and runc fixes the following issues:
containerd:
- CVE-2022-31030: Fixed denial of service via invocation of the ExecSync API (bsc#1200145)
docker:
- Update to Docker 20.10.17-ce. See upstream changelog online at
https://docs.docker.com/engine/release-notes/#201017. (bsc#1200145)
runc:
Update to runc v1.1.3.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.3.
* Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
s390 and s390x. This solves the issue where syscalls the host kernel did not
support would return `-EPERM` despite the existence of the `-ENOSYS` stub
code (this was due to how s390x does syscall multiplexing).
* Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
intended; this fix does not affect runc binary itself but is important for
libcontainer users such as Kubernetes.
* Inability to compile with recent clang due to an issue with duplicate
constants in libseccomp-golang.
* When using systemd cgroup driver, skip adding device paths that don't exist,
to stop systemd from emitting warnings about those paths.
* Socket activation was failing when more than 3 sockets were used.
* Various CI fixes.
* Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
- Fixed issues with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
that platform's syscall multiplexing semantics. (bsc#1192051 bsc#1199565)
Update to runc v1.1.2.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.2.
Security issue fixed:
- CVE-2022-29162: A bug was found in runc where runc exec --cap executed processes with
non-empty inheritable Linux process capabilities, creating an atypical Linux
environment. (bsc#1199460)
- `runc spec` no longer sets any inheritable capabilities in the created
example OCI spec (`config.json`) file.
Update to runc v1.1.1.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.1.
* runc run/start can now run a container with read-only /dev in OCI spec,
rather than error out. (#3355)
* runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
libcontainer systemd v2 manager no longer errors out if one of the files
listed in /sys/kernel/cgroup/delegate do not exist in container's
cgroup. (#3387, #3404)
* Loosen OCI spec validation to avoid bogus 'Intel RDT is not supported'
error. (#3406)
* libcontainer/cgroups no longer panics in cgroup v1 managers if stat
of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
Update to runc v1.1.0.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0.
- libcontainer will now refuse to build without the nsenter package being
correctly compiled (specifically this requires CGO to be enabled). This
should avoid folks accidentally creating broken runc binaries (and
incorrectly importing our internal libraries into their projects). (#3331)
Update to runc v1.1.0~rc1.
Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
+ Add support for RDMA cgroup added in Linux 4.11.
* runc exec now produces exit code of 255 when the exec failed.
This may help in distinguishing between runc exec failures
(such as invalid options, non-running container or non-existent
binary etc.) and failures of the command being executed.
+ runc run: new --keep option to skip removal exited containers artefacts.
This might be useful to check the state (e.g. of cgroup controllers) after
the container hasexited.
+ seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
(the latter is just an alias for SCMP_ACT_KILL).
+ seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
users to create sophisticated seccomp filters where syscalls can be
efficiently emulated by privileged processes on the host.
+ checkpoint/restore: add an option (--lsm-mount-context) to set
a different LSM mount context on restore.
+ intelrdt: support ClosID parameter.
+ runc exec --cgroup: an option to specify a (non-top) in-container cgroup
to use for the process being executed.
+ cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
run/exec now adds the container to the appropriate cgroup under it).
+ sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
behaviour.
+ mounts: add support for bind-mounts which are inaccessible after switching
the user namespace. Note that this does not permit the container any
additional access to the host filesystem, it simply allows containers to
have bind-mounts configured for paths the user can access but have
restrictive access control settings for other users.
+ Add support for recursive mount attributes using mount_setattr(2). These
have the same names as the proposed mount(8) options -- just prepend r
to the option name (such as rro).
+ Add runc features subcommand to allow runc users to detect what features
runc has been built with. This includes critical information such as
supported mount flags, hook names, and so on. Note that the output of this
command is subject to change and will not be considered stable until runc
1.2 at the earliest. The runtime-spec specification for this feature is
being developed in opencontainers/runtime-spec#1130.
* system: improve performance of /proc/$pid/stat parsing.
* cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
the ownership of certain cgroup control files (as per
/sys/kernel/cgroup/delegate) to allow for proper deferral to the container
process.
* runc checkpoint/restore: fixed for containers with an external bind mount
which destination is a symlink.
* cgroup: improve openat2 handling for cgroup directory handle hardening.
runc delete -f now succeeds (rather than timing out) on a paused
container.
* runc run/start/exec now refuses a frozen cgroup (paused container in case of
exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of the release.
ImportantSUSE bug 1192051SUSE bug 1199460SUSE bug 1199565SUSE bug 1200088SUSE bug 1200145CVE-2022-29162 at SUSECVE-2022-29162 at NVDCVE-2022-31030 at SUSECVE-2022-31030 at NVDcpe:/o:suse:suse-microos:5.2Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ignition fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
- Update to version 2.14.0
ModerateSUSE bug 1199524CVE-2022-1706 at SUSECVE-2022-1706 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
ImportantSUSE bug 1198511CVE-2015-20107 at SUSECVE-2015-20107 at NVDcpe:/o:suse:suse-microos:5.2Security update for pcre (Important)SUSE Linux Enterprise Micro 5.2
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
ImportantSUSE bug 1199232CVE-2022-1586 at SUSECVE-2022-1586 at NVDcpe:/o:suse:suse-microos:5.2Security update for p11-kit (Moderate)SUSE Linux Enterprise Micro 5.2
This update for p11-kit fixes the following issues:
- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)
ModerateSUSE bug 1180065CVE-2020-29362 at SUSECVE-2020-29362 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- Add various fsctl structs (bsc#1200217).
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- arm64: ftrace: fix branch range checks (git-fixes)
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
- bcache: fixup multiple threads crash (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- block: Fix kABI in blk-merge.c (bsc#1198020).
- block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
- ceph: add some lockdep assertions around snaprealm handling (bsc#1201147).
- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
- cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
- cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217).
- cifs: avoid parallel session setups on same channel (bsc#1200217).
- cifs: avoid race during socket reconnect between send and recv (bsc#1200217).
- cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
- cifs: call helper functions for marking channels for reconnect (bsc#1200217).
- cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217).
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- cifs: check reconnects for channels of active tcons too (bsc#1200217).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217).
- cifs: clean up an inconsistent indenting (bsc#1200217).
- cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217).
- cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
- cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217).
- cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217).
- cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- cifs: fix handlecache and multiuser (bsc#1200217).
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
- cifs: fix minor compile warning (bsc#1200217).
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- cifs: fix potential double free during failed mount (bsc#1200217).
- cifs: fix potential race with cifsd thread (bsc#1200217).
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- cifs: fix the connection state transitions with multichannel (bsc#1200217).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217).
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- cifs: ignore resource_id while getting fscache super cookie (bsc#1200217).
- cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
- cifs: make status checks in version independent callers (bsc#1200217).
- cifs: mark sessions for reconnection in helper function (bsc#1200217).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- cifs: potential buffer overflow in handling symlinks (bsc#1200217).
- cifs: print TIDs as hex (bsc#1200217).
- cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217).
- cifs: reconnect only the connection and not smb session where possible (bsc#1200217).
- cifs: release cached dentries only if mount is complete (bsc#1200217).
- cifs: remove check of list iterator against head past the loop body (bsc#1200217).
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
- cifs: remove repeated state change in dfs tree connect (bsc#1200217).
- cifs: remove unused variable ses_selected (bsc#1200217).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- cifs: return the more nuanced writeback error on close() (bsc#1200217).
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- cifs: serialize all mount attempts (bsc#1200217).
- cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217).
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- cifs: smbd: fix typo in comment (bsc#1200217).
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- cifs: track individual channel status using chans_need_reconnect (bsc#1200217).
- cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
- cifs: update internal module number (bsc#1193629).
- cifs: update internal module number (bsc#1200217).
- cifs: update internal module number (bsc#1200217).
- cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
- cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217).
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- cifs: use new enum for ses_status (bsc#1200217).
- cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217).
- cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217).
- cifs: wait for tcon resource_id before getting fscache super (bsc#1200217).
- cifs: we do not need a spinlock around the tree access during umount (bsc#1200217).
- cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
- exec: Force single empty string when argv is empty (bsc#1200571).
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
- ext4: make variable 'count' signed (bsc#1200820).
- Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- gtp: use icmp_ndo_send helper (git-fixes).
- hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
- i2c: designware: Use standard optional ref clock implementation (git-fixes).
- ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
- iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- iomap: iomap_write_failed fix (bsc#1200829).
- ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
- jfs: fix divide error in dbNextAG (bsc#1200828).
- kABI fix of sysctl_run_estimation (git-fixes).
- kabi: nvme workaround header include (bsc#1201193).
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- move devm_allocate to end of structure for kABI (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
- NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
- NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFS: Memory allocation failures are not server fatal errors (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions (git-fixes).
- nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
- nvme: add new discovery log page entry definitions (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761).
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761).
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes).
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- pahole 1.22 required for full BTF features. also recommend pahole for kernel-source to make the kernel buildable with standard config
- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
- pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
- powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
- Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes).
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
- scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622).
- smb3: add mount parm nosparse (bsc#1200217).
- smb3: add trace point for lease not found issue (bsc#1200217).
- smb3: add trace point for oplock not found (bsc#1200217).
- smb3: check for null tcon (bsc#1200217).
- smb3: cleanup and clarify status of tree connections (bsc#1200217).
- smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217).
- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217).
- smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217).
- smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: fix snapshot mount option (bsc#1200217).
- [smb3] improve error message when mount options conflict with posix (bsc#1200217).
- smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- [smb3] move more common protocol header definitions to smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: send NTLMSSP version information (bsc#1200217).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
- sunvnet: use icmp_ndo_send helper (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: chipidea: udc: check request status before setting device address (git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
- usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
- veth: fix races around rq->rx_notify_masked (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- writeback: Avoid skipping inode writeback (bsc#1200813).
- writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
- xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1179195SUSE bug 1180814SUSE bug 1184924SUSE bug 1185762SUSE bug 1192761SUSE bug 1193629SUSE bug 1194013SUSE bug 1195504SUSE bug 1195775SUSE bug 1196901SUSE bug 1197362SUSE bug 1197754SUSE bug 1198020SUSE bug 1198924SUSE bug 1199482SUSE bug 1199487SUSE bug 1199489SUSE bug 1199657SUSE bug 1200217SUSE bug 1200263SUSE bug 1200343SUSE bug 1200442SUSE bug 1200571SUSE bug 1200599SUSE bug 1200600SUSE bug 1200608SUSE bug 1200619SUSE bug 1200622SUSE bug 1200692SUSE bug 1200806SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200813SUSE bug 1200816SUSE bug 1200820SUSE bug 1200821SUSE bug 1200822SUSE bug 1200825SUSE bug 1200828SUSE bug 1200829SUSE bug 1200925SUSE bug 1201050SUSE bug 1201080SUSE bug 1201143SUSE bug 1201147SUSE bug 1201149SUSE bug 1201160SUSE bug 1201171SUSE bug 1201177SUSE bug 1201193SUSE bug 1201222CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
Various FIPS 140-3 related fixes were backported from SUSE Linux Enterprise 15 SP4:
- Makes the PBKDF known answer test compliant with NIST SP800-132. (bsc#1192079).
- FIPS: Add on-demand integrity tests through sftk_FIPSRepeatIntegrityCheck()
(bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security policy
(bsc#1191546, bsc#1201298).
- FIPS: remove hard disabling of unapproved algorithms. This requirement is now
fulfilled by the service level indicator (bsc#1200325).
- Run test suite at build time, and make it pass (bsc#1198486).
- FIPS: skip algorithms that are hard disabled in FIPS mode.
- Prevent expired PayPalEE cert from failing the tests.
- Allow checksumming to be disabled, but only if we entered FIPS mode
due to NSS_FIPS being set, not if it came from /proc.
- FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: add version indicators. (bmo#1729550, bsc#1192086).
- FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).
Version update to NSS 3.79:
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Version update to NSS 3.78.1:
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
Version update to NSS 3.78:
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Version update to NSS 3.77:
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
Version update to NSS 3.76.1
- Remove token member from NSSSlot struct.
- Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake message.
Version update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Version update to NSS 3.74
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068 root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
Version update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Version update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via DER-encoded DSA and RSA-PSS signatures
Version update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Version update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
Version update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Version update to NSS 3.69.1:
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with AES_CBC
NSS 3.69:
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
Version Update to 3.68.4 (bsc#1200027)
- CVE-2022-31741: Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
Mozilla NSPR was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that have two IP stacks available.
ImportantSUSE bug 1192079SUSE bug 1192080SUSE bug 1192086SUSE bug 1192087SUSE bug 1192228SUSE bug 1198486SUSE bug 1200027CVE-2022-31741 at SUSECVE-2022-31741 at NVDcpe:/o:suse:suse-microos:5.2Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.2
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
ImportantSUSE bug 1196125SUSE bug 1201225CVE-2022-34903 at SUSECVE-2022-34903 at NVDcpe:/o:suse:suse-microos:5.2Security update for logrotate (Important)SUSE Linux Enterprise Micro 5.2
This update for logrotate fixes the following issues:
Security issues fixed:
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).
ImportantSUSE bug 1192449SUSE bug 1200278SUSE bug 1200802cpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre like Branch Target Buffer attack, that can leak arbitrary kernel information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-1012: Fixed information leak caused by small table perturb size in the TCP source port generation algorithm (bsc#1199482).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2022-20141: Fixed a possible use after free due to improper locking in ip_check_mc_rcu() (bsc#1200604).
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS subsystem, related to the replication of files with NFS. A user could potentially crash the system or escalate privileges on the system (bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in lock_sock_nested of sock.c. This could lead to local escalation of privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- arm64: ftrace: fix branch range checks (git-fixes)
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls (git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (git-fixes).
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (git-fixes).
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate() (bsc#1197362).
- bcache: fixup multiple threads crash (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (git-fixes).
- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (git-fixes).
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (bsc#1200825).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- block: do not merge across cgroup boundaries if blkcg is enabled (bsc#1198020).
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- block: Fix kABI in blk-merge.c (bsc#1198020).
- block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and ndo_open() (git-fixes).
- ceph: add some lockdep assertions around snaprealm handling (bsc#1201147).
- ceph: clean up locking annotation for ceph_get_snap_realm and __lookup_snap_realm (bsc#1201149).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist (git-fixes).
- cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
- cifs: adjust DebugData to use chans_need_reconnect for conn status (bsc#1200217).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (bsc#1200217).
- cifs: avoid parallel session setups on same channel (bsc#1200217).
- cifs: avoid race during socket reconnect between send and recv (bsc#1200217).
- cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
- cifs: call helper functions for marking channels for reconnect (bsc#1200217).
- cifs: change smb2_query_info_compound to use a cached fid, if available (bsc#1200217).
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- cifs: check reconnects for channels of active tcons too (bsc#1200217).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (bsc#1200217).
- cifs: clean up an inconsistent indenting (bsc#1200217).
- cifs: destage any unwritten data to the server before calling copychunk_write (bsc#1200217).
- cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
- cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set (bsc#1200217).
- cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (bsc#1200217).
- cifs: fix double free race when mount fails in cifs_get_root() (bsc#1200217).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- cifs: fix handlecache and multiuser (bsc#1200217).
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
- cifs: fix minor compile warning (bsc#1200217).
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- cifs: fix potential double free during failed mount (bsc#1200217).
- cifs: fix potential race with cifsd thread (bsc#1200217).
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX (bsc#1200217).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- cifs: fix the connection state transitions with multichannel (bsc#1200217).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (bsc#1200217).
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- cifs: ignore resource_id while getting fscache super cookie (bsc#1200217).
- cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
- cifs: make status checks in version independent callers (bsc#1200217).
- cifs: mark sessions for reconnection in helper function (bsc#1200217).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- cifs: potential buffer overflow in handling symlinks (bsc#1200217).
- cifs: print TIDs as hex (bsc#1200217).
- cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs refs (bsc#1200217).
- cifs: reconnect only the connection and not smb session where possible (bsc#1200217).
- cifs: release cached dentries only if mount is complete (bsc#1200217).
- cifs: remove check of list iterator against head past the loop body (bsc#1200217).
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
- cifs: remove repeated state change in dfs tree connect (bsc#1200217).
- cifs: remove unused variable ses_selected (bsc#1200217).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- cifs: return the more nuanced writeback error on close() (bsc#1200217).
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- cifs: serialize all mount attempts (bsc#1200217).
- cifs: set the CREATE_NOT_FILE when opening the directory in use_cached_dir() (bsc#1200217).
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- cifs: smbd: fix typo in comment (bsc#1200217).
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- cifs: track individual channel status using chans_need_reconnect (bsc#1200217).
- cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
- cifs: update internal module number (bsc#1193629).
- cifs: update internal module number (bsc#1200217).
- cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
- cifs: use a different reconnect helper for non-cifsd threads (bsc#1200217).
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- cifs: use new enum for ses_status (bsc#1200217).
- cifs: use the chans_need_reconnect bitmap for reconnect status (bsc#1200217).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (bsc#1200217).
- cifs: version operations for smb20 unneeded when legacy support disabled (bsc#1200217).
- cifs: wait for tcon resource_id before getting fscache super (bsc#1200217).
- cifs: we do not need a spinlock around the tree access during umount (bsc#1200217).
- cifs: when extending a file with falloc we should make files not-sparse (bsc#1200217).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c (git-fixes).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure (git-fixes).
- exec: Force single empty string when argv is empty (bsc#1200571).
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- ext4: fix race condition between ext4_write and ext4_convert_inline_data (bsc#1200807).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (bsc#1200806).
- ext4: make variable 'count' signed (bsc#1200820).
- Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- gtp: use icmp_ndo_send helper (git-fixes).
- hwmon: (ibmaem) do not call platform_device_del() if platform_device_add() fails (git-fixes).
- i2c: designware: Use standard optional ref clock implementation (git-fixes).
- ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
- iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation (git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- iomap: iomap_write_failed fix (bsc#1200829).
- ipvs: add sysctl_run_estimation to support disable estimation (bsc#1195504).
- jfs: fix divide error in dbNextAG (bsc#1200828).
- kABI fix of sysctl_run_estimation (git-fixes).
- kabi: nvme workaround header include (bsc#1201193).
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- move devm_allocate to end of structure for kABI (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (git-fixes).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
- NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
- NFS: Do not report errors from nfs_pageio_complete() more than once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFS: Memory allocation failures are not server fatal errors (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions (git-fixes).
- nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
- nvme: add new discovery log page entry definitions (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: expose subsystem type in sysfs attribute 'subsystype' (bsc#1192761).
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- nvmet: do not check iosqes,iocqes for discovery controllers (bsc#1192761).
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY (git-fixes).
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (git-fixes).
- pNFS: Do not keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
- powerpc/perf: Fix the threshold compare group constraint for power9 (bsc#1065729).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (bsc#1200343 ltc#198477).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (git-fixes).
- Revert 'block: Fix a lockdep complaint triggered by request queue flushing' (git-fixes).
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after starget_to_rport() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path refactoring (bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent (bsc#1201193).
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
- scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events (bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update (bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time (bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed (bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os (bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete (bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters (bsc#1201160).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195 bsc#1200622).
- smb3: add mount parm nosparse (bsc#1200217).
- smb3: add trace point for lease not found issue (bsc#1200217).
- smb3: add trace point for oplock not found (bsc#1200217).
- smb3: check for null tcon (bsc#1200217).
- smb3: cleanup and clarify status of tree connections (bsc#1200217).
- smb3: do not set rc when used and unneeded in query_info_compound (bsc#1200217).
- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (bsc#1200217).
- smb3: fix incorrect session setup check for multiuser mounts (bsc#1200217).
- smb3: fix ksmbd bigendian bug in oplock break, and move its struct to smbfs_common (bsc#1200217).
- smb3: fix snapshot mount option (bsc#1200217).
- smb3 improve error message when mount options conflict with posix (bsc#1200217).
- smb3: move defines for ioctl protocol header and SMB2 sizes to smbfs_common (bsc#1200217).
- smb3: move defines for query info and query fsinfo to smbfs_common (bsc#1200217).
- smb3: move more common protocol header definitions to smbfs_common (bsc#1200217).
- smb3: send NTLMSSP version information (bsc#1200217).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (git-fixes).
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (git-fixes).
- sunvnet: use icmp_ndo_send helper (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: chipidea: udc: check request status before setting device address (git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (git-fixes).
- usb: gadget: u_ether: fix regression in setting fixed MAC address (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new baseline (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
- veth: fix races around rq->rx_notify_masked (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready() (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs() (git-fixes).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- writeback: Avoid skipping inode writeback (bsc#1200813).
- writeback: Fix inode->i_io_list not be protected by inode->i_lock error (bsc#1200821).
- xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
ImportantSUSE bug 1065729SUSE bug 1179195SUSE bug 1180814SUSE bug 1184924SUSE bug 1185762SUSE bug 1192761SUSE bug 1193629SUSE bug 1194013SUSE bug 1195504SUSE bug 1195775SUSE bug 1196901SUSE bug 1197362SUSE bug 1197754SUSE bug 1198020SUSE bug 1198924SUSE bug 1199482SUSE bug 1199487SUSE bug 1199489SUSE bug 1199657SUSE bug 1200217SUSE bug 1200263SUSE bug 1200343SUSE bug 1200442SUSE bug 1200571SUSE bug 1200599SUSE bug 1200600SUSE bug 1200604SUSE bug 1200605SUSE bug 1200608SUSE bug 1200619SUSE bug 1200622SUSE bug 1200692SUSE bug 1200806SUSE bug 1200807SUSE bug 1200809SUSE bug 1200810SUSE bug 1200813SUSE bug 1200816SUSE bug 1200820SUSE bug 1200821SUSE bug 1200822SUSE bug 1200825SUSE bug 1200828SUSE bug 1200829SUSE bug 1200925SUSE bug 1201050SUSE bug 1201080SUSE bug 1201143SUSE bug 1201147SUSE bug 1201149SUSE bug 1201160SUSE bug 1201171SUSE bug 1201177SUSE bug 1201193SUSE bug 1201222SUSE bug 1201644SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676CVE-2021-26341 at SUSECVE-2021-26341 at NVDCVE-2021-4157 at SUSECVE-2021-4157 at NVDCVE-2022-1012 at SUSECVE-2022-1012 at NVDCVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-20141 at SUSECVE-2022-20141 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-33981 at SUSECVE-2022-33981 at NVDCVE-2022-34918 at SUSECVE-2022-34918 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-M2Crypto (Important)SUSE Linux Enterprise Micro 5.2
This update for python-M2Crypto fixes the following issues:
- CVE-2020-25657: Fixed Bleichenbacher timing attacks in the RSA decryption API (bsc#1178829).
ImportantSUSE bug 1178829CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:suse:suse-microos:5.2Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.2
This update for ldb, samba fixes the following issues:
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492).
- CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
- CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493).
The following security bugs were fixed:
samba was updated to 4.15.8:
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).
ldb was updated to version 2.4.3
* Fix build problems, waf produces incorrect names for python extensions; (bso#15071);
ImportantSUSE bug 1196224SUSE bug 1198255SUSE bug 1199247SUSE bug 1199734SUSE bug 1200556SUSE bug 1200964SUSE bug 1201490SUSE bug 1201492SUSE bug 1201493SUSE bug 1201495SUSE bug 1201496CVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401) (bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED vulnerability, arbitrary speculative code execution with return instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1199965SUSE bug 1199966SUSE bug 1200549SUSE bug 1201394SUSE bug 1201469CVE-2022-21123 at SUSECVE-2022-21123 at NVDCVE-2022-21125 at SUSECVE-2022-21125 at NVDCVE-2022-21166 at SUSECVE-2022-21166 at NVDCVE-2022-23816 at SUSECVE-2022-23816 at NVDCVE-2022-23825 at SUSECVE-2022-23825 at NVDCVE-2022-26362 at SUSECVE-2022-26362 at NVDCVE-2022-26363 at SUSECVE-2022-26363 at NVDCVE-2022-26364 at SUSECVE-2022-26364 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDcpe:/o:suse:suse-microos:5.2Security update for dwarves and elfutils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
ModerateSUSE bug 1033084SUSE bug 1033085SUSE bug 1033086SUSE bug 1033087SUSE bug 1033088SUSE bug 1033089SUSE bug 1033090SUSE bug 1082318SUSE bug 1104264SUSE bug 1106390SUSE bug 1107066SUSE bug 1107067SUSE bug 1111973SUSE bug 1112723SUSE bug 1112726SUSE bug 1123685SUSE bug 1125007CVE-2017-7607 at SUSECVE-2017-7607 at NVDCVE-2017-7608 at SUSECVE-2017-7608 at NVDCVE-2017-7609 at SUSECVE-2017-7609 at NVDCVE-2017-7610 at SUSECVE-2017-7610 at NVDCVE-2017-7611 at SUSECVE-2017-7611 at NVDCVE-2017-7612 at SUSECVE-2017-7612 at NVDCVE-2017-7613 at SUSECVE-2017-7613 at NVDCVE-2018-16062 at SUSECVE-2018-16062 at NVDCVE-2018-16402 at SUSECVE-2018-16402 at NVDCVE-2018-16403 at SUSECVE-2018-16403 at NVDCVE-2018-18310 at SUSECVE-2018-18310 at NVDCVE-2018-18520 at SUSECVE-2018-18520 at NVDCVE-2018-18521 at SUSECVE-2018-18521 at NVDCVE-2019-7146 at SUSECVE-2019-7146 at NVDCVE-2019-7148 at SUSECVE-2019-7148 at NVDCVE-2019-7149 at SUSECVE-2019-7149 at NVDCVE-2019-7150 at SUSECVE-2019-7150 at NVDCVE-2019-7664 at SUSECVE-2019-7664 at NVDCVE-2019-7665 at SUSECVE-2019-7665 at NVDcpe:/o:suse:suse-microos:5.2Security update for mokutil (Moderate)SUSE Linux Enterprise Micro 5.2
This update for mokutil fixes the following issues:
- Adds SBAT revocation support to mokutil. (bsc#1198458)
New options added (see manpage):
- mokutil --sbat
List all entries in SBAT.
- mokutil --set-sbat-policy (latest | previous | delete)
To set the SBAT acceptance policy.
- mokutil --list-sbat-revocations
To list the current SBAT revocations.
ModerateSUSE bug 1198458cpe:/o:suse:suse-microos:5.2Security update for tiff (Low)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176).
- CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175).
- CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174).
LowSUSE bug 1201174SUSE bug 1201175SUSE bug 1201176CVE-2022-2056 at SUSECVE-2022-2056 at NVDCVE-2022-2057 at SUSECVE-2022-2057 at NVDCVE-2022-2058 at SUSECVE-2022-2058 at NVDcpe:/o:suse:suse-microos:5.2Security update for pcre2 (Important)SUSE Linux Enterprise Micro 5.2
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
ImportantSUSE bug 1164384SUSE bug 1199235CVE-2019-20454 at SUSECVE-2019-20454 at NVDCVE-2022-1587 at SUSECVE-2022-1587 at NVDcpe:/o:suse:suse-microos:5.2Security update for harfbuzz (Important)SUSE Linux Enterprise Micro 5.2
This update for harfbuzz fixes the following issues:
- CVE-2022-33068: Fixed a integer overflow in hb-ot-shape-fallback.cc (bsc#1200900).
ImportantSUSE bug 1200900CVE-2022-33068 at SUSECVE-2022-33068 at NVDcpe:/o:suse:suse-microos:5.2Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
ModerateSUSE bug 1198627CVE-2022-29458 at SUSECVE-2022-29458 at NVDcpe:/o:suse:suse-microos:5.2Security update for cifs-utils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for cifs-utils fixes the following issues:
- CVE-2022-29869: Fixed verbose messages on option parsing causing information leak (bsc#1198976).
ModerateSUSE bug 1198976CVE-2022-29869 at SUSECVE-2022-29869 at NVDcpe:/o:suse:suse-microos:5.2Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins (Moderate)SUSE Linux Enterprise Micro 5.2
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
ModerateSUSE bug 1195916SUSE bug 1196696CVE-2020-29651 at SUSECVE-2020-29651 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
Updated to version 3.4.7:
- CVE-2022-1227: Fixed an issue that could allow an attacker to publish
a malicious image to a public registry and run arbitrary code in the
victim's context via the 'podman top' command (bsc#1182428).
- CVE-2022-27191: Fixed a potential crash via SSH under specific
configurations (bsc#1197284).
- CVE-2022-21698: Fixed a potential denial of service that affected
servers that used Prometheus instrumentation (bsc#1196338).
ImportantSUSE bug 1182428SUSE bug 1196338SUSE bug 1197284CVE-2022-1227 at SUSECVE-2022-1227 at NVDCVE-2022-21698 at SUSECVE-2022-21698 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.2Security update for systemd-presets-common-SUSE (Moderate)SUSE Linux Enterprise Micro 5.2
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
ModerateSUSE bug 1199524SUSE bug 1200485CVE-2022-1706 at SUSECVE-2022-1706 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598)
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- Fixed battery detection problem on macbooks (bnc#1201206).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- Sort in RETbleed backport into the sorted section Now that it is upstream..
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- amd-xgbe: Update DMA coherency values (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: do not delete queue kobject before its children (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559).
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules.
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559).
- kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559).
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559).
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/slub: add missing TID updates on slab deactivation (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules.
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
ImportantSUSE bug 1178134SUSE bug 1196616SUSE bug 1198829SUSE bug 1199364SUSE bug 1199647SUSE bug 1199665SUSE bug 1199670SUSE bug 1200015SUSE bug 1200521SUSE bug 1200598SUSE bug 1200644SUSE bug 1200651SUSE bug 1200762SUSE bug 1200910SUSE bug 1201196SUSE bug 1201206SUSE bug 1201251SUSE bug 1201381SUSE bug 1201429SUSE bug 1201442SUSE bug 1201458SUSE bug 1201635SUSE bug 1201636SUSE bug 1201644SUSE bug 1201645SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1201846SUSE bug 1201930SUSE bug 1201940SUSE bug 1201954SUSE bug 1201956SUSE bug 1201958SUSE bug 1202154CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1116 at SUSECVE-2022-1116 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-32250 at SUSECVE-2022-32250 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:suse-microos:5.2Security update for spice (Important)SUSE Linux Enterprise Micro 5.2
This update for spice fixes the following issues:
- CVE-2021-20201: Fixed an issue which could allow clients to cause a
denial of service by repeatedly renegotiating a connection (bsc#1181686).
ImportantSUSE bug 1181686CVE-2021-20201 at SUSECVE-2021-20201 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
ImportantSUSE bug 1202020CVE-2022-2509 at SUSECVE-2022-2509 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2022-36946: Fixed an incorrect packet trucation operation which could lead to denial of service (bnc#1201940).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-20166: Fixed several possible memory safety issues due to unsafe operations (bsc#1200598).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl and closing/opening of TTYs could lead to a use-after-free (bnc#1201429).
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd PIO_FONT (bnc#1201636).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem (bnc#1198829).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler in Rose subsystem that allowed unprivileged attackers to crash the system (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
The following non-security bugs were fixed:
- Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too.
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- Fixed a regression where smart batteries would not be detected on Mac (bsc#1201206).
- Fixed an issue where qla2xxx would prevent nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the same problem - the IBRS_* regs push/popping was wrong but it needs 1b331eeea7b8 ('x86/entry: Remove skip_r11rcx') too.
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: enable BPF type format (BTF) (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
ImportantSUSE bug 1178134SUSE bug 1196616SUSE bug 1196867SUSE bug 1198829SUSE bug 1199364SUSE bug 1199647SUSE bug 1199648SUSE bug 1199665SUSE bug 1199670SUSE bug 1199695SUSE bug 1200521SUSE bug 1200598SUSE bug 1200644SUSE bug 1200651SUSE bug 1200762SUSE bug 1200910SUSE bug 1201196SUSE bug 1201206SUSE bug 1201251SUSE bug 1201381SUSE bug 1201429SUSE bug 1201442SUSE bug 1201458SUSE bug 1201635SUSE bug 1201636SUSE bug 1201644SUSE bug 1201645SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1201742SUSE bug 1201752SUSE bug 1201846SUSE bug 1201930SUSE bug 1201940SUSE bug 1201941SUSE bug 1201954SUSE bug 1201956SUSE bug 1201958SUSE bug 1202087SUSE bug 1202154SUSE bug 1202312CVE-2020-36516 at SUSECVE-2020-36516 at NVDCVE-2020-36557 at SUSECVE-2020-36557 at NVDCVE-2020-36558 at SUSECVE-2020-36558 at NVDCVE-2021-33655 at SUSECVE-2021-33655 at NVDCVE-2021-33656 at SUSECVE-2021-33656 at NVDCVE-2022-1116 at SUSECVE-2022-1116 at NVDCVE-2022-1462 at SUSECVE-2022-1462 at NVDCVE-2022-20166 at SUSECVE-2022-20166 at NVDCVE-2022-21505 at SUSECVE-2022-21505 at NVDCVE-2022-2318 at SUSECVE-2022-2318 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-2639 at SUSECVE-2022-2639 at NVDCVE-2022-29581 at SUSECVE-2022-29581 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-36946 at SUSECVE-2022-36946 at NVDcpe:/o:suse:suse-microos:5.2Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
ImportantSUSE bug 1202657SUSE bug 1202733CVE-2022-31676 at SUSECVE-2022-31676 at NVDcpe:/o:suse:suse-microos:5.2Security update for libslirp (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libslirp fixes the following issues:
- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).
Non-security fixes:
- Fix the version header (bsc#1201551)
ModerateSUSE bug 1187365SUSE bug 1201551CVE-2021-3593 at SUSECVE-2021-3593 at NVDcpe:/o:suse:suse-microos:5.2Security update for zlib (Important)SUSE Linux Enterprise Micro 5.2
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
ImportantSUSE bug 1202175CVE-2022-37434 at SUSECVE-2022-37434 at NVDcpe:/o:suse:suse-microos:5.2Security update for rsync (Important)SUSE Linux Enterprise Micro 5.2
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
ImportantSUSE bug 1201840CVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave (INTEL-SA-00657).
See also: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
Other fixes:
- Update for functional issues.
See also: https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
| SKX-D | M1 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
| ICX-SP | D0 | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
| RKL-S | B0 | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
| ADL | C0 | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
| ADL | C0 | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
| ADL | C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
ModerateSUSE bug 1201727CVE-2022-21233 at SUSECVE-2022-21233 at NVDcpe:/o:suse:suse-microos:5.2Security update for gdk-pixbuf (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gdk-pixbuf fixes the following issues:
- CVE-2021-46829: Fixed overflow when compositing or clearing frames (bsc#1201826).
ModerateSUSE bug 1201826CVE-2021-46829 at SUSECVE-2021-46829 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Low)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
LowSUSE bug 1202593CVE-2022-35252 at SUSECVE-2022-35252 at NVDcpe:/o:suse:suse-microos:5.2Security update for icu (Moderate)SUSE Linux Enterprise Micro 5.2
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
ModerateSUSE bug 1193951CVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:suse-microos:5.2Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
ModerateSUSE bug 1198405CVE-2022-24795 at SUSECVE-2022-24795 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
ImportantSUSE bug 1200270SUSE bug 1200697SUSE bug 1200698SUSE bug 1200700SUSE bug 1200701SUSE bug 1200732SUSE bug 1200884SUSE bug 1200902SUSE bug 1200903SUSE bug 1200904SUSE bug 1201132SUSE bug 1201133SUSE bug 1201134SUSE bug 1201135SUSE bug 1201136SUSE bug 1201150SUSE bug 1201151SUSE bug 1201152SUSE bug 1201153SUSE bug 1201154SUSE bug 1201155SUSE bug 1201249SUSE bug 1201356SUSE bug 1201359SUSE bug 1201363SUSE bug 1201620SUSE bug 1201863SUSE bug 1202046SUSE bug 1202049SUSE bug 1202050SUSE bug 1202051SUSE bug 1202414SUSE bug 1202420SUSE bug 1202421SUSE bug 1202511SUSE bug 1202512SUSE bug 1202515SUSE bug 1202552SUSE bug 1202599SUSE bug 1202687SUSE bug 1202689SUSE bug 1202862CVE-2022-1720 at SUSECVE-2022-1720 at NVDCVE-2022-1968 at SUSECVE-2022-1968 at NVDCVE-2022-2124 at SUSECVE-2022-2124 at NVDCVE-2022-2125 at SUSECVE-2022-2125 at NVDCVE-2022-2126 at SUSECVE-2022-2126 at NVDCVE-2022-2129 at SUSECVE-2022-2129 at NVDCVE-2022-2175 at SUSECVE-2022-2175 at NVDCVE-2022-2182 at SUSECVE-2022-2182 at NVDCVE-2022-2183 at SUSECVE-2022-2183 at NVDCVE-2022-2206 at SUSECVE-2022-2206 at NVDCVE-2022-2207 at SUSECVE-2022-2207 at NVDCVE-2022-2208 at SUSECVE-2022-2208 at NVDCVE-2022-2210 at SUSECVE-2022-2210 at NVDCVE-2022-2231 at SUSECVE-2022-2231 at NVDCVE-2022-2257 at SUSECVE-2022-2257 at NVDCVE-2022-2264 at SUSECVE-2022-2264 at NVDCVE-2022-2284 at SUSECVE-2022-2284 at NVDCVE-2022-2285 at SUSECVE-2022-2285 at NVDCVE-2022-2286 at SUSECVE-2022-2286 at NVDCVE-2022-2287 at SUSECVE-2022-2287 at NVDCVE-2022-2304 at SUSECVE-2022-2304 at NVDCVE-2022-2343 at SUSECVE-2022-2343 at NVDCVE-2022-2344 at SUSECVE-2022-2344 at NVDCVE-2022-2345 at SUSECVE-2022-2345 at NVDCVE-2022-2522 at SUSECVE-2022-2522 at NVDCVE-2022-2571 at SUSECVE-2022-2571 at NVDCVE-2022-2580 at SUSECVE-2022-2580 at NVDCVE-2022-2581 at SUSECVE-2022-2581 at NVDCVE-2022-2598 at SUSECVE-2022-2598 at NVDCVE-2022-2816 at SUSECVE-2022-2816 at NVDCVE-2022-2817 at SUSECVE-2022-2817 at NVDCVE-2022-2819 at SUSECVE-2022-2819 at NVDCVE-2022-2845 at SUSECVE-2022-2845 at NVDCVE-2022-2849 at SUSECVE-2022-2849 at NVDCVE-2022-2862 at SUSECVE-2022-2862 at NVDCVE-2022-2874 at SUSECVE-2022-2874 at NVDCVE-2022-2889 at SUSECVE-2022-2889 at NVDCVE-2022-2923 at SUSECVE-2022-2923 at NVDCVE-2022-2946 at SUSECVE-2022-2946 at NVDCVE-2022-3016 at SUSECVE-2022-3016 at NVDcpe:/o:suse:suse-microos:5.2Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.2
This update for gdk-pixbuf fixes the following issues:
- CVE-2021-44648: Fixed overflow vulnerability in lzw code size (bsc#1194633).
ImportantSUSE bug 1194633CVE-2021-44648 at SUSECVE-2021-44648 at NVDcpe:/o:suse:suse-microos:5.2Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
ModerateSUSE bug 1198823SUSE bug 1198830SUSE bug 1198832CVE-2022-27404 at SUSECVE-2022-27404 at NVDCVE-2022-27405 at SUSECVE-2022-27405 at NVDCVE-2022-27406 at SUSECVE-2022-27406 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kabi/severities: add stmmac driver local sumbols
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- profiling: fix shift too large makes kernel panic (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
ImportantSUSE bug 1023051SUSE bug 1065729SUSE bug 1156395SUSE bug 1179722SUSE bug 1179723SUSE bug 1181862SUSE bug 1191662SUSE bug 1191667SUSE bug 1191881SUSE bug 1192594SUSE bug 1192968SUSE bug 1194272SUSE bug 1194535SUSE bug 1197158SUSE bug 1197755SUSE bug 1197756SUSE bug 1197757SUSE bug 1197760SUSE bug 1197763SUSE bug 1197920SUSE bug 1198971SUSE bug 1199291SUSE bug 1200431SUSE bug 1200845SUSE bug 1200868SUSE bug 1200869SUSE bug 1200870SUSE bug 1200871SUSE bug 1200872SUSE bug 1200873SUSE bug 1201019SUSE bug 1201420SUSE bug 1201610SUSE bug 1201705SUSE bug 1201726SUSE bug 1201948SUSE bug 1202096SUSE bug 1202097SUSE bug 1202346SUSE bug 1202347SUSE bug 1202393SUSE bug 1202396SUSE bug 1202447SUSE bug 1202564SUSE bug 1202577SUSE bug 1202636SUSE bug 1202672SUSE bug 1202701SUSE bug 1202708SUSE bug 1202709SUSE bug 1202710SUSE bug 1202711SUSE bug 1202712SUSE bug 1202713SUSE bug 1202714SUSE bug 1202715SUSE bug 1202716SUSE bug 1202717SUSE bug 1202718SUSE bug 1202720SUSE bug 1202722SUSE bug 1202745SUSE bug 1202756SUSE bug 1202810SUSE bug 1202811SUSE bug 1202860SUSE bug 1202895SUSE bug 1202898SUSE bug 1203063SUSE bug 1203098SUSE bug 1203107SUSE bug 1203116SUSE bug 1203117SUSE bug 1203135SUSE bug 1203136SUSE bug 1203137CVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2020-27784 at SUSECVE-2020-27784 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDcpe:/o:suse:suse-microos:5.2Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
ModerateSUSE bug 1047178CVE-2017-6512 at SUSECVE-2017-6512 at NVDcpe:/o:suse:suse-microos:5.2Security update for libtirpc (Important)SUSE Linux Enterprise Micro 5.2
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
ImportantSUSE bug 1201680CVE-2021-46828 at SUSECVE-2021-46828 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
sqlite was updated to 3.39.3:
* Use a statement journal on DML statement affecting two or more
database rows if the statement makes use of a SQL functions
that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and
PRAGMA data_store_directory statements, even though they are
decremented and documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated
with rearranging the order of FROM clause terms in the
presences of a LEFT JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
1345947, forum post 3607259d3c, and other minor problems
discovered by internal testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that
contains a compound SELECT in which only one arm contains a
RIGHT JOIN and where the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
to a very small value.
* Fix a long-standing problem in FTS3 that can only arise when
compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so
that it works correctly even if the prefix contains characters
that require a 3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of
its output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and
IS DISTINCT FROM that are equivalent to IS and IS NOT,
respective, for compatibility with PostgreSQL and SQL standards
* Add a new return code (value '3') from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and
ORDER BY clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database
filenames to create a canonical name for the database before
the file is opened
* Defer materializing views until the materialization is actually
needed, thus avoiding unnecessary work if the materialization
turns out to never be used
* The HAVING clause of a SELECT statement is now allowed on any
aggregate query, even queries that do not have a GROUP BY
clause
* Many microoptimizations collectively reduce CPU cycles by about
2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the
byte code causes the byte code engine to enter an infinite loop
when the pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction,
using inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows
in the output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might
cause an incorrect answer when doing a LEFT JOIN with a WHERE
clause constraint that says that one of the columns on the
right table of the LEFT JOIN is NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might
cause some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so
that it preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly
even in corner cases such as when the argument is a virtual
column or the column of a view.
* Fix row value IN operator constraints on virtual tables so that
they work correctly even if the virtual table implementation
relies on bytecode to filter rows that do not satisfy the
constraint.
* Other minor fixes to assert() statements, test cases, and
documentation. See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better
compatibility, with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize
an SQL error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs
and newlines embedded in text, and add options like '--wrap N',
'--wordwrap on', and '--quote' to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up
large analytic queries, and a balanced merge tree to evaluate
UNION or UNION ALL compound SELECT statements that have an
ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores
entries in the sqlite_schema table that do not parse when
PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can
cause database corruption if a SAVEPOINT is rolled back while
in PRAGMA temp_store=MEMORY mode, and other changes are made,
and then the outer transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON
UPDATE CASCADE in which a cache of the bytecode used to
implement the cascading change was not being reset following a
local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version
3.35.0 that can cause incorrect byte-code to be generated for
some obscure but valid SQL, possibly resulting in a NULL-
pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt
database files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Updated to 3.37.0:
* STRICT tables provide a prescriptive style of data type
management, for developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a
generated column containing a NOT NULL constraint, the
ALTER TABLE ADD COLUMN now checks new constraints against
preexisting rows in the database and will only proceed if no
constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple
database connections open at the same time.
* Add the --safe command-line option that disables dot-commands
and SQL statements that might cause side-effects that extend
beyond the single database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that
span many lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked
for the TEMP database. That limitation is now noted in the
documentation.
* The query planner now omits ORDER BY clauses on subqueries and
views if removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified
so that the first parameter ('START') is now required. This is
done as a way to demonstrate how to write table-valued
functions with required parameters. The legacy behavior is
available using the -DZERO_ARGUMENT_GENERATE_SERIES
compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64()
interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
ModerateSUSE bug 1189802SUSE bug 1195773SUSE bug 1201783CVE-2021-36690 at SUSECVE-2021-36690 at NVDCVE-2022-35737 at SUSECVE-2022-35737 at NVDcpe:/o:suse:suse-microos:5.2Security update for oniguruma (Important)SUSE Linux Enterprise Micro 5.2
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
ImportantSUSE bug 1142847SUSE bug 1150130SUSE bug 1157805SUSE bug 1164550SUSE bug 1164569SUSE bug 1177179CVE-2019-13224 at SUSECVE-2019-13224 at NVDCVE-2019-16163 at SUSECVE-2019-16163 at NVDCVE-2019-19203 at SUSECVE-2019-19203 at NVDCVE-2019-19204 at SUSECVE-2019-19204 at NVDCVE-2019-19246 at SUSECVE-2019-19246 at NVDCVE-2020-26159 at SUSECVE-2020-26159 at NVDcpe:/o:suse:suse-microos:5.2Security update for permissions (Moderate)SUSE Linux Enterprise Micro 5.2
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
ModerateSUSE bug 1203018CVE-2022-31252 at SUSECVE-2022-31252 at NVDcpe:/o:suse:suse-microos:5.2Security update for libjpeg-turbo (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libjpeg-turbo fixes the following issues:
- CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows() function (bsc#1202915).
ModerateSUSE bug 1202915CVE-2020-35538 at SUSECVE-2020-35538 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP server when an URI path starts with // (bsc#1202624).
ImportantSUSE bug 1202624CVE-2021-28861 at SUSECVE-2021-28861 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Important)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
ImportantSUSE bug 1203438CVE-2022-40674 at SUSECVE-2022-40674 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Moderate)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2022-0216: Fixed a use after free issue found in hw/scsi/lsi53c895a.c. (bsc#1198038)
- CVE-2022-35414: Fixed an uninitialized read during address translation that leads to a crash. (bsc#1201367)
ModerateSUSE bug 1192115SUSE bug 1198038SUSE bug 1201367CVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-35414 at SUSECVE-2022-35414 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806).
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807).
- CVE-2022-26365: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33740: Fixed issue where Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (bsc#1200762).
- CVE-2022-33741: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33742: Fixed issue where data residing in the same 4K page as data shared with a backend was being accessible by such backend (bsc#1200762).
- CVE-2022-33745: Fixed an insufficient TLB flush for x86 PV guests in shadow mode (bsc#1201394).
- CVE-2021-28689: Fixed speculative vulnerabilities with bare (non-shim) 32-bit PV guests (bsc#1185104).
Bugfixes:
- Fixed logic error in built-in default of max_event_channels (bsc#1167608, bsc#1201631).
- Fixed issue where dom0 fails to boot with constrained vcpus and nodes (bsc#1197081).
- Included upstream bugfixes (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1167608SUSE bug 1185104SUSE bug 1197081SUSE bug 1200762SUSE bug 1201394SUSE bug 1201631SUSE bug 1203806SUSE bug 1203807CVE-2021-28689 at SUSECVE-2021-28689 at NVDCVE-2022-26365 at SUSECVE-2022-26365 at NVDCVE-2022-33740 at SUSECVE-2022-33740 at NVDCVE-2022-33741 at SUSECVE-2022-33741 at NVDCVE-2022-33742 at SUSECVE-2022-33742 at NVDCVE-2022-33745 at SUSECVE-2022-33745 at NVDCVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDcpe:/o:suse:suse-microos:5.2Security update for libksba (Critical)SUSE Linux Enterprise Micro 5.2
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
CriticalSUSE bug 1204357CVE-2022-3515 at SUSECVE-2022-3515 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2022-2519: Fixed a double free in rotateImage() (bsc#1202968).
- CVE-2022-2520: Fixed a assertion failure in rotateImage() (bsc#1202973).
- CVE-2022-2521: Fixed invalid free in TIFFClose() (bsc#1202971).
- CVE-2022-2867: Fixed out of bounds read and write in tiffcrop.c (bsc#1202466).
- CVE-2022-2868: Fixed out of bounds read in reverseSamples16bits() (bsc#1202467).
- CVE-2022-2869: Fixed out of bounds read and write in extractContigSamples8bits() (bsc#1202468).
- CVE-2022-34526: Fixed stack overflow in the _TIFFVGetField function of Tiffsplit (bsc#1202026).
ImportantSUSE bug 1201723SUSE bug 1201971SUSE bug 1202026SUSE bug 1202466SUSE bug 1202467SUSE bug 1202468SUSE bug 1202968SUSE bug 1202971SUSE bug 1202973CVE-2022-0561 at SUSECVE-2022-0561 at NVDCVE-2022-2519 at SUSECVE-2022-2519 at NVDCVE-2022-2520 at SUSECVE-2022-2520 at NVDCVE-2022-2521 at SUSECVE-2022-2521 at NVDCVE-2022-2867 at SUSECVE-2022-2867 at NVDCVE-2022-2868 at SUSECVE-2022-2868 at NVDCVE-2022-2869 at SUSECVE-2022-2869 at NVDCVE-2022-34266 at SUSECVE-2022-34266 at NVDCVE-2022-34526 at SUSECVE-2022-34526 at NVDcpe:/o:suse:suse-microos:5.2Security update for multipath-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- multipathd: add 'force_reconfigure' option (bsc#1189551)
The command 'multipathd -kreconfigure' changes behavior: instead
of reloading every map, it checks map configuration and reloads
only modified maps. This speeds up the reconfigure operation
substantially. The old behavior can be reinstated by setting
'force_reconfigure yes' in multipath.conf (not recommended).
Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and
beyond, which provide the command 'multipathd -k'reconfigure all''
- multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)
ImportantSUSE bug 1189551SUSE bug 1191900SUSE bug 1195506SUSE bug 1197570SUSE bug 1202616SUSE bug 1202739CVE-2022-41973 at SUSECVE-2022-41973 at NVDCVE-2022-41974 at SUSECVE-2022-41974 at NVDcpe:/o:suse:suse-microos:5.2Security update for buildah (Important)SUSE Linux Enterprise Micro 5.2
This update for buildah fixes the following issues:
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being overwritten during the image building process (bsc#1167864).
- CVE-2022-2990: Fixed possible information disclosure and modification / bsc#1202812
Buildah was updated to version 1.27.1:
* run: add container gid to additional groups
- Add fix for CVE-2022-2990 / bsc#1202812
Update to version 1.27.0:
* Don't try to call runLabelStdioPipes if spec.Linux is not set
* build: support filtering cache by duration using --cache-ttl
* build: support building from commit when using git repo as build context
* build: clean up git repos correctly when using subdirs
* integration tests: quote '?' in shell scripts
* test: manifest inspect should have OCIv1 annotation
* vendor: bump to c/common@87fab4b7019a
* Failure to determine a file or directory should print an error
* refactor: remove unused CommitOptions from generateBuildOutput
* stage_executor: generate output for cases with no commit
* stage_executor, commit: output only if last stage in build
* Use errors.Is() instead of os.Is{Not,}Exist
* Minor test tweak for podman-remote compatibility
* Cirrus: Use the latest imgts container
* imagebuildah: complain about the right Dockerfile
* tests: don't try to wrap `nil` errors
* cmd/buildah.commitCmd: don't shadow 'err'
* cmd/buildah.pullCmd: complain about DecryptConfig/EncryptConfig
* Fix a copy/paste error message
* Fix a typo in an error message
* build,cache: support pulling/pushing cache layers to/from remote sources
* Update vendor of containers/(common, storage, image)
* Rename chroot/run.go to chroot/run_linux.go
* Don't bother telling codespell to skip files that don't exist
* Set user namespace defaults correctly for the library
* imagebuildah: optimize cache hits for COPY and ADD instructions
* Cirrus: Update VM images w/ updated bats
* docs, run: show SELinux label flag for cache and bind mounts
* imagebuildah, build: remove undefined concurrent writes
* bump github.com/opencontainers/runtime-tools
* Add FreeBSD support for 'buildah info'
* Vendor in latest containers/(storage, common, image)
* Add freebsd cross build targets
* Make the jail package build on 32bit platforms
* Cirrus: Ensure the build-push VM image is labeled
* GHA: Fix dynamic script filename
* Vendor in containers/(common, storage, image)
* Run codespell
* Remove import of github.com/pkg/errors
* Avoid using cgo in pkg/jail
* Rename footypes to fooTypes for naming consistency
* Move cleanupTempVolumes and cleanupRunMounts to run_common.go
* Make the various run mounts work for FreeBSD
* Move get{Bind,Tmpfs,Secret,SSH}Mount to run_common.go
* Move runSetupRunMounts to run_common.go
* Move cleanableDestinationListFromMounts to run_common.go
* Make setupMounts and runSetupBuiltinVolumes work on FreeBSD
* Move setupMounts and runSetupBuiltinVolumes to run_common.go
* Tidy up - runMakeStdioPipe can't be shared with linux
* Move runAcceptTerminal to run_common.go
* Move stdio copying utilities to run_common.go
* Move runUsingRuntime and runCollectOutput to run_common.go
* Move fileCloser, waitForSync and contains to run_common.go
* Move checkAndOverrideIsolationOptions to run_common.go
* Move DefaultNamespaceOptions to run_common.go
* Move getNetworkInterface to run_common.go
* Move configureEnvironment to run_common.go
* Don't crash in configureUIDGID if Process.Capabilities is nil
* Move configureUIDGID to run_common.go
* Move runLookupPath to run_common.go
* Move setupTerminal to run_common.go
* Move etc file generation utilities to run_common.go
* Add run support for FreeBSD
* Add a simple FreeBSD jail library
* Add FreeBSD support to pkg/chrootuser
* Sync call signature for RunUsingChroot with chroot/run.go
* test: verify feature to resolve basename with args
* vendor: bump openshift/imagebuilder to master@4151e43
* GHA: Remove required reserved-name use
* buildah: set XDG_RUNTIME_DIR before setting default runroot
* imagebuildah: honor build output even if build container is not commited
* chroot: honor DefaultErrnoRet
* [CI:DOCS] improve pull-policy documentation
* tests: retrofit test since --file does not supports dir
* Switch to golang native error wrapping
* BuildDockerfiles: error out if path to containerfile is a directory
* define.downloadToDirectory: fail early if bad HTTP response
* GHA: Allow re-use of Cirrus-Cron fail-mail workflow
* add: fail on bad http response instead of writing to container
* [CI:DOCS] Update buildahimage comment
* lint: inspectable is never nil
* vendor: c/common to common@7e1563b
* build: support OCI hooks for ephemeral build containers
* [CI:BUILD] Install latest buildah instead of compiling
* Add subid support with BuildRequires and BUILDTAG [NO NEW TESTS NEEDED]
* Make sure cpp is installed in buildah images
* demo: use unshare for rootless invocations
* buildah.spec.rpkg: initial addition
* build: fix test for subid 4
* build, userns: add support for --userns=auto
* Fix building upstream buildah image
* Remove redundant buildahimages-are-sane validation
* Docs: Update multi-arch buildah images readme
* Cirrus: Migrate multiarch build off github actions
* retrofit-tests: we skip unused stages so use stages
* stage_executor: dont rely on stage while looking for additional-context
* buildkit, multistage: skip computing unwanted stages
* More test cleanup
* copier: work around freebsd bug for 'mkdir /'
* Replace $BUILDAH_BINARY with buildah() function
* Fix up buildah images
* Make util and copier build on FreeBSD
* Vendor in latest github.com/sirupsen/logrus
* Makefile: allow building without .git
* run_unix: don't return an error from getNetworkInterface
* run_unix: return a valid DefaultNamespaceOptions
* Update vendor of containers/storage
* chroot: use ActKillThread instead of ActKill
* use resolvconf package from c/common/libnetwork
* update c/common to latest main
* copier: add `NoOverwriteNonDirDir` option
* Sort buildoptions and move cli/build functions to internal
* Fix TODO: de-spaghettify run mounts
* Move options parsing out of build.go and into pkg/cli
* [CI:DOCS] Tutorial 04 - Include Debian/Ubuntu deps
* build, multiarch: support splitting build logs for --platform
* [CI:BUILD] WIP Cleanup Image Dockerfiles
* cli remove stutter
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* Fix use generic/ambiguous DEBUG name
* Cirrus: use Ubuntu 22.04 LTS
* Fix codespell errors
* Remove util.StringInSlice because it is defined in containers/common
* buildah: add support for renaming a device in rootless setups
* squash: never use build cache when computing last step of last stage
* Update vendor of containers/(common, storage, image)
* buildkit: supports additionalBuildContext in builds via --build-context
* buildah source pull/push: show progress bar
* run: allow resuing secret twice in different RUN steps
* test helpers: default to being rootless-aware
* Add --cpp-flag flag to buildah build
* build: accept branch and subdirectory when context is git repo
* Vendor in latest containers/common
* vendor: update c/storage and c/image
* Fix gentoo install docs
* copier: move NSS load to new process
* Add test for prevention of reusing encrypted layers
* Make `buildah build --label foo` create an empty 'foo' label again
Update to version 1.26.4:
* build, multiarch: support splitting build logs for --platform
* copier: add `NoOverwriteNonDirDir` option
* docker-parity: ignore sanity check if baseImage history is null
* build, commit: allow disabling image history with --omit-history
* buildkit: supports additionalBuildContext in builds via --build-context
* Add --cpp-flag flag to buildah build
Update to version 1.26.3:
* define.downloadToDirectory: fail early if bad HTTP response
* add: fail on bad http response instead of writing to container
* squash: never use build cache when computing last step of last stage
* run: allow resuing secret twice in different RUN steps
* integration tests: update expected error messages
* integration tests: quote '?' in shell scripts
* Use errors.Is() to check for storage errors
* lint: inspectable is never nil
* chroot: use ActKillThread instead of ActKill
* chroot: honor DefaultErrnoRet
* Set user namespace defaults correctly for the library
* contrib/rpm/buildah.spec: fix `rpm` parser warnings
Drop requires on apparmor pattern, should be moved elsewhere
for systems which want AppArmor instead of SELinux.
- Update BuildRequires to libassuan-devel >= 2.5.2, pkgconfig file
is required to build.
Update to version 1.26.2:
* buildah: add support for renaming a device in rootless setups
Update to version 1.26.1:
* Make `buildah build --label foo` create an empty 'foo' label again
* imagebuildah,build: move deepcopy of args before we spawn goroutine
* Vendor in containers/storage v1.40.2
* buildah.BuilderOptions.DefaultEnv is ignored, so mark it as deprecated
* help output: get more consistent about option usage text
* Handle OS version and features flags
* buildah build: --annotation and --label should remove values
* buildah build: add a --env
* buildah: deep copy options.Args before performing concurrent build/stage
* test: inline platform and builtinargs behaviour
* vendor: bump imagebuilder to master/009dbc6
* build: automatically set correct TARGETPLATFORM where expected
* Vendor in containers/(common, storage, image)
* imagebuildah, executor: process arg variables while populating baseMap
* buildkit: add support for custom build output with --output
* Cirrus: Update CI VMs to F36
* fix staticcheck linter warning for deprecated function
* Fix docs build on FreeBSD
* copier.unwrapError(): update for Go 1.16
* copier.PutOptions: add StripSetuidBit/StripSetgidBit/StripStickyBit
* copier.Put(): write to read-only directories
* Ed's periodic test cleanup
* using consistent lowercase 'invalid' word in returned err msg
* use etchosts package from c/common
* run: set actual hostname in /etc/hostname to match docker parity
* Update vendor of containers/(common,storage,image)
* manifest-create: allow creating manifest list from local image
* Update vendor of storage,common,image
* Initialize network backend before first pull
* oci spec: change special mount points for namespaces
* tests/helpers.bash: assert handle corner cases correctly
* buildah: actually use containers.conf settings
* integration tests: learn to start a dummy registry
* Fix error check to work on Podman
* buildah build should accept at most one arg
* tests: reduce concurrency for flaky bud-multiple-platform-no-run
* vendor in latest containers/common,image,storage
* manifest-add: allow override arch,variant while adding image
* Remove a stray `\` from .containerenv
* Vendor in latest opencontainers/selinux v1.10.1
* build, commit: allow removing default identity labels
* Create shorter names for containers based on image IDs
* test: skip rootless on cgroupv2 in root env
* fix hang when oci runtime fails
* Set permissions for GitHub actions
* copier test: use correct UID/GID in test archives
* run: set parent-death signals and forward SIGHUP/SIGINT/SIGTERM
ImportantSUSE bug 1167864SUSE bug 1181961SUSE bug 1202812CVE-2020-10696 at SUSECVE-2020-10696 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2022-2990 at SUSECVE-2022-2990 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Important)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
ImportantSUSE bug 1204383CVE-2022-32221 at SUSECVE-2022-32221 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated.
The following security bugs were fixed:
- CVE-2022-40768: Fixed information leak in the scsi driver which allowed local users to obtain sensitive information from kernel memory. (bnc#1203514)
- CVE-2022-3169: Fixed a denial of service flaw which occurs when consecutive requests to NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET are sent. (bnc#1203290)
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device. (bsc#1204125)
- CVE-2022-42719: Fixed MBSSID parsing use-after-free. (bsc#1204051)
- CVE-2022-42721: Avoid nontransmitted BSS list corruption. (bsc#1204060)
- CVE-2022-42720: Fixed BSS refcounting bugs. (bsc#1204059)
- CVE-2022-3303: Fixed a race condition in the sound subsystem due to improper locking (bnc#1203769).
- CVE-2022-41218: Fixed an use-after-free caused by refcount races in drivers/media/dvb-core/dmxdev.c (bnc#1202960).
- CVE-2022-3239: Fixed an use-after-free in the video4linux driver that could lead a local user to able to crash the system or escalate their privileges (bnc#1203552).
- CVE-2022-41848: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl (bnc#1203987).
- CVE-2022-41849: Fixed a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open (bnc#1203992).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bnc#1202095).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622).
- CVE-2022-2503: Fixed a bug in dm-verity, device-mapper table reloads allowed users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allowed root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates (bnc#1202677).
- CVE-2022-20008: Fixed a bug which allowed to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. (bnc#1199564)
- CVE-2020-16119: Fixed a use-after-free vulnerability exploitable by a local attacker due to reuse of a DCCP socket. (bnc#1177471)
The following non-security bugs were fixed:
- ALSA: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly (git-fixes).
- ALSA: usb-audio: Register card again for iface over delayed_register option (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
- HID: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737).
- Input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- Input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- JFS: fix GPF in diFree (bsc#1203389).
- JFS: fix memleak in jfs_mount (git-fixes).
- JFS: more checks for invalid superblock (git-fixes).
- JFS: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737).
- kexec: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec: KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: KEYS: s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- NFS: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- NFS: Fix races in the legacy idmapper upcall (git-fixes).
- NFS: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- NFS: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- of: device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909).
- regulator: core: Clean up on enable failure (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- SUNRPC: Do not call connect() more than once on a TCP socket (git-fixes).
- SUNRPC: Do not leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: fix expiry of auth creds (git-fixes).
- SUNRPC: Fix misplaced barrier in call_decode (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before reuse (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- USB: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- USB: core: Fix RST error in hub.c (git-fixes).
- USB: core: Prevent nested device-reset calls (git-fixes).
- USB: dwc3: disable USB core PHY management (git-fixes).
- USB: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- USB: otg-fsm: Fix hrtimer list corruption (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: ch341: name prescaler, divisor registers (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port (git-fixes).
- USB: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- USB: struct usb_device: hide new member (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
ImportantSUSE bug 1177471SUSE bug 1185032SUSE bug 1194023SUSE bug 1196444SUSE bug 1197659SUSE bug 1199564SUSE bug 1200313SUSE bug 1200622SUSE bug 1201309SUSE bug 1201310SUSE bug 1201489SUSE bug 1201645SUSE bug 1201865SUSE bug 1201990SUSE bug 1202095SUSE bug 1202341SUSE bug 1202385SUSE bug 1202677SUSE bug 1202960SUSE bug 1202984SUSE bug 1203159SUSE bug 1203290SUSE bug 1203313SUSE bug 1203389SUSE bug 1203410SUSE bug 1203424SUSE bug 1203514SUSE bug 1203552SUSE bug 1203622SUSE bug 1203737SUSE bug 1203769SUSE bug 1203770SUSE bug 1203906SUSE bug 1203909SUSE bug 1203935SUSE bug 1203939SUSE bug 1203987SUSE bug 1203992SUSE bug 1204051SUSE bug 1204059SUSE bug 1204060SUSE bug 1204125SUSE bug 1204289SUSE bug 1204290SUSE bug 1204291SUSE bug 1204292CVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2022-20008 at SUSECVE-2022-20008 at NVDCVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-41222 at SUSECVE-2022-41222 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDcpe:/o:suse:suse-microos:5.2Security update for libtasn1 (Critical)SUSE Linux Enterprise Micro 5.2
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
CriticalSUSE bug 1204690CVE-2021-46848 at SUSECVE-2021-46848 at NVDcpe:/o:suse:suse-microos:5.2Security update for dbus-1 (Important)SUSE Linux Enterprise Micro 5.2
This update for dbus-1 fixes the following issues:
- CVE-2022-42010: Fixed potential crash that could be triggered by an invalid signature (bsc#1204111).
- CVE-2022-42011: Fixed an out of bounds read caused by a fixed length array (bsc#1204112).
- CVE-2022-42012: Fixed a use-after-free that could be trigged by a message in non-native endianness with out-of-band Unix file descriptor (bsc#1204113).
Bugfixes:
- Disable asserts (bsc#1087072).
ImportantSUSE bug 1087072SUSE bug 1204111SUSE bug 1204112SUSE bug 1204113CVE-2022-42010 at SUSECVE-2022-42010 at NVDCVE-2022-42011 at SUSECVE-2022-42011 at NVDCVE-2022-42012 at SUSECVE-2022-42012 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2020-16119: Fixed a use-after-free due to reuse of a DCCP socket with an attached dccps_hc_tx_ccid object as a listener after being released (bnc#1177471).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-2503: Fixed a LoadPin bypass in Dm-verity (bnc#1202677).
- CVE-2022-2586: Fixed issue in netfilter that allowed CHAIN_ID to refer to another table (bsc#1202095).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-3169: Fixed a denial of service that resulted in a PCIe link disconnect (bnc#1203290).
- CVE-2022-32296: Fixed issue where TCP servers were able to identify clients by observing what source ports are used (bnc#1200288).
- CVE-2022-3239: Fixed a use-after-free in the video4linux driver (bnc#1203552).
- CVE-2022-3303: Fixed a race at SNDCTL_DSP_SYNC (bsc#1203769).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-40768: Fixed information leak in drivers/scsi/stex.c due to stex_queuecommand_lck lack a memset for the PASSTHRU_CMD case (bnc#1203514).
- CVE-2022-41218: Fixed a use-after-free due to refcount races at releasing (bsc#1202960).
- CVE-2022-41222: Fixed a use-after-free via a stale TLB because an rmap lock is not held during a PUD move (bnc#1203622).
- CVE-2022-41674: Fixed a DoS issue where kernel can crash on the reception of specific WiFi Frames (bsc#1203770).
- CVE-2022-41848: Fixed a use-after-free in mgslpc_ops (bsc#1203987).
- CVE-2022-41849: Fixed a use-after-free in ufx_ops_open() (bsc#1203992).
- CVE-2022-42719: Fixed MBSSID parsing use-after-free (bsc#1204051).
- CVE-2022-42720: Fixed BSS refcounting bugs (bsc#1204059).
- CVE-2022-42721: Avoid nontransmitted BSS list corruption (bsc#1204060).
- CVE-2022-42722: Fixed crash in beacon protection for P2P-device (bsc#1204125).
The following non-security bugs were fixed:
- Fixed parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- acpi: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- acpi: LPSS: Fix missing check in register_device_clock() (git-fixes).
- acpi: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- acpi: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802).
- acpi: processor: Remove freq Qos request for all CPUs (git-fixes).
- acpi: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- acpi: video: Force backlight native for some TongFang devices (git-fixes).
- alsa: aloop: Fix random zeros in capture data when using jiffies timer (git-fixes).
- alsa: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- alsa: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() (git-fixes).
- alsa: hda/cirrus - support for iMac 12,1 model (git-fixes).
- alsa: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- alsa: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- alsa: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- alsa: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- alsa: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- alsa: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- alsa: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- alsa: hda/realtek: Add quirk for HP Dev One (git-fixes).
- alsa: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- alsa: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- alsa: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- alsa: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- alsa: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- alsa: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
- alsa: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- alsa: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- alsa: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- alsa: hda/realtek: Re-arrange quirk table entries (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- alsa: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- alsa: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
- alsa: hda/sigmatel: Keep power up while beep is enabled (git-fixes).
- alsa: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- alsa: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- alsa: info: Fix llseek return value when using callback (git-fixes).
- alsa: seq: Fix data-race at module auto-loading (git-fixes).
- alsa: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- alsa: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() (git-fixes).
- alsa: usb-audio: Inform the delayed registration more properly (git-fixes).
- alsa: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- alsa: usb-audio: Register card again for iface over delayed_register option (git-fixes).
- alsa: usb-audio: Split endpoint setups for hw_params and prepare (git-fixes).
- alsa: usb-audio: fix spelling mistakes (git-fixes).
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- arm64: kexec_file: use more system keyrings to verify kernel image signature (bsc#1196444).
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- arm64: mm: fix p?d_leaf() (git-fixes)
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- arm: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- arm: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- arm: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- arm: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- asoc: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- asoc: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- asoc: codecs: da7210: add check for i2c_add_driver (git-fixes).
- asoc: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- asoc: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- asoc: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- asoc: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- asoc: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- asoc: tas2770: Allow mono streams (git-fixes).
- asoc: tas2770: Reinit regcache on reset (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- bpf: Compile out btf_parse_module() if module BTF is not enabled (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- cgroup: cgroup_get_from_id() must check the looked-up kn is a directory (bsc#1203906).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- drm/radeon: add a force flush to delay work when radeon (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as other kernel binary packages there is no need to carry duplicate sources in dtb packages.
- efi: capsule-loader: Fix use-after-free in efi_capsule_write (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (git-fixes).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type in mpc85xx (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hid: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered message (git-fixes).
- hid: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo (git-fixes).
- hid: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- hid: wacom: Do not register pad_input for touch switch (git-fixes).
- hid: wacom: Only report rotation for art pen (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is configured (bsc#1203737).
- input: iforce - add support for Boeder Force Feedback Wheel (git-fixes).
- input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- input: melfas_mip4 - fix return value check in mip4_probe() (git-fixes).
- input: rk805-pwrkey - fix module autoloading (git-fixes).
- input: snvs_pwrkey - fix SNVS_HPVIDR1 register address (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- jfs: fix GPF in diFree (bsc#1203389).
- jfs: fix memleak in jfs_mount (git-fixes).
- jfs: more checks for invalid superblock (git-fixes).
- jfs: prevent NULL deref in diFree (bsc#1203389).
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- kabi: cgroup: Restore KABI of css_set (bsc#1201610).
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kernel-source: include the kernel signature file We assume that the upstream tarball is used for released kernels. Then we can also include the signature file and keyring in the kernel-source src.rpm. Because of mkspec code limitation exclude the signature and keyring from binary packages always - mkspec does not parse spec conditionals.
- kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: do not verify the signature without the lockdown or mandatory signature (bsc#1203737).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- kvm: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- kvm: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- kvm: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- kvm: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- kvm: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- kvm: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- kvm: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- kvm: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- kvm: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- kvm: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- kvm: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- kvm: x86: accept userspace interrupt only if no event is injected (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md-raid10: fix KASAN warning (git-fixes).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md: call __md_stop_writes in md_stop (git-fixes).
- md: unlock mddev before reap sync_thread in action_store (bsc#1197659).
- media: aspeed-video: ignore interrupts that are not enabled (git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: mana: Add rmb after checking owner bits (git-fixes).
- net: mana: Add support of XDP_REDIRECT action (bsc#1201310, jsc#PED-529).
- net: mana: Add the Linux MANA PF driver (bsc#1201309, jsc#PED-529).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfs: fix nfs_path in case of a rename retry (git-fixes).
- nfsd: Add missing NFSv2 .pc_func methods (git-fixes).
- nfsd: Clamp WRITE offsets (git-fixes).
- nfsd: Fix offset type in I/O trace points (git-fixes).
- nfsd: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nfsd: prevent integer overflow on 32 bit systems (git-fixes).
- nfsd: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- nfsv4.1: Do not decrease the value of seq_nr_highest_sent (git-fixes).
- nfsv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly (git-fixes).
- nfsv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- nfsv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- nfsv4: Fix races in the legacy idmapper upcall (git-fixes).
- nfsv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- nfsv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- ntb: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- nvmet: Expose max queues to configfs (bsc#1201865).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes() (git-fixes).
- padata: introduce internal padata_get/put_pd() helpers (bsc#1202638).
- padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638).
- parisc/sticon: fix reverse colors (bsc#1152489).
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- pci/acpi: Guard ARM64-specific mcfg_quirks (git-fixes).
- pci: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- pci: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- pci: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- pci: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- pci: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- pci: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- pci: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell Dot keymap fixes (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424 ltc#199544).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- profiling: fix shift too large makes kernel panic (git-fixes).
- psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1203909).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: core: Clean up on enable failure (git-fixes).
- regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385) We do the move only on 15.5+.
- rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and print line are the same for both cases. The usrmerged case only ignores more, so refactor it to make it more obvious.
- rpm/kernel-source.spec.in: simplify finding of broken symlinks 'find -xtype l' will report them, so use that to make the search a bit faster (without using shell).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization (bsc#1202984 LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984 LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984 LTC#199607).
- scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early return VMID cases (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling (bsc#1203939).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload (bsc#1203939).
- scsi: lpfc: Fix multiple NVMe remoteport registration calls for the same NPort ID (bsc#1203939).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling (bsc#1203939).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically allocated/freed phba (bsc#1185032 bsc#1203939).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of DID_REQUEUE (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential padding (bsc#1203939).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and consistency (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN Manager application (bsc#1203939).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port ISP27XX (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1203935).
- scsi: qla2xxx: Log message 'skipping scsi_scan_host()' as informational (bsc#1203935).
- scsi: qla2xxx: Remove unused declarations for qla2xxx (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Revert 'scsi: qla2xxx: Fix response queue handler reading stale packets' (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: smartpqi: Shorten drive visibility after removal (bsc#1200622).
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- struct ehci_hcd: hide new member (git-fixes).
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- sunrpc: Clean up scheduling of autoclose (git-fixes).
- sunrpc: Do not call connect() more than once on a TCP socket (git-fixes).
- sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- sunrpc: Do not leak sockets in xs_local_connect() (git-fixes).
- sunrpc: Fix READ_PLUS crasher (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- sunrpc: Prevent immediate close+reconnect (git-fixes).
- sunrpc: RPC level errors should set task->tk_rpc_status (git-fixes).
- sunrpc: Reinitialise the backchannel request buffers before reuse (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: hold caller_addr to hardirq_{enable,disable}_ip (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU (git-fixes).
- usb.h: struct usb_device: hide new member (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: cdc-acm: Add Icom PMR F3400 support (0c26:0020) (git-fixes).
- usb: core: Fix RST error in hub.c (git-fixes).
- usb: core: Prevent nested device-reset calls (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: disable USB core PHY management (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- usb: serial: ch341: fix lost character on LCR updates (git-fixes).
- usb: serial: ch341: name prescaler, divisor registers (git-fixes).
- usb: serial: cp210x: add Decagon UCA device id (git-fixes).
- usb: serial: ftdi_sio: add Omron CS1W-CIF31 device id (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- usb: serial: option: add Quectel EM060K modem (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add Quectel RM520N (git-fixes).
- usb: serial: option: add support for Cinterion MV32-WA/WB RmNet mode (git-fixes).
- usb: serial: option: add support for OPPO R11 diag port (git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmci: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- vmci: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- vmci: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- vmci: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- vmci: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- vmci: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- watchdog: wdat_wdt: Set the min and max timeout values properly (bsc#1194023).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/bugs: Reenable retbleed=off While for older kernels the return thunks are statically built in and cannot be dynamically patched out, retbleed=off should still work so that it can be disabled.
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- x86/xen: Remove undefined behavior in setup_features() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
ImportantSUSE bug 1023051SUSE bug 1065729SUSE bug 1152489SUSE bug 1156395SUSE bug 1177471SUSE bug 1179722SUSE bug 1179723SUSE bug 1181862SUSE bug 1185032SUSE bug 1191662SUSE bug 1191667SUSE bug 1191881SUSE bug 1192594SUSE bug 1194023SUSE bug 1194272SUSE bug 1194535SUSE bug 1196444SUSE bug 1197158SUSE bug 1197659SUSE bug 1197755SUSE bug 1197756SUSE bug 1197757SUSE bug 1197760SUSE bug 1197763SUSE bug 1197920SUSE bug 1198971SUSE bug 1199291SUSE bug 1200288SUSE bug 1200313SUSE bug 1200431SUSE bug 1200622SUSE bug 1200845SUSE bug 1200868SUSE bug 1200869SUSE bug 1200870SUSE bug 1200871SUSE bug 1200872SUSE bug 1200873SUSE bug 1201019SUSE bug 1201309SUSE bug 1201310SUSE bug 1201420SUSE bug 1201489SUSE bug 1201610SUSE bug 1201705SUSE bug 1201726SUSE bug 1201865SUSE bug 1201948SUSE bug 1201990SUSE bug 1202095SUSE bug 1202096SUSE bug 1202097SUSE bug 1202341SUSE bug 1202346SUSE bug 1202347SUSE bug 1202385SUSE bug 1202393SUSE bug 1202396SUSE bug 1202447SUSE bug 1202577SUSE bug 1202636SUSE bug 1202638SUSE bug 1202672SUSE bug 1202677SUSE bug 1202701SUSE bug 1202708SUSE bug 1202709SUSE bug 1202710SUSE bug 1202711SUSE bug 1202712SUSE bug 1202713SUSE bug 1202714SUSE bug 1202715SUSE bug 1202716SUSE bug 1202717SUSE bug 1202718SUSE bug 1202720SUSE bug 1202722SUSE bug 1202745SUSE bug 1202756SUSE bug 1202810SUSE bug 1202811SUSE bug 1202860SUSE bug 1202895SUSE bug 1202898SUSE bug 1202960SUSE bug 1202984SUSE bug 1203063SUSE bug 1203098SUSE bug 1203107SUSE bug 1203117SUSE bug 1203135SUSE bug 1203136SUSE bug 1203137SUSE bug 1203159SUSE bug 1203290SUSE bug 1203389SUSE bug 1203410SUSE bug 1203424SUSE bug 1203514SUSE bug 1203552SUSE bug 1203622SUSE bug 1203737SUSE bug 1203769SUSE bug 1203770SUSE bug 1203802SUSE bug 1203906SUSE bug 1203909SUSE bug 1203935SUSE bug 1203939SUSE bug 1203987SUSE bug 1203992SUSE bug 1204051SUSE bug 1204059SUSE bug 1204060SUSE bug 1204125CVE-2016-3695 at SUSECVE-2016-3695 at NVDCVE-2020-16119 at SUSECVE-2020-16119 at NVDCVE-2020-27784 at SUSECVE-2020-27784 at NVDCVE-2021-4155 at SUSECVE-2021-4155 at NVDCVE-2021-4203 at SUSECVE-2021-4203 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-20369 at SUSECVE-2022-20369 at NVDCVE-2022-2503 at SUSECVE-2022-2503 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2588 at SUSECVE-2022-2588 at NVDCVE-2022-26373 at SUSECVE-2022-26373 at NVDCVE-2022-2663 at SUSECVE-2022-2663 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-3028 at SUSECVE-2022-3028 at NVDCVE-2022-3169 at SUSECVE-2022-3169 at NVDCVE-2022-32296 at SUSECVE-2022-32296 at NVDCVE-2022-3239 at SUSECVE-2022-3239 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-36879 at SUSECVE-2022-36879 at NVDCVE-2022-39188 at SUSECVE-2022-39188 at NVDCVE-2022-39190 at SUSECVE-2022-39190 at NVDCVE-2022-40768 at SUSECVE-2022-40768 at NVDCVE-2022-41218 at SUSECVE-2022-41218 at NVDCVE-2022-41222 at SUSECVE-2022-41222 at NVDCVE-2022-41674 at SUSECVE-2022-41674 at NVDCVE-2022-41848 at SUSECVE-2022-41848 at NVDCVE-2022-41849 at SUSECVE-2022-41849 at NVDCVE-2022-42719 at SUSECVE-2022-42719 at NVDCVE-2022-42720 at SUSECVE-2022-42720 at NVDCVE-2022-42721 at SUSECVE-2022-42721 at NVDCVE-2022-42722 at SUSECVE-2022-42722 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2022-2989: Fixed possible information disclosure and modification (bsc#1202809).
ModerateSUSE bug 1202809CVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
ImportantSUSE bug 1201978SUSE bug 1204366SUSE bug 1204367CVE-2016-3709 at SUSECVE-2016-3709 at NVDCVE-2022-40303 at SUSECVE-2022-40303 at NVDCVE-2022-40304 at SUSECVE-2022-40304 at NVDcpe:/o:suse:suse-microos:5.2Security update for gstreamer-plugins-base (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2021-3522: Fixed ID3v2 tag frame size check and potential invalid reads (bsc#1185448).
ModerateSUSE bug 1185448CVE-2021-3522 at SUSECVE-2021-3522 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Important)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2022-43680: Fixed use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (bsc#1204708).
ImportantSUSE bug 1204708CVE-2022-43680 at SUSECVE-2022-43680 at NVDcpe:/o:suse:suse-microos:5.2Security update for protobuf (Important)SUSE Linux Enterprise Micro 5.2
This update for protobuf fixes the following issues:
- CVE-2021-22569: Fixed Denial of Service in protobuf-java in the parsing procedure for binary data (bsc#1194530).
- CVE-2022-1941: Fix a potential DoS issue in protobuf-cpp and protobuf-python (bsc#1203681)
- CVE-2022-3171: Fix a potential DoS issue when parsing with binary data in protobuf-java (bsc#1204256)
ImportantSUSE bug 1194530SUSE bug 1203681SUSE bug 1204256CVE-2021-22569 at SUSECVE-2021-22569 at NVDCVE-2022-1941 at SUSECVE-2022-1941 at NVDCVE-2022-3171 at SUSECVE-2022-3171 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15-SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-2964, CVE-2022-28748: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686 bsc#1196018).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700).
- CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
- CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
- CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
- ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
- ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically (git-fixes).
- ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - add supported devices as contributed on github (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
- KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes).
- KVM: s390: pv: do not present the ecall interrupt twice (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
- PCI: Dynamically map ECAM regions (bsc#1204382).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states (git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- RDMA/cxgb4: Remove MW support (git-fixes)
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- RDMA/efa: Remove double QP type assignment (git-fixes)
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- RDMA/mlx4: Return missed an error if device does not support steering (git-fixes)
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)
- RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- RDMA/rxe: Fix failure during driver load (git-fixes)
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- RDMA: Verify port when creating flow rule (git-fixes)
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- arm64: assembler: add cond_yield macro (git-fixes)
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
- crypto: akcipher - default implementation for setting a private key (git-fixes).
- crypto: arm64/sha - fix function types (git-fixes)
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- crypto: cavium - prevent integer overflow loading firmware (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
- device property: Fix documentation for *_match_string() APIs (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
- dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dyndbg: let query-modname override actual module name (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725).
- fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
- gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
- iio: inkern: only release the device node when done with it (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
- kbuild: remove the target in signal traps when interrupted (git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559).
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
- locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
- mfd: sm501: Add check for platform_driver_register() (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
- mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
- mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
- mmc: core: Replace with already defined values for readability (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
- net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
- powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
- powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931).
- quota: widen timestamps for the fs_disk_quota structure (bsc#1203387).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931).
- selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
- soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
- struct pci_config_window kABI workaround (bsc#1204382).
- thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
- wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
- xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes).
- xfs: enable big timestamps (bsc#1203387).
- xfs: enable new inode btree counters feature (bsc#1203387).
- xfs: explicitly define inode timestamp range (bsc#1203387).
- xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes).
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- xfs: remove obsolete AGF counter debugging (git-fixes).
- xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes).
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- xfs: use a struct timespec64 for the in-core crtime (bsc#1203387).
- xfs: use the finobt block counts to speed up mount times (bsc#1203387).
- xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387).
- xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387).
- xhci: Do not show warning for reinit on known broken suspend (git-fixes).
ImportantSUSE bug 1032323SUSE bug 1065729SUSE bug 1196018SUSE bug 1198702SUSE bug 1200465SUSE bug 1200788SUSE bug 1201725SUSE bug 1202686SUSE bug 1202700SUSE bug 1203066SUSE bug 1203098SUSE bug 1203387SUSE bug 1203391SUSE bug 1203496SUSE bug 1204053SUSE bug 1204166SUSE bug 1204168SUSE bug 1204354SUSE bug 1204355SUSE bug 1204382SUSE bug 1204402SUSE bug 1204415SUSE bug 1204417SUSE bug 1204431SUSE bug 1204439SUSE bug 1204470SUSE bug 1204479SUSE bug 1204574SUSE bug 1204575SUSE bug 1204619SUSE bug 1204635SUSE bug 1204637SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204728SUSE bug 1204753SUSE bug 1204754CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-rsa (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-rsa fixes the following issues:
- CVE-2020-25658: Fixed bleichenbacher timing oracle attack against RSA decryption (bsc#1178676).
ModerateSUSE bug 1178676CVE-2020-25658 at SUSECVE-2020-25658 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-33746: Fixed DoS due to excessively long P2M pool freeing (bsc#1203806)
- CVE-2022-33748: Fixed DoS due to race in locking (bsc#1203807)
- CVE-2022-42311, CVE-2022-42312, CVE-2022-42313, CVE-2022-42314, CVE-2022-42315, CVE-2022-42316, CVE-2022-42317, CVE-2022-42318: xen: Xenstore: Guests can let xenstored run out of memory (bsc#1204482)
- CVE-2022-42309: xen: Xenstore: Guests can crash xenstored (bsc#1204485)
- CVE-2022-42310: xen: Xenstore: Guests can create orphaned Xenstore nodes (bsc#1204487)
- CVE-2022-42319: xen: Xenstore: Guests can cause Xenstore to not free temporary memory (bsc#1204488)
- CVE-2022-42320: xen: Xenstore: Guests can get access to Xenstore nodes of deleted domains (bsc#1204489)
- CVE-2022-42321: xen: Xenstore: Guests can crash xenstored via exhausting the stack (bsc#1204490)
- CVE-2022-42322,CVE-2022-42323: xen: Xenstore: cooperating guests can create arbitrary numbers of nodes (bsc#1204494)
- CVE-2022-42325,CVE-2022-42326: xen: Xenstore: Guests can create arbitrary number of nodes via transactions (bsc#1204496)
- xen: Frontends vulnerable to backends (bsc#1193923)
ImportantSUSE bug 1027519SUSE bug 1193923SUSE bug 1203806SUSE bug 1203807SUSE bug 1204482SUSE bug 1204485SUSE bug 1204487SUSE bug 1204488SUSE bug 1204489SUSE bug 1204490SUSE bug 1204494SUSE bug 1204496CVE-2022-33746 at SUSECVE-2022-33746 at NVDCVE-2022-33747 at SUSECVE-2022-33747 at NVDCVE-2022-33748 at SUSECVE-2022-33748 at NVDCVE-2022-42309 at SUSECVE-2022-42309 at NVDCVE-2022-42310 at SUSECVE-2022-42310 at NVDCVE-2022-42311 at SUSECVE-2022-42311 at NVDCVE-2022-42312 at SUSECVE-2022-42312 at NVDCVE-2022-42313 at SUSECVE-2022-42313 at NVDCVE-2022-42314 at SUSECVE-2022-42314 at NVDCVE-2022-42315 at SUSECVE-2022-42315 at NVDCVE-2022-42316 at SUSECVE-2022-42316 at NVDCVE-2022-42317 at SUSECVE-2022-42317 at NVDCVE-2022-42318 at SUSECVE-2022-42318 at NVDCVE-2022-42319 at SUSECVE-2022-42319 at NVDCVE-2022-42320 at SUSECVE-2022-42320 at NVDCVE-2022-42321 at SUSECVE-2022-42321 at NVDCVE-2022-42322 at SUSECVE-2022-42322 at NVDCVE-2022-42323 at SUSECVE-2022-42323 at NVDCVE-2022-42325 at SUSECVE-2022-42325 at NVDCVE-2022-42326 at SUSECVE-2022-42326 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Important)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
- CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976).
- CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803).
Bugfixes:
- Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102).
ImportantSUSE bug 1200102SUSE bug 1202803SUSE bug 1202976CVE-2022-1615 at SUSECVE-2022-1615 at NVDCVE-2022-32743 at SUSECVE-2022-32743 at NVDcpe:/o:suse:suse-microos:5.2Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libX11 fixes the following issues:
- CVE-2022-3554: Fixed memory leak in XRegisterIMInstantiateCallback() (bsc#1204422).
- CVE-2022-3555: Fixed memory leak in _XFreeX11XCBStructure() (bsc#1204425).
ModerateSUSE bug 1204422SUSE bug 1204425CVE-2022-3554 at SUSECVE-2022-3554 at NVDCVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-cryptography, python-cryptography-vectors (Important)SUSE Linux Enterprise Micro 5.2
This update for python-cryptography, python-cryptography-vectors fixes the following issues:
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Refresh patches for new version
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2
* 2.9.2 - 2020-04-22
- Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15.
* 2.9.1 - 2020-04-21
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g.
* 2.9 - 2020-04-02
- BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
- BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
- BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
- Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
- BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
- Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f.
- Added support for parsing single_extensions in an OCSP response.
- NameAttribute values can now be empty strings.
- Add openSSL_111d.patch to make this version of the package
compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792.
- bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in
finalize_with_tag API
- Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312)
- Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.9.2:
* updated vectors for the cryptography 2.9.2 testing
ImportantSUSE bug 1101820SUSE bug 1149792SUSE bug 1176785SUSE bug 1177083CVE-2018-10903 at SUSECVE-2018-10903 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2153: Fixed vulnerability in KVM that could allow an unprivileged local attacker on the host to cause DoS (bnc#1200788).
- CVE-2022-2964: Fixed memory corruption issues in ax88179_178a devices (bnc#1202686).
- CVE-2022-2978: Fixed use-after-free in the NILFS file system that could lead to local privilege escalation or DoS (bnc#1202700).
- CVE-2022-3176: Fixed use-after-free in io_uring when using POLLFREE (bnc#1203391).
- CVE-2022-3424: Fixed use-after-free in gru_set_context_option(), gru_fault() and gru_handle_user_call_os() that could lead to kernel panic (bsc#1204166).
- CVE-2022-3521: Fixed race condition in kcm_tx_work() in net/kcm/kcmsock.c (bnc#1204355).
- CVE-2022-3524: Fixed memory leak in ipv6_renew_options() in the IPv6 handler (bnc#1204354).
- CVE-2022-3535: Fixed memory leak in mvpp2_dbgfs_port_init() in drivers/net/ethernet/marvell/mvpp2/mvpp2_debugfs.c (bnc#1204417).
- CVE-2022-3542: Fixed memory leak in bnx2x_tpa_stop() in drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c (bnc#1204402).
- CVE-2022-3545: Fixed use-after-free in area_cache_get() in drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c (bnc#1204415).
- CVE-2022-3565: Fixed use-after-free in del_timer() in drivers/isdn/mISDN/l1oip_core.c (bnc#1204431).
- CVE-2022-3577: Fixed out-of-bounds memory write flaw in bigben device driver that could lead to local privilege escalation or DoS (bnc#1204470).
- CVE-2022-3586: Fixed use-after-free in socket buffer (SKB) that could allow a local unprivileged user to cause a denial of service (bnc#1204439).
- CVE-2022-3594: Fixed excessive data logging in intr_callback() in drivers/net/usb/r8152.c (bnc#1204479).
- CVE-2022-3621: Fixed null pointer dereference in nilfs_bmap_lookup_at_level() in fs/nilfs2/inode.c (bnc#1204574).
- CVE-2022-3625: Fixed use-after-free in devlink_param_set()/devlink_param_get() in net/core/devlink.c (bnc#1204637).
- CVE-2022-3629: Fixed memory leak in vsock_connect() in net/vmw_vsock/af_vsock.c (bnc#1204635).
- CVE-2022-3640: Fixed use-after-free in l2cap_conn_del() in net/bluetooth/l2cap_core.c (bnc#1204619).
- CVE-2022-3646: Fixed memory leak in nilfs_attach_log_writer() in fs/nilfs2/segment.c (bnc#1204646).
- CVE-2022-3649: Fixed use-after-free in nilfs_new_inode() in fs/nilfs2/inode.c (bnc#1204647).
- CVE-2022-39189: Fixed a flaw in the x86 KVM subsystem that could allow unprivileged guest users to compromise the guest kernel via TLB flush operations on preempted vCPU (bnc#1203066).
- CVE-2022-42703: Fixed use-after-free in mm/rmap.c related to leaf anon_vma double reuse (bnc#1204168).
- CVE-2022-43750: Fixed vulnerability in usbmon that allowed a user-space client to corrupt the monitor's internal memory (bnc#1204653).
The following non-security bugs were fixed:
- ACPI: APEI: do not add task_work to kernel thread to avoid memory leak (git-fixes).
- ACPI: HMAT: Release platform device in case of platform_device_add_data() fails (git-fixes).
- ACPI: extlog: Handle multiple records (git-fixes).
- ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (bnc#1203802).
- ACPI: video: Add Toshiba Satellite/Portege Z830 quirk (git-fixes).
- ALSA: Use del_timer_sync() before freeing timer (git-fixes).
- ALSA: ac97: fix possible memory leak in snd_ac97_dev_register() (git-fixes).
- ALSA: aoa: Fix I2S device accounting (git-fixes).
- ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev() (git-fixes).
- ALSA: asihpi - Remove useless code in hpi_meter_get_peak() (git-fixes).
- ALSA: au88x0: use explicitly signed char (git-fixes).
- ALSA: dmaengine: increment buffer pointer atomically (git-fixes).
- ALSA: hda/hdmi: Do not skip notification handling during PM operation (git-fixes).
- ALSA: hda/realtek: Add Intel Reference SSID to support headset keys (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G513 HP jack (git-fixes).
- ALSA: hda/realtek: Add pincfg for ASUS G533Z HP jack (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA503R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GV601R laptop (git-fixes).
- ALSA: hda/realtek: Add quirk for Huawei WRT-WX9 (git-fixes).
- ALSA: hda/realtek: Correct pin configs for ASUS G533Z (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output Dell Precision 5530 laptop (git-fixes).
- ALSA: hda/realtek: remove ALC289_FIXUP_DUAL_SPK for Dell 5530 (git-fixes).
- ALSA: hda/sigmatel: Fix unused variable warning for beep power change (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (git-fixes).
- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
- ALSA: hda: Fix position reporting on Poulsbo (git-fixes).
- ALSA: hda: add Intel 5 Series / 3400 PCI DID (git-fixes).
- ALSA: oss: Fix potential deadlock at unregistration (git-fixes).
- ALSA: rawmidi: Drop register_mutex in snd_rawmidi_free() (git-fixes).
- ALSA: rme9652: use explicitly signed char (git-fixes).
- ALSA: usb-audio: Fix NULL dererence at error path (git-fixes).
- ALSA: usb-audio: Fix potential memory leaks (git-fixes).
- ASoC: eureka-tlv320: Hold reference returned from of_find_xxx API (git-fixes).
- ASoC: fsl_sai: Remove unnecessary FIFO reset in ISR (git-fixes).
- ASoC: mt6660: Fix PM disable depth imbalance in mt6660_i2c_probe (git-fixes).
- ASoC: nau8824: Fix semaphore unbalance at error paths (git-fixes).
- ASoC: rsnd: Add check for rsnd_mod_power_on (git-fixes).
- ASoC: tas2770: Reinit regcache on reset (git-fixes).
- ASoC: wcd9335: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wcd934x: fix order of Slimbus unprepare/disable (git-fixes).
- ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe (git-fixes).
- ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe (git-fixes).
- ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe (git-fixes).
- Bluetooth: L2CAP: Fix user-after-free (git-fixes).
- Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create() (git-fixes).
- Bluetooth: hci_core: Fix not handling link timeouts propertly (git-fixes).
- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times (git-fixes).
- HID: hidraw: fix memory leak in hidraw_release() (git-fixes).
- HID: magicmouse: Do not set BTN_MOUSE on double report (git-fixes).
- HID: multitouch: Add memory barriers (git-fixes).
- HID: roccat: Fix use-after-free in roccat_read() (git-fixes).
- HSI: omap_ssi: Fix refcount leak in ssi_probe (git-fixes).
- HSI: omap_ssi_port: Fix dma_map_sg error check (git-fixes).
- IB/cm: Cancel mad on the DREQ event when the state is MRA_REP_RCVD (git-fixes)
- IB/cma: Allow XRC INI QPs to set their local ACK timeout (git-fixes)
- IB/core: Only update PKEY and GID caches on respective events (git-fixes)
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- IB/mlx4: Add support for REJ due to timeout (git-fixes)
- IB/mlx4: Use port iterator and validation APIs (git-fixes)
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- IB/rdmavt: Add __init/__exit annotations to module init/exit funcs (git-fixes)
- IB/srpt: Remove redundant assignment to ret (git-fixes)
- Input: i8042 - fix refount leak on sparc (git-fixes).
- Input: xpad - add supported devices as contributed on github (git-fixes).
- Input: xpad - fix wireless 360 controller breaking after suspend (git-fixes).
- KVM: nVMX: Unconditionally purge queued/injected events on nested 'exit' (git-fixes).
- KVM: s390: Clarify SIGP orders versus STOP/RESTART (git-fixes).
- KVM: s390: VSIE: fix MVPG handling for prefixing and MSO (git-fixes).
- KVM: s390: clear kicked_mask before sleeping again (git-fixes).
- KVM: s390: preserve deliverable_mask in __airqs_kick_single_vcpu (git-fixes).
- KVM: s390: pv: do not present the ecall interrupt twice (git-fixes).
- KVM: s390: split kvm_s390_real_to_abs (git-fixes).
- KVM: s390x: fix SCK locking (git-fixes).
- KVM: x86/emulator: Fix handing of POP SS to correctly set interruptibility (git-fixes).
- PCI: Dynamically map ECAM regions (bsc#1204382).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend() (git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge (git-fixes).
- PM: domains: Fix handling of unavailable/disabled idle states (git-fixes).
- PM: hibernate: Allow hybrid sleep to work with s2idle (git-fixes).
- RDMA/bnxt_re: Add missing spin lock initialization (git-fixes)
- RDMA/bnxt_re: Fix query SRQ failure (git-fixes)
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- RDMA/cma: Fix arguments order in net device validation (git-fixes)
- RDMA/core: Sanitize WQ state received from the userspace (git-fixes)
- RDMA/cxgb4: Remove MW support (git-fixes)
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- RDMA/efa: Remove double QP type assignment (git-fixes)
- RDMA/efa: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/hfi1: Fix potential integer multiplication overflow errors (git-fixes)
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- RDMA/i40iw: Use ib_umem_num_dma_pages() (git-fixes)
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- RDMA/mlx4: Return missed an error if device does not support steering (git-fixes)
- RDMA/mlx5: Add missing check for return value in get namespace flow (git-fixes)
- RDMA/mlx5: Block FDB rules when not in switchdev mode (git-fixes)
- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (git-fixes)
- RDMA/mlx5: Make mkeys always owned by the kernel's PD when not enabled (git-fixes)
- RDMA/mlx5: Set user priority for DCT (git-fixes)
- RDMA/mlx5: Use set_mkc_access_pd_addr_fields() in reg_create() (git-fixes)
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (git-fixes)
- RDMA/qedr: Fix reporting QP timeout attribute (git-fixes)
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes)
- RDMA/rxe: Fix 'kernel NULL pointer dereference' error (git-fixes)
- RDMA/rxe: Fix error unwind in rxe_create_qp() (git-fixes)
- RDMA/rxe: Fix extra copies in build_rdma_network_hdr (git-fixes)
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- RDMA/rxe: Fix failure during driver load (git-fixes)
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- RDMA/rxe: Fix redundant skb_put_zero (git-fixes)
- RDMA/rxe: Fix rnr retry behavior (git-fixes)
- RDMA/rxe: Fix the error caused by qp->sk (git-fixes)
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- RDMA/rxe: Generate a completion for unsupported/invalid opcode (git-fixes)
- RDMA/rxe: Remove unused pkt->offset (git-fixes)
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- RDMA/sa_query: Use strscpy_pad instead of memcpy to copy a string (git-fixes)
- RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall. (git-fixes)
- RDMA/siw: Fix a condition race issue in MPA request processing (git-fixes)
- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY event (git-fixes)
- RDMA/siw: Pass a pointer to virt_to_page() (git-fixes)
- RDMA/usnic: fix set-but-not-unused variable 'flags' warning (git-fixes)
- RDMA: Verify port when creating flow rule (git-fixes)
- RDMA: remove useless condition in siw_create_cq() (git-fixes)
- RDMa/mthca: Work around -Wenum-conversion warning (git-fixes)
- Revert 'drivers/video/backlight/platform_lcd.c: add support for (bsc#1152489)
- Revert 'drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time' (git-fixes).
- Revert 'usb: add quirks for Lenovo OneLink+ Dock' (git-fixes).
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- Revert 'usb: storage: Add quirk for Samsung Fit flash' (git-fixes).
- USB: serial: console: move mutex_unlock() before usb_serial_put() (git-fixes).
- USB: serial: ftdi_sio: fix 300 bps rate for SIO (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel BG95 0x0203 composition (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: option: add Quectel RM520N (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell branded EM7455 (git-fixes).
- arm64: assembler: add cond_yield macro (git-fixes)
- ata: fix ata_id_has_devslp() (git-fixes).
- ata: fix ata_id_has_dipm() (git-fixes).
- ata: fix ata_id_has_ncq_autosense() (git-fixes).
- ata: fix ata_id_sense_reporting_enabled() and ata_id_has_sense_reporting() (git-fixes).
- ata: libahci_platform: Sanity check the DT child nodes number (git-fixes).
- can: bcm: check the result of can_send() in bcm_can_tx() (git-fixes).
- can: gs_usb: gs_can_open(): fix race dev->can.state condition (git-fixes).
- can: kvaser_usb: Fix possible completions during init_completion (git-fixes).
- can: kvaser_usb: Fix use of uninitialized completion (git-fixes).
- can: kvaser_usb_leaf: Fix CAN state after restart (git-fixes).
- can: kvaser_usb_leaf: Fix TX queue out of sync after restart (git-fixes).
- can: mscan: mpc5xxx: mpc5xxx_can_probe(): add missing put_clock() in error path (git-fixes).
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (bsc#1204753).
- clk: bcm2835: Make peripheral PLLC critical (git-fixes).
- clk: bcm2835: fix bcm2835_clock_rate_from_divisor declaration (git-fixes).
- clk: berlin: Add of_node_put() for of_get_parent() (git-fixes).
- clk: imx: imx6sx: remove the SET_RATE_PARENT flag for QSPI clocks (git-fixes).
- clk: iproc: Do not rely on node name for correct PLL setup (git-fixes).
- clk: mediatek: mt8183: mfgcfg: Propagate rate changes to parent (git-fixes).
- clk: oxnas: Hold reference returned by of_get_parent() (git-fixes).
- clk: qcom: gcc-msm8916: use ARRAY_SIZE instead of specifying num_parents (git-fixes).
- clk: qoriq: Hold reference returned by of_get_parent() (git-fixes).
- clk: tegra20: Fix refcount leak in tegra20_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra114_clock_init (git-fixes).
- clk: tegra: Fix refcount leak in tegra210_clock_init (git-fixes).
- clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe (git-fixes).
- clk: zynqmp: Fix stack-out-of-bounds in strncpy` (git-fixes).
- clk: zynqmp: pll: rectify rate rounding in zynqmp_pll_round_rate (git-fixes).
- crypto: akcipher - default implementation for setting a private key (git-fixes).
- crypto: arm64/sha - fix function types (git-fixes)
- crypto: arm64/sha1-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha2-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha3-ce - simplify NEON yield (git-fixes)
- crypto: arm64/sha512-ce - simplify NEON yield (git-fixes)
- crypto: cavium - prevent integer overflow loading firmware (git-fixes).
- crypto: ccp - Release dma channels before dmaengine unrgister (git-fixes).
- crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr (git-fixes).
- device property: Fix documentation for *_match_string() APIs (git-fixes).
- dmaengine: ioat: stop mod_timer from resurrecting deleted timer in __cleanup() (git-fixes).
- dmaengine: xilinx_dma: Report error in case of dma_set_mask_and_coherent API failure (git-fixes).
- dmaengine: xilinx_dma: cleanup for fetching xlnx,num-fstores property (git-fixes).
- docs: update mediator information in CoC docs (git-fixes).
- drivers: serial: jsm: fix some leaks in probe (git-fixes).
- drm/amd/display: Limit user regamma to a valid value (git-fixes).
- drm/amdgpu: do not register a dirty callback for non-atomic (git-fixes).
- drm/amdgpu: fix initial connector audio value (git-fixes).
- drm/amdgpu: use dirty framebuffer helper (git-fixes).
- drm/bridge: Avoid uninitialized variable warning (git-fixes).
- drm/bridge: megachips: Fix a null pointer dereference bug (git-fixes).
- drm/bridge: parade-ps8640: Fix regulator supply order (git-fixes).
- drm/i915/gvt: fix a memory leak in intel_gvt_init_vgpu_types (git-fixes).
- drm/mipi-dsi: Detach devices when removing the host (git-fixes).
- drm/msm/dpu: Fix comment typo (git-fixes).
- drm/msm/dpu: index dpu_kms->hw_vbif using vbif_idx (git-fixes).
- drm/msm/dsi: fix memory corruption with too many bridges (git-fixes).
- drm/msm/hdmi: fix memory corruption with too many bridges (git-fixes).
- drm/msm: Fix return type of mdp4_lvds_connector_mode_valid (git-fixes).
- drm/msm: Make .remove and .shutdown HW shutdown consistent (git-fixes).
- drm/nouveau/nouveau_bo: fix potential memory leak in nouveau_bo_alloc() (git-fixes).
- drm/nouveau: fix a use-after-free in nouveau_gem_prime_import_sg_table() (git-fixes).
- drm/omap: dss: Fix refcount leak bugs (git-fixes).
- drm/rockchip: Fix return type of cdn_dp_connector_mode_valid (git-fixes).
- drm/scheduler: quieten kernel-doc warnings (git-fixes).
- drm/udl: Restore display mode on resume (git-fixes).
- drm: Prevent drm_copy_field() to attempt copying a NULL pointer (git-fixes).
- drm: Use size_t type for len variable in drm_copy_field() (git-fixes).
- drm: bridge: adv7511: fix CEC power down control register offset (git-fixes).
- drm: fix drm_mipi_dbi build errors (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Anbernic Win600 (git-fixes).
- drm:pl111: Add of_node_put() when breaking out of for_each_available_child_of_node() (git-fixes).
- dyndbg: fix module.dyndbg handling (git-fixes).
- dyndbg: let query-modname override actual module name (git-fixes).
- efi: Correct Macmini DMI match in uefi cert quirk (git-fixes).
- efi: libstub: drop pointless get_memory_map() call (git-fixes).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1204053 bsc#1201725).
- fbdev: cyber2000fb: fix missing pci_disable_device() (git-fixes).
- fbdev: da8xx-fb: Fix error handling in .remove() (git-fixes).
- firmware: arm_scmi: Add SCMI PM driver remove routine (git-fixes).
- firmware: google: Test spinlock on panic path to avoid lockups (git-fixes).
- fpga: prevent integer overflow in dfl_feature_ioctl_set_irq() (git-fixes).
- gpio: rockchip: request GPIO mux to pinctrl when setting direction (git-fixes).
- hid: hid-logitech-hidpp: avoid unnecessary assignments in hidpp_connect_event (git-fixes).
- hwmon/coretemp: Handle large core ID value (git-fixes).
- iio: ABI: Fix wrong format of differential capacitance channel ABI (git-fixes).
- iio: adc: ad7923: fix channel readings for some variants (git-fixes).
- iio: adc: at91-sama5d2_adc: check return status for pressure and touch (git-fixes).
- iio: adc: at91-sama5d2_adc: fix AT91_SAMA5D2_MR_TRACKTIM_MAX (git-fixes).
- iio: adc: at91-sama5d2_adc: lock around oversampling and sample freq (git-fixes).
- iio: adc: mcp3911: use correct id bits (git-fixes).
- iio: dac: ad5593r: Fix i2c read protocol requirements (git-fixes).
- iio: inkern: only release the device node when done with it (git-fixes).
- iio: light: tsl2583: Fix module unloading (git-fixes).
- iio: pressure: dps310: Refactor startup procedure (git-fixes).
- iio: pressure: dps310: Reset chip after timeout (git-fixes).
- irqchip/ls-extirq: Fix invalid wait context by avoiding to use regmap (git-fixes).
- kABI: arm64/crypto/sha512 Preserve function signature (git-fixes).
- kbuild: Add skip_encoding_btf_enum64 option to pahole (git-fixes).
- kbuild: remove the target in signal traps when interrupted (git-fixes).
- kbuild: sink stdout from cmd for silent build (git-fixes).
- kbuild: skip per-CPU BTF generation for pahole v1.18-v1.21 (jsc#SLE-24559).
- kthread: Extract KTHREAD_IS_PER_CPU (bsc#1204753).
- lib/sg_pool: change module_init(sg_pool_init) to subsys_initcall (git-fixes).
- libata: add ATA_HORKAGE_NOLPM for Pioneer BDR-207M and BDR-205 (git-fixes).
- locking/csd_lock: Change csdlock_debug from early_param to __setup (git-fixes).
- mISDN: fix use-after-free bugs in l1oip timer handlers (git-fixes).
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (git-fixes).
- mac802154: Fix LQI recording (git-fixes).
- mailbox: bcm-ferxrm-mailbox: Fix error check for dma_map_sg (git-fixes).
- media: aspeed-video: ignore interrupts that are not enabled (git-fixes).
- media: cedrus: Set the platform driver data earlier (git-fixes).
- media: coda: Add more H264 levels for CODA960 (git-fixes).
- media: coda: Fix reported H264 profile (git-fixes).
- media: cx88: Fix a null-ptr-deref bug in buffer_prepare() (git-fixes).
- media: dvb_vb2: fix possible out of bound access (git-fixes).
- media: v4l2-dv-timings: add sanity checks for blanking values (git-fixes).
- media: videodev2.h: V4L2_DV_BT_BLANKING_HEIGHT should check 'interlaced' (git-fixes).
- media: xilinx: vipp: Fix refcount leak in xvip_graph_dma_init (git-fixes).
- memory: of: Fix refcount leak bug in of_get_ddr_timings() (git-fixes).
- memory: pl353-smc: Fix refcount leak bug in pl353_smc_probe() (git-fixes).
- mfd: fsl-imx25: Fix an error handling path in mx25_tsadc_setup_irq() (git-fixes).
- mfd: intel_soc_pmic: Fix an error handling path in intel_soc_pmic_i2c_probe() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_irq_init() and lp8788_irq_init() (git-fixes).
- mfd: lp8788: Fix an error handling path in lp8788_probe() (git-fixes).
- mfd: sm501: Add check for platform_driver_register() (git-fixes).
- misc: ocxl: fix possible refcount leak in afu_ioctl() (git-fixes).
- mm, memcg: avoid stale protection values when cgroup is above protection (bsc#1204754).
- mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page (bsc#1204575).
- mm: memcontrol: fix occasional OOMs due to proportional memory.low reclaim (bsc#1204754).
- mmc: au1xmmc: Fix an error handling path in au1xmmc_probe() (git-fixes).
- mmc: core: Fix kernel panic when remove non-standard SDIO card (git-fixes).
- mmc: core: Replace with already defined values for readability (git-fixes).
- mmc: core: Terminate infinite loop in SD-UHS voltage switch (git-fixes).
- mmc: moxart: fix 4-bit bus width and remove 8-bit bus width (git-fixes).
- mmc: sdhci-msm: add compatible string check for sdm670 (git-fixes).
- mmc: sdhci-sprd: Fix minimum clock limit (git-fixes).
- mmc: wmt-sdmmc: Fix an error handling path in wmt_mci_probe() (git-fixes).
- mtd: devices: docg3: check the return value of devm_ioremap() in the probe (git-fixes).
- mtd: rawnand: atmel: Unmap streaming DMA mappings (git-fixes).
- mtd: rawnand: marvell: Use correct logic for nand-keep-config (git-fixes).
- mtd: rawnand: meson: fix bit map use in meson_nfc_ecc_correct() (git-fixes).
- net/ieee802154: fix uninit value bug in dgram_sendmsg (git-fixes).
- net: ieee802154: return -EINVAL for unknown addr type (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: qmi_wwan: Add new usb-id for Dell branded EM7455 (git-fixes).
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- openvswitch: Fix double reporting of drops in dropwatch (git-fixes).
- openvswitch: Fix overreporting of drops in dropwatch (git-fixes).
- openvswitch: switch from WARN to pr_warn (git-fixes).
- padata: introduce internal padata_get/put_pd() helpers (bsc#1202638).
- padata: make padata_free_shell() to respect pd's ->refcnt (bsc#1202638).
- parisc/sticon: fix reverse colors (bsc#1152489) Backporting notes: * context changes
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1152489)
- phy: qualcomm: call clk_disable_unprepare in the error handling (git-fixes).
- pinctrl: armada-37xx: Add missing GPIO-only pins (git-fixes).
- pinctrl: armada-37xx: Checks for errors in gpio_request_enable callback (git-fixes).
- pinctrl: armada-37xx: Fix definitions for MPP pins 20-22 (git-fixes).
- pinctrl: rockchip: add pinmux_ops.gpio_set_direction callback (git-fixes).
- platform/x86: msi-laptop: Change DMI match / alias strings to fix module autoloading (git-fixes).
- platform/x86: msi-laptop: Fix old-ec check for backlight registering (git-fixes).
- platform/x86: msi-laptop: Fix resource cleanup (git-fixes).
- power: supply: adp5061: fix out-of-bounds read in adp5061_get_chg_type() (git-fixes).
- powerpc/64: Remove unused SYS_CALL_TABLE symbol (jsc#SLE-9246 git-fixes).
- powerpc/fadump: align destination address to pagesize (bsc#1204728 ltc#200074).
- powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe() (jsc#SLE-13847 git-fixes).
- powerpc/mm/64s: Drop pgd_huge() (bsc#1065729).
- powerpc/mm: remove pmd_huge/pud_huge stubs and include hugetlb.h (bsc#1065729).
- powerpc/pci_dn: Add missing of_node_put() (bsc#1065729).
- powerpc/powernv: add missing of_node_put() in opal_export_attrs() (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#PED-1931).
- quota: widen timestamps for the fs_disk_quota structure (bsc#1203387).
- regulator: pfuze100: Fix the global-out-of-bounds access in pfuze100_regulator_probe() (git-fixes).
- regulator: qcom_rpm: Fix circular deferral regression (git-fixes).
- reset: imx7: Fix the iMX8MP PCIe PHY PERST support (git-fixes).
- rpmsg: qcom: glink: replace strncpy() with strscpy_pad() (git-fixes).
- rtc: stmp3xxx: Add failure handling for stmp3xxx_wdt_register() (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- sbitmap: Avoid leaving waitqueue in invalid state in __sbq_wake_up() (git-fixes).
- sbitmap: fix possible io hung due to lost wakeup (git-fixes).
- scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes).
- scsi: qla2xxx: Fix disk failure to rediscover (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#PED-1931).
- selftests/powerpc: Skip energy_scale_info test on older firmware (git-fixes).
- serial: Create uart_xmit_advance() (git-fixes).
- serial: tegra-tcu: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- serial: tegra: Use uart_xmit_advance(), fixes icount.tx accounting (git-fixes).
- soc: qcom: smem_state: Add refcounting for the 'state->of_node' (git-fixes).
- soc: qcom: smsm: Fix refcount leak bugs in qcom_smsm_probe() (git-fixes).
- soc: sunxi: sram: Actually claim SRAM regions (git-fixes).
- soc: sunxi: sram: Fix debugfs info for A64 SRAM C (git-fixes).
- soc: sunxi: sram: Prevent the driver from being unbound (git-fixes).
- soc: sunxi_sram: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- spi/omap100k:Fix PM disable depth imbalance in omap1_spi100k_probe (git-fixes).
- spi: mt7621: Fix an error message in mt7621_spi_probe() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_pm_resume_runtime() (git-fixes).
- spi: qup: add missing clk_disable_unprepare on error in spi_qup_resume() (git-fixes).
- spi: s3c64xx: Fix large transfers with DMA (git-fixes).
- staging: rtl8723bs: fix a potential memory leak in rtw_init_cmd_priv() (git-fixes).
- staging: vt6655: fix potential memory leak (git-fixes).
- staging: vt6655: fix some erroneous memory clean-up loops (git-fixes).
- struct pci_config_window kABI workaround (bsc#1204382).
- thermal: intel_powerclamp: Use first online CPU as control_cpu (git-fixes).
- thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash (git-fixes).
- tty/serial: atmel: RS485 & ISO7816: wait for TXRDY before sending data (git-fixes).
- tty: serial: fsl_lpuart: disable dma rx/tx use flags in lpuart_dma_shutdown (git-fixes).
- tty: xilinx_uartps: Fix the ignore_status (git-fixes).
- uas: add no-uas quirk for Hiksemi usb_disk (git-fixes).
- uas: ignore UAS for Thinkplus chips (git-fixes).
- usb-storage: Add Hiksemi USB3-FW to IGNORE_UAS (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: add quirks for Lenovo OneLink+ Dock (git-fixes).
- usb: bdc: change state when port disconnected (git-fixes).
- usb: dwc3: gadget: Avoid starting DWC3 gadget during UDC unbind (git-fixes).
- usb: dwc3: gadget: Do not set IMI for no_interrupt (git-fixes).
- usb: dwc3: gadget: Prevent repeat pullup() (git-fixes).
- usb: dwc3: gadget: Stop processing more requests on IMI (git-fixes).
- usb: gadget: function: fix dangling pnp_string in f_printer.c (git-fixes).
- usb: host: xhci: Fix potential memory leak in xhci_alloc_stream_info() (git-fixes).
- usb: idmouse: fix an uninit-value in idmouse_open (git-fixes).
- usb: mon: make mmapped memory read only (git-fixes).
- usb: musb: Fix musb_gadget.c rxstate overflow bug (git-fixes).
- usb: typec: ucsi: Remove incorrect warning (git-fixes).
- usb: xhci-mtk: add a function to (un)load bandwidth info (git-fixes).
- usb: xhci-mtk: add only one extra CS for FS/LS INTR (git-fixes).
- usb: xhci-mtk: add some schedule error number (git-fixes).
- usb: xhci-mtk: fix issue of out-of-bounds array access (git-fixes).
- usb: xhci-mtk: get the microframe boundary for ESIT (git-fixes).
- usb: xhci-mtk: use @sch_tt to check whether need do TT schedule (git-fixes).
- vhost/vsock: Use kvmalloc/kvfree for larger packets (git-fixes).
- video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write (git-fixes).
- watchdog: armada_37xx_wdt: Fix .set_timeout callback (git-fixes).
- watchdog: ftwdt010_wdt: fix test for platform_get_irq() failure (git-fixes).
- wifi: ath10k: add peer map clean up for peer delete in ath10k_sta_state() (git-fixes).
- wifi: ath9k: avoid uninit memory read in ath9k_htc_rx_msg() (git-fixes).
- wifi: brcmfmac: fix invalid address access when enabling SCAN log level (git-fixes).
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (git-fixes).
- wifi: cfg80211: update hidden BSSes to avoid WARN_ON (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (other cases) (git-fixes).
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
- wifi: mac80211: allow bw change during channel switch in mesh (git-fixes).
- wifi: mac80211: do not drop packets smaller than the LLC-SNAP header on fast-rx (git-fixes).
- wifi: mac80211_hwsim: avoid mac80211 warning on bad rate (git-fixes).
- wifi: rt2x00: correctly set BBP register 86 for MT7620 (git-fixes).
- wifi: rt2x00: do not run Rt5592 IQ calibration on MT7620 (git-fixes).
- wifi: rt2x00: set SoC wmac clock register (git-fixes).
- wifi: rt2x00: set VGC gain for both chains of MT7620 (git-fixes).
- wifi: rt2x00: set correct TX_SW_CFG1 MAC register for MT7620 (git-fixes).
- wifi: rtl8xxxu: Fix AIFS written to REG_EDCA_*_PARAM (git-fixes).
- wifi: rtl8xxxu: Fix skb misuse in TX queue selection (git-fixes).
- wifi: rtl8xxxu: Improve rtl8xxxu_queue_select (git-fixes).
- wifi: rtl8xxxu: Remove copy-paste leftover in gen2_update_rate_mask (git-fixes).
- wifi: rtl8xxxu: gen2: Fix mistake in path B IQ calibration (git-fixes).
- wifi: rtl8xxxu: tighten bounds checking in rtl8xxxu_read_efuse() (git-fixes).
- xfs: add missing assert in xfs_fsmap_owner_from_rmap (git-fixes).
- xfs: enable big timestamps (bsc#1203387).
- xfs: enable new inode btree counters feature (bsc#1203387).
- xfs: explicitly define inode timestamp range (bsc#1203387).
- xfs: fix memory corruption during remote attr value buffer invalidation (git-fixes).
- xfs: fix s_maxbytes computation on 32-bit kernels (git-fixes).
- xfs: hoist out xfs_resizefs_init_new_ags() (git-fixes).
- xfs: move incore structures out of xfs_da_format.h (git-fixes).
- xfs: quota: move to time64_t interfaces (bsc#1203387).
- xfs: redefine xfs_ictimestamp_t (bsc#1203387).
- xfs: redefine xfs_timestamp_t (bsc#1203387).
- xfs: refactor remote attr value buffer invalidation (git-fixes).
- xfs: remove obsolete AGF counter debugging (git-fixes).
- xfs: rename `new' to `delta' in xfs_growfs_data_private() (git-fixes).
- xfs: reserve data and rt quota at the same time (bsc#1203496).
- xfs: slightly tweak an assert in xfs_fs_map_blocks (git-fixes).
- xfs: store inode btree block counts in AGI header (bsc#1203387).
- xfs: streamline xfs_attr3_leaf_inactive (git-fixes).
- xfs: use a struct timespec64 for the in-core crtime (bsc#1203387).
- xfs: use the finobt block counts to speed up mount times (bsc#1203387).
- xfs: widen ondisk inode timestamps to deal with y2038+ (bsc#1203387).
- xfs: widen ondisk quota expiration timestamps to handle y2038+ (bsc#1203387).
- xhci: Do not show warning for reinit on known broken suspend (git-fixes).
ImportantSUSE bug 1032323SUSE bug 1065729SUSE bug 1152489SUSE bug 1198702SUSE bug 1200465SUSE bug 1200788SUSE bug 1201725SUSE bug 1202638SUSE bug 1202686SUSE bug 1202700SUSE bug 1203066SUSE bug 1203098SUSE bug 1203387SUSE bug 1203391SUSE bug 1203496SUSE bug 1203802SUSE bug 1204053SUSE bug 1204166SUSE bug 1204168SUSE bug 1204354SUSE bug 1204355SUSE bug 1204382SUSE bug 1204402SUSE bug 1204415SUSE bug 1204417SUSE bug 1204431SUSE bug 1204439SUSE bug 1204470SUSE bug 1204479SUSE bug 1204574SUSE bug 1204575SUSE bug 1204619SUSE bug 1204635SUSE bug 1204637SUSE bug 1204646SUSE bug 1204647SUSE bug 1204653SUSE bug 1204728SUSE bug 1204753SUSE bug 1204754CVE-2021-4037 at SUSECVE-2021-4037 at NVDCVE-2022-2153 at SUSECVE-2022-2153 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-3176 at SUSECVE-2022-3176 at NVDCVE-2022-3424 at SUSECVE-2022-3424 at NVDCVE-2022-3521 at SUSECVE-2022-3521 at NVDCVE-2022-3524 at SUSECVE-2022-3524 at NVDCVE-2022-3535 at SUSECVE-2022-3535 at NVDCVE-2022-3542 at SUSECVE-2022-3542 at NVDCVE-2022-3545 at SUSECVE-2022-3545 at NVDCVE-2022-3565 at SUSECVE-2022-3565 at NVDCVE-2022-3577 at SUSECVE-2022-3577 at NVDCVE-2022-3586 at SUSECVE-2022-3586 at NVDCVE-2022-3594 at SUSECVE-2022-3594 at NVDCVE-2022-3621 at SUSECVE-2022-3621 at NVDCVE-2022-3625 at SUSECVE-2022-3625 at NVDCVE-2022-3629 at SUSECVE-2022-3629 at NVDCVE-2022-3640 at SUSECVE-2022-3640 at NVDCVE-2022-3646 at SUSECVE-2022-3646 at NVDCVE-2022-3649 at SUSECVE-2022-3649 at NVDCVE-2022-39189 at SUSECVE-2022-39189 at NVDCVE-2022-42703 at SUSECVE-2022-42703 at NVDCVE-2022-43750 at SUSECVE-2022-43750 at NVDcpe:/o:suse:suse-microos:5.2Security update for systemd (Moderate)SUSE Linux Enterprise Micro 5.2
This update for systemd fixes the following issues:
- CVE-2022-3821: Fixed buffer overrun in format_timespan() function (bsc#1204968).
- Import commit 56bee38fd0da18dad5fc5c5d12c02238a22b50e2
* 8a70235d8a core: Add trigger limit for path units
* 93e544f3a0 core/mount: also add default before dependency for automount mount units
* 5916a7748c logind: fix crash in logind on user-specified message string
- Document udev naming scheme (bsc#1204179).
ModerateSUSE bug 1204179SUSE bug 1204968CVE-2022-3821 at SUSECVE-2022-3821 at NVDcpe:/o:suse:suse-microos:5.2Security update for sudo (Important)SUSE Linux Enterprise Micro 5.2
This update for sudo fixes the following issues:
- CVE-2022-43995: Fixed a potential heap-based buffer over-read when entering a passwor dof seven characters or fewer and using the crypt() password backend (bsc#1204986).
- Fix wrong information output in the error message (bsc#1190818).
- Make sure SIGCHLD is not ignored when sudo is executed; fixes race condition (bsc#1203201).
ImportantSUSE bug 1190818SUSE bug 1203201SUSE bug 1204986CVE-2022-43995 at SUSECVE-2022-43995 at NVDcpe:/o:suse:suse-microos:5.2Security update for dpkg (Low)SUSE Linux Enterprise Micro 5.2
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
LowSUSE bug 1199944CVE-2022-1664 at SUSECVE-2022-1664 at NVDcpe:/o:suse:suse-microos:5.2Security update for pixman (Important)SUSE Linux Enterprise Micro 5.2
This update for pixman fixes the following issues:
- CVE-2022-44638: Fixed an integer overflow in pixman_sample_floor_y leading to heap out-of-bounds write (bsc#1205033).
ImportantSUSE bug 1205033CVE-2022-44638 at SUSECVE-2022-44638 at NVDcpe:/o:suse:suse-microos:5.2Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-microos:5.2Security update for colord (Low)SUSE Linux Enterprise Micro 5.2
This update for colord fixes the following issues:
- CVE-2021-42523: Fixed small memory leak in sqlite3_exec (bsc#1202802).
LowSUSE bug 1202802CVE-2021-42523 at SUSECVE-2021-42523 at NVDcpe:/o:suse:suse-microos:5.2Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.2
This update for opensc fixes the following issues:
- CVE-2019-6502: Fixed memory leak in sc_context_create in ctx.c (bsc#1122756).
ModerateSUSE bug 1122756CVE-2019-6502 at SUSECVE-2019-6502 at NVDcpe:/o:suse:suse-microos:5.2Security update for libdb-4_8 (Low)SUSE Linux Enterprise Micro 5.2
This update for libdb-4_8 fixes the following issues:
- CVE-2019-2708: Fixed partial DoS due to data store execution (bsc#1174414).
LowSUSE bug 1174414CVE-2019-2708 at SUSECVE-2019-2708 at NVDcpe:/o:suse:suse-microos:5.2Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.2
This update for grub2 fixes the following issues:
- CVE-2022-2601: Fixed buffer overflow in grub_font_construct_glyph (bsc#1205178).
- CVE-2022-3775: Fixed integer underflow in blit_comb() (bsc#1205182).
Other:
- Bump upstream SBAT generation to 3
ImportantSUSE bug 1205178SUSE bug 1205182CVE-2022-2601 at SUSECVE-2022-2601 at NVDCVE-2022-3775 at SUSECVE-2022-3775 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2022-3597: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204641).
- CVE-2022-3599: Fixed out-of-bounds read in writeSingleSection in tools/tiffcrop.c (bnc#1204643).
- CVE-2022-3626: Fixed out-of-bounds write in _TIFFmemset in libtiff/tif_unix.c (bnc#1204644)
- CVE-2022-3627: Fixed out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c (bnc#1204645).
- CVE-2022-3970: Fixed unsigned integer overflow in TIFFReadRGBATileExt() (bnc#1205392).
ImportantSUSE bug 1204641SUSE bug 1204643SUSE bug 1204644SUSE bug 1204645SUSE bug 1205392CVE-2022-3597 at SUSECVE-2022-3597 at NVDCVE-2022-3599 at SUSECVE-2022-3599 at NVDCVE-2022-3626 at SUSECVE-2022-3626 at NVDCVE-2022-3627 at SUSECVE-2022-3627 at NVDCVE-2022-3970 at SUSECVE-2022-3970 at NVDcpe:/o:suse:suse-microos:5.2Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for supportutils fixes the following issues:
Security issues fixed:
- Passwords correctly removed from email.txt, updates.txt and fs-iscsi.txt (bsc#1203818)
Bug fixes:
- Added lifecycle information
- Fixed KVM virtualization detection on bare metal (bsc#1184689)
- Added logging using journalctl (bsc#1200330)
- Get current sar data before collecting files (bsc#1192648)
- Collects everything in /etc/multipath/ (bsc#1192252)
- Collects power management information in hardware.txt (bsc#1197428)
- Checks for suseconnect-ng or SUSEConnect packages (bsc#1202337)
- Fixed conf_files and conf_text_files so y2log is gathered (bsc#1202269)
- Update to nvme_info and block_info (bsc#1202417)
- Added includedir directories from /etc/sudoers (bsc#1188086)
ModerateSUSE bug 1184689SUSE bug 1188086SUSE bug 1192252SUSE bug 1192648SUSE bug 1197428SUSE bug 1200330SUSE bug 1202269SUSE bug 1202337SUSE bug 1202417SUSE bug 1203818cpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)
The following non-security bug was fixed:
- Fixed a crash in the garbage collection (bsc#1188607).
ImportantSUSE bug 1188607SUSE bug 1203125SUSE bug 1204577CVE-2019-18348 at SUSECVE-2019-18348 at NVDCVE-2020-10735 at SUSECVE-2020-10735 at NVDCVE-2020-8492 at SUSECVE-2020-8492 at NVDCVE-2022-37454 at SUSECVE-2022-37454 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0814:
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2022-3234: Fixed heap-based buffer overflow (bsc#1203508).
- CVE-2022-3235: Fixed use-after-free (bsc#1203509).
- CVE-2022-3324: Fixed stack-based buffer overflow (bsc#1203820).
- CVE-2022-3705: Fixed use-after-free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
- CVE-2022-2982: Fixed use-after-free in qf_fill_buffer() (bsc#1203152).
- CVE-2022-3296: Fixed stack out of bounds read in ex_finally() in ex_eval.c (bsc#1203796).
- CVE-2022-3297: Fixed use-after-free in process_next_cpt_value() at insexpand.c (bsc#1203797).
- CVE-2022-3099: Fixed use-after-free in ex_docmd.c (bsc#1203110).
- CVE-2022-3134: Fixed use-after-free in do_tag() (bsc#1203194).
- CVE-2022-3153: Fixed NULL pointer dereference (bsc#1203272).
- CVE-2022-3278: Fixed NULL pointer dereference in eval_next_non_blank() in eval.c (bsc#1203799).
- CVE-2022-3352: Fixed use-after-free (bsc#1203924).
- CVE-2022-2980: Fixed NULL pointer dereference in do_mouse() (bsc#1203155).
- CVE-2022-3037: Fixed use-after-free (bsc#1202962).
ImportantSUSE bug 1192478SUSE bug 1202962SUSE bug 1203110SUSE bug 1203152SUSE bug 1203155SUSE bug 1203194SUSE bug 1203272SUSE bug 1203508SUSE bug 1203509SUSE bug 1203796SUSE bug 1203797SUSE bug 1203799SUSE bug 1203820SUSE bug 1203924SUSE bug 1204779CVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2022-2980 at SUSECVE-2022-2980 at NVDCVE-2022-2982 at SUSECVE-2022-2982 at NVDCVE-2022-3037 at SUSECVE-2022-3037 at NVDCVE-2022-3099 at SUSECVE-2022-3099 at NVDCVE-2022-3134 at SUSECVE-2022-3134 at NVDCVE-2022-3153 at SUSECVE-2022-3153 at NVDCVE-2022-3234 at SUSECVE-2022-3234 at NVDCVE-2022-3235 at SUSECVE-2022-3235 at NVDCVE-2022-3278 at SUSECVE-2022-3278 at NVDCVE-2022-3296 at SUSECVE-2022-3296 at NVDCVE-2022-3297 at SUSECVE-2022-3297 at NVDCVE-2022-3324 at SUSECVE-2022-3324 at NVDCVE-2022-3352 at SUSECVE-2022-3352 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Important)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
Version update to 4.15.12.
Security issues fixed:
- CVE-2022-2031: Fixed AD users that could have bypassed certain restrictions associated with changing passwords (bsc#1201495).
- CVE-2022-32742: Fixed SMB1 code that does not correctly verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths (bsc#1201496).
- CVE-2022-32744: Fixed AD users that could have forged password change requests for any user (bsc#1201493).
- CVE-2022-32745: Fixed AD users that could have crashed the server process with an LDAP add or modify request (bsc#1201492).
- CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490).
- CVE-2022-3437: Fixed buffer overflow in Heimdal unwrap_des3() (bsc#1204254).
- CVE-2022-42898: Fixed Samba buffer overflow vulnerabilities on 32-bit systems (bsc#1205126).
Bug fixes:
- Install a systemd drop-in file for named service to allow read/write access to the DLZ directory (bsc#1201689).
- Possible use after free of connection_struct when iterating smbd_server_connection->connections (bsc#1200102).
ImportantSUSE bug 1200102SUSE bug 1201490SUSE bug 1201492SUSE bug 1201493SUSE bug 1201495SUSE bug 1201496SUSE bug 1201689SUSE bug 1204254SUSE bug 1205126CVE-2022-2031 at SUSECVE-2022-2031 at NVDCVE-2022-32742 at SUSECVE-2022-32742 at NVDCVE-2022-32744 at SUSECVE-2022-32744 at NVDCVE-2022-32745 at SUSECVE-2022-32745 at NVDCVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2022-3437 at SUSECVE-2022-3437 at NVDCVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2022-3570: Fixed heap buffer overflows in tiffcrop.c (bsc#1205422).
- CVE-2022-3598: Fixed out-of-bounds write in extractContigSamplesShifted24bits in tools/tiffcrop.c [bsc#1204642]
ImportantSUSE bug 1204642SUSE bug 1205422CVE-2022-3570 at SUSECVE-2022-3570 at NVDCVE-2022-3598 at SUSECVE-2022-3598 at NVDcpe:/o:suse:suse-microos:5.2Security update for libtpms (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libtpms fixes the following issues:
- CVE-2021-3623: Fixed out-of-bounds access when trying to resume the
state of the vTPM (bsc#1187767)
ModerateSUSE bug 1187767SUSE bug 1204556CVE-2021-3623 at SUSECVE-2021-3623 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
Update to containerd v1.6.12 including Docker v20.10.21-ce (bsc#1206065).
Also includes the following fix:
- CVE-2022-23471: host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- CVE-2022-27191: crash in a golang.org/x/crypto/ssh server (bsc#1197284).
ImportantSUSE bug 1197284SUSE bug 1206065SUSE bug 1206235CVE-2022-23471 at SUSECVE-2022-23471 at NVDCVE-2022-27191 at SUSECVE-2022-27191 at NVDcpe:/o:suse:suse-microos:5.2Security update for ceph (Important)SUSE Linux Enterprise Micro 5.2
This update for ceph fixes the following issues:
ceph was updated to the Pacific release (16.2.9-536-g41a9f9a5573):
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
+ (bsc#1200064,) Remove last vestiges of docker.io image paths
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1194875) [SES7P] include/buffer: include <memory>
+ cephadm: update image paths to registry.suse.com
+ cephadm: use snmp-notifier image from registry.suse.de
+ cephadm: infer the default container image during pull
+ mgr/cephadm: try to get FQDN for inventory address
+ (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12
+ (bsc#1196938) cephadm: preserve authorized_keys file during upgrade
+ Update Prometheus Container image paths (pr #459)
+ mgr/dashboard: Fix documentation URL (pr #456)
+ mgr/dashboard: Adapt downstream branded navigation page (pr #454)
+ Update prometheus-server version
+ (bsc#1194353) Downstream branding breaks dashboard npm build
+ (bsc#1178073) mgr/dashboard: fix downstream NFS doc links
ImportantSUSE bug 1178073SUSE bug 1194131SUSE bug 1194353SUSE bug 1194875SUSE bug 1195359SUSE bug 1196044SUSE bug 1196785SUSE bug 1196938SUSE bug 1200064SUSE bug 1200553CVE-2021-3979 at SUSECVE-2021-3979 at NVDcpe:/o:suse:suse-microos:5.2Security update for cni (Important)SUSE Linux Enterprise Micro 5.2
This update for cni fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
ImportantSUSE bug 1181961CVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:suse-microos:5.2Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.2
This update for cni-plugins fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
ImportantSUSE bug 1181961CVE-2021-20206 at SUSECVE-2021-20206 at NVDcpe:/o:suse:suse-microos:5.2Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.2
This update for conmon fixes the following issues:
conmon was updated to version 2.1.5:
* don't leak syslog_identifier
* logging: do not read more that the buf size
* logging: fix error handling
* Makefile: Fix install for FreeBSD
* signal: Track changes to get_signal_descriptor in the FreeBSD version
* Packit: initial enablement
Update to version 2.1.4:
* Fix a bug where conmon crashed when it got a SIGCHLD
update to 2.1.3:
* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max
Update to version 2.1.2:
* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level
Update to version 2.1.0
* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Update to version 2.0.32
* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command
Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
ModerateSUSE bug 1200285CVE-2022-1708 at SUSECVE-2022-1708 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
The following non-security bugs were fixed:
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes).
- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes).
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes).
- KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes).
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215).
- NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix typo (bsc#1204446).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: remove old LARA-R6 PID.
- Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
- add another bug reference to some hyperv changes (bsc#1205617).
- arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
- block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- block: use 'unsigned long' for blk_validate_block_size() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986).
- ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987).
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- dm era: commit metadata in postsuspend after worker stops (git-fixes).
- dm integrity: set journal entry unused when shrinking device (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
- dm raid: fix accesses beyond end of raid member array (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes).
- dm writecache: return the exact table values that were set (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes).
- dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- kABI: remove new member of usbip_device (git-fixes).
- kabi: fix transport_add_device change (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- loop: Check for overflow while configuring loop (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).
- media: vim2m: initialize the media device earlier (git-fixes).
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
- mmc: core: properly select voltage range without power cycle (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfsd: set the server_scope during service startup (bsc#1203746).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
- powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
- printk: use atomic updates for klogd work (bsc#1204934).
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- r8152: Add MAC passthrough support to new device (git-fixes).
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Allow splice to read previous partially read pages (git-fixes).
- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
- ring-buffer: Fix race between reset page and reading page (git-fixes).
- ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
- ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- rndis_host: increase sleep time in the query-response loop (git-fixes).
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
- scsi: drivers: base: Propagate errors through the transport component (git-fixes).
- scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes).
- scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
- staging: greybus: light: fix a couple double frees (git-fixes).
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).
- tracing/ring-buffer: Have polling block on watermark (git-fixes).
- tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
- tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
- tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
- tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
- tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup.
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: stub_dev: remake locking for kABI (git-fixes).
- usbip: synchronize event handler with sysfs code paths (git-fixes).
- usbip: usbip_event: use global lock (git-fixes).
- usbip: vudc synchronize sysfs code paths (git-fixes).
- usbip: vudc_sysfs: use global lock (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845)
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
- vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967).
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
- x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes).
- x86/xen: Distribute switch variables for initialization (git-fixes).
- x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
- xen-blkback: prevent premature module unload (git-fixes).
- xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes).
- xen/balloon: fix balloon kthread freezing (git-fixes).
- xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes).
- xen/balloon: fix cancelled balloon action (git-fixes).
- xen/balloon: use a kernel thread instead a workqueue (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/gntdev: Prevent leaking grants (git-fixes).
- xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
- xen/privcmd: Corrected error handling path (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes).
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
- xenbus: req->body should be updated before req->state (git-fixes).
- xenbus: req->err should be updated before req->state (git-fixes).
- xfs: Lower CIL flush limit for large logs (git-fixes).
- xfs: Throttle commits on delayed background CIL push (git-fixes).
- xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
- xfs: check owner of dir3 blocks (git-fixes).
- xfs: factor common AIL item deletion code (git-fixes).
- xfs: open code insert range extent split helper (git-fixes).
- xfs: rework collapse range into an atomic operation (git-fixes).
- xfs: rework insert range into an atomic operation (git-fixes).
- xfs: tail updates only need to occur when LSN changes (git-fixes).
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- xfs: xfs_buf_corruption_error should take __this_address (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1156395SUSE bug 1184350SUSE bug 1189297SUSE bug 1192761SUSE bug 1200845SUSE bug 1201455SUSE bug 1203144SUSE bug 1203746SUSE bug 1204017SUSE bug 1204142SUSE bug 1204215SUSE bug 1204241SUSE bug 1204328SUSE bug 1204446SUSE bug 1204631SUSE bug 1204636SUSE bug 1204693SUSE bug 1204780SUSE bug 1204791SUSE bug 1204810SUSE bug 1204827SUSE bug 1204850SUSE bug 1204868SUSE bug 1204934SUSE bug 1204957SUSE bug 1204963SUSE bug 1204967SUSE bug 1205128SUSE bug 1205130SUSE bug 1205186SUSE bug 1205220SUSE bug 1205329SUSE bug 1205330SUSE bug 1205428SUSE bug 1205473SUSE bug 1205514SUSE bug 1205617SUSE bug 1205671SUSE bug 1205700SUSE bug 1205705SUSE bug 1205709SUSE bug 1205753SUSE bug 1205796SUSE bug 1205984SUSE bug 1205985SUSE bug 1205986SUSE bug 1205987SUSE bug 1205988SUSE bug 1205989SUSE bug 1206032SUSE bug 1206037SUSE bug 1206207CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207).
- CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631).
- CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960).
- CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796).
- CVE-2022-3628: Fixed potential buffer overflow in brcmf_fweh_event_worker() in wifi/brcmfmac (bsc#1204868).
- CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414).
- CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514).
- CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220).
- CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228).
- CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700).
- CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711)
- CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705).
- CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709).
- CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780).
The following non-security bugs were fixed:
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes).
- ASoC: wm5102: Revert 'ASoC: wm5102: Fix PM disable depth imbalance in wm5102_probe' (git-fixes).
- ASoC: wm5110: Revert 'ASoC: wm5110: Fix PM disable depth imbalance in wm5110_probe' (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes).
- ASoC: wm8997: Revert 'ASoC: wm8997: Fix PM disable depth imbalance in wm8997_probe' (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (git-fixes).
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- Drivers: hv: vmbus: Add /sys/bus/vmbus/hibernation (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- Drivers: hv: vmbus: Add vmbus_requestor data structure for VMBus hardening (bsc#1204017).
- Drivers: hv: vmbus: Drop error message when 'No request id available' (bsc#1204017).
- Drivers: hv: vmbus: Fix duplicate CPU assignments within a device (git-fixes).
- Drivers: hv: vmbus: Fix handling of messages with transaction ID of zero (bsc#1204017).
- Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj (git-fixes).
- Drivers: hv: vmbus: Fix potential crash on module unload (git-fixes).
- Drivers: hv: vmbus: Introduce vmbus_request_addr_match() (bsc#1204017).
- Drivers: hv: vmbus: Introduce vmbus_sendpacket_getid() (bsc#1204017).
- Drivers: hv: vmbus: Introduce {lock,unlock}_requestor() (bsc#1204017).
- Drivers: hv: vmbus: Prevent load re-ordering when reading ring buffer (git-fixes).
- Drivers: hv: vmbus: Remove unused linux/version.h header (git-fixes).
- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: remove unused function (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes).
- Input: i8042 - fix leaking of platform device on module removal (git-fixes).
- Input: iforce - invert valid length check when fetching device IDs (git-fixes).
- KVM: VMX: Always VMCLEAR in-use VMCSes during crash with kexec support (git-fixes).
- KVM: nVMX: Invalidate all EPTP contexts when emulating INVEPT for L1 (git-fixes).
- KVM: nVMX: Validate the EPTP when emulating INVEPT(EXTENT_CONTEXT) (git-fixes).
- KVM: nVMX: clear PIN_BASED_POSTED_INTR from nested pinbased_ctls only when apicv is globally disabled (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state (git-fixes).
- KVM: s390: Fix handle_sske page fault handling (git-fixes).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes).
- KVM: s390: get rid of register asm usage (git-fixes).
- KVM: s390: pv: avoid stalls when making pages secure (git-fixes).
- KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes).
- KVM: s390: reduce number of IO pins to 1 (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- NFS: Refactor nfs_instantiate() for dentry referencing callers (bsc#1204215).
- NFSv3: use nfs_add_or_obtain() to create and reference inodes (bsc#1204215).
- PCI: hv: Add check for hyperv_initialized in init_hv_pci_drv() (bsc#1204446).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1204446).
- PCI: hv: Fix a race condition when removing the device (bsc#1204446).
- PCI: hv: Fix sleep while in non-sleep context when removing child devices from the bus (bsc#1204446).
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (bsc#1204017).
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (bsc#1204017).
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (bsc#1200845).
- PCI: hv: Fix typo (bsc#1204446).
- PCI: hv: Remove bus device removal unused refcount/functions (bsc#1204446).
- PCI: hv: Remove unnecessary use of %hx (bsc#1204446).
- PCI: hv: Support for create interrupt v3 (bsc#1204446).
- PCI: hv: Use PCI_ERROR_RESPONSE to identify config read errors (bsc#1204446).
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (bsc#1204017).
- RDMA/core/sa_query: Remove unused argument (git-fixes)
- RDMA/hns: Fix spelling mistakes of original (git-fixes)
- RDMA/qedr: Add support for user mode XRC-SRQ's (git-fixes)
- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (git-fixes)
- RDMA/qedr: Remove unsupported qedr_resize_cq callback (git-fixes)
- RDMA/rxe: Fix memory leak in error path code (git-fixes)
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- USB: add RESET_RESUME quirk for NVIDIA Jetson devices in RCM (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: remove old LARA-R6 PID.
- Xen/gntdev: do not ignore kernel unmapping error (git-fixes).
- add another bug reference to some hyperv changes (bsc#1205617).
- arm/xen: Do not probe xenbus as part of an early initcall (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes)
- arm64: dts: juno: Add thermal critical trip points (git-fixes)
- ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add() (git-fixes).
- ata: pata_legacy: fix pdc20230_set_piomode() (git-fixes).
- blk-crypto: fix check for too-large dun_bytes (git-fixes).
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes).
- blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (git-fixes).
- block: Add a helper to validate the block size (git-fixes).
- block: assign bi_bdev for cloned bios in blk_rq_prep_clone (bsc#1204328).
- block: ataflop: fix breakage introduced at blk-mq refactoring (git-fixes).
- block: ataflop: more blk-mq refactoring fixes (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: limit request dispatch loop duration (git-fixes).
- block: nbd: add sanity check for first_minor (git-fixes).
- block: use 'unsigned long' for blk_validate_block_size() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes).
- capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1205989).
- ceph: do not access the kiocb after aio requests (bsc#1205984).
- ceph: fix fscache invalidation (bsc#1205985).
- ceph: lockdep annotations for try_nonblocking_invalidate (bsc#1205988).
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1205986).
- ceph: request Fw caps before updating the mtime in ceph_write_iter (bsc#1205987).
- cifs: skip extra NULL byte in filenames (bsc#1204791).
- dm era: commit metadata in postsuspend after worker stops (git-fixes).
- dm integrity: set journal entry unused when shrinking device (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes).
- dm mpath: only use ktime_get_ns() in historical selector (git-fixes).
- dm raid: fix accesses beyond end of raid member array (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes).
- dm verity fec: fix misaligned RS roots IO (git-fixes).
- dm writecache: fix writing beyond end of underlying device when shrinking (git-fixes).
- dm writecache: return the exact table values that were set (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix request-based DM to not bounce through indirect dm_submit_bio (git-fixes).
- dm: remove special-casing of bio-based immutable singleton target on NVMe (git-fixes).
- dm: return early from dm_pr_call() if DM device is suspended (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes).
- dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- drivers/hv: remove obsolete TODO and fix misleading typo in comment (git-fixes).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (git-fixes).
- drivers: hv: Fix hyperv_record_panic_msg path on comment (git-fixes).
- drivers: hv: Fix missing error code in vmbus_connect() (git-fixes).
- drivers: hv: vmbus: Fix call msleep using < 20ms (git-fixes).
- drivers: hv: vmbus: Fix checkpatch LINE_SPACING (git-fixes).
- drivers: hv: vmbus: Fix checkpatch SPLIT_STRING (git-fixes).
- drivers: hv: vmbus: Replace symbolic permissions by octal permissions (git-fixes).
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes).
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes).
- ftrace: Fix char print issue in print_ip_ins() (git-fixes).
- ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes).
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- ftrace: Properly unset FTRACE_HASH_FL_MOD (git-fixes).
- fuse: add file_modified() to fallocate (bsc#1205330).
- fuse: fix readdir cache race (bsc#1205329).
- hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes).
- hv: hyperv.h: Remove unused inline functions (git-fixes).
- hv_netvsc: Add a comment clarifying batching logic (git-fixes).
- hv_netvsc: Add check for kvmalloc_array (git-fixes).
- hv_netvsc: Add error handling while switching data path (bsc#1204850).
- hv_netvsc: Allocate the recv_buf buffers after NVSP_MSG1_TYPE_SEND_RECV_BUF (git-fixes).
- hv_netvsc: Check VF datapath when sending traffic to VF (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- hv_netvsc: Process NETDEV_GOING_DOWN on VF hot remove (bsc#1204850).
- hv_netvsc: Use bitmap_zalloc() when applicable (git-fixes).
- hv_netvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- hv_netvsc: Validate number of allocated sub-channels (git-fixes).
- hv_netvsc: Wait for completion on request SWITCH_DATA_PATH (bsc#1204017).
- hv_netvsc: use netif_is_bond_master() instead of open code (git-fixes).
- hv_utils: Fix passing zero to 'PTR_ERR' warning (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes).
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes).
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes).
- iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes).
- iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes).
- isdn: mISDN: netjet: fix wrong check of device registration (git-fixes).
- iwlwifi: dbg: disable ini debug in 9000 family and below (git-fixes).
- kABI: Fix after adding trace_iterator.wait_index (git-fixes).
- kABI: remove new member of usbip_device (git-fixes).
- kabi: fix transport_add_device change (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes).
- kvm: nVMX: reflect MTF VM-exits if injected by L1 (git-fixes).
- livepatch: Add a missing newline character in klp_module_coming() (bsc#1071995).
- livepatch: fix race between fork and KLP transition (bsc#1071995).
- loop: Check for overflow while configuring loop (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes).
- mISDN: fix possible memory leak in mISDN_register_device() (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes).
- md: Replace snprintf with scnprintf (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes).
- media: v4l2: Fix v4l2_i2c_subdev_set_name function documentation (git-fixes).
- media: venus: dec: Handle the case where find_format fails (git-fixes).
- media: vim2m: initialize the media device earlier (git-fixes).
- media: vivid: fix assignment of dev->fbuf_out_flags (git-fixes).
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes).
- mmc: core: properly select voltage range without power cycle (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes).
- nbd: Fix use-after-free in pid_show (git-fixes).
- nbd: fix possible overflow for 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add() (git-fixes).
- nbd: handle device refs for DESTROY_ON_DISCONNECT properly (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- net: netvsc: remove break after return (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- net: thunderbolt: Fix error handling in tbnet_init() (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfsd: set the server_scope during service startup (bsc#1203746).
- null_blk: Fail zone append to conventional zones (git-fixes).
- null_blk: synchronization fix for zoned device (git-fixes).
- nvmem: core: Check input parameter for NULL in nvmem_unregister() (bsc#1204241).
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes).
- powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395).
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- printk: add missing memory barrier to wake_up_klogd() (bsc#1204934).
- printk: use atomic updates for klogd work (bsc#1204934).
- printk: wake waiters for safe and NMI contexts (bsc#1204934).
- r8152: Add MAC passthrough support to new device (git-fixes).
- r8152: add PID for the Lenovo OneLink+ Dock (git-fixes).
- r8152: use new helper tcp_v6_gso_csum_prep (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes).
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- ring-buffer: Add ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Allow splice to read previous partially read pages (git-fixes).
- ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() (git-fixes).
- ring-buffer: Check pending waiters when doing wake ups as well (git-fixes).
- ring-buffer: Fix race between reset page and reading page (git-fixes).
- ring-buffer: Have the shortest_full queue be the shortest not longest (git-fixes).
- ring-buffer: Include dropped pages in counting dirty patches (git-fixes).
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- rndis_host: increase sleep time in the query-response loop (git-fixes).
- rtc: mt6397: fix alarm register overwrite (git-fixes).
- s390/boot: fix absolute zero lowcore corruption on boot (git-fixes).
- s390/cpcmd: fix inline assembly register clobbering (git-fixes).
- s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205428 LTC#200501).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (bsc#1203144 LTC#199881).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (git-fixes).
- s390/ptrace: return -ENOSYS when invalid syscall is supplied (git-fixes).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501).
- s390/vtime: fix inline assembly clobber list (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- s390/zcrypt: fix zcard and zqueue hot-unplug memleak (git-fixes).
- s390: Remove arch_has_random, arch_has_random_seed (git-fixes).
- s390: fix double free of GS and RI CBs on fork() failure (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- s390: mark __cpacf_query() as __always_inline (git-fixes).
- scsi: bsg: Remove support for SCSI_IOCTL_SEND_COMMAND (git-fixes).
- scsi: drivers: base: Propagate errors through the transport component (git-fixes).
- scsi: drivers: base: Support atomic version of attribute_container_device_trigger (git-fixes).
- scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729 bsc#1204810 ltc#200162).
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395).
- scsi: lpfc: Create a sysfs entry called lpfc_xcvr_data for transceiver info (bsc#1204957).
- scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs (bsc#1204957).
- scsi: lpfc: Fix memory leak in lpfc_create_port() (bsc#1204957).
- scsi: lpfc: Fix spelling mistake 'unsolicted' -> 'unsolicited' (bsc#1204957).
- scsi: lpfc: Log when congestion management limits are in effect (bsc#1204957).
- scsi: lpfc: Set sli4_param's cmf option to zero when CMF is turned off (bsc#1204957).
- scsi: lpfc: Update lpfc version to 14.2.0.8 (bsc#1204957).
- scsi: lpfc: Update the obsolete adapter list (bsc#1204142).
- scsi: qla2xxx: Fix serialization of DCBX TLV data request (bsc#1204963).
- scsi: qla2xxx: Use transport-defined speed mask for supported_speeds (bsc#1204963).
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes).
- scsi: storvsc: Correctly handle multiple flags in srb_status (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- scsi: storvsc: Fix max_outstanding_req_per_channel for Win8 and newer (bsc#1204017).
- scsi: storvsc: Fix validation for unsolicited incoming packets (bsc#1204017).
- scsi: storvsc: Log TEST_UNIT_READY errors as warnings (git-fixes).
- scsi: storvsc: Miscellaneous code cleanups (git-fixes).
- scsi: storvsc: Parameterize number hardware queues (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- scsi: storvsc: Resolve data race in storvsc_probe() (bsc#1204017).
- scsi: storvsc: Return DID_ERROR for invalid commands (git-fixes).
- scsi: storvsc: Update error logging (git-fixes).
- scsi: storvsc: Use blk_mq_unique_tag() to generate requestIDs (bsc#1204017).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (git-fixes).
- scsi: storvsc: Use vmbus_requestor to generate transaction IDs for VMBus hardening (bsc#1204017).
- scsi: storvsc: Validate length of incoming packet in storvsc_on_channel_callback() (bsc#1204017).
- scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- selftests/livepatch: better synchronize test_klp_callbacks_busy (bsc#1071995).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message (git-fixes).
- staging: greybus: light: fix a couple double frees (git-fixes).
- swiotlb-xen: use vmalloc_to_page on vmalloc virt addresses (git-fixes).
- tracing/ring-buffer: Have polling block on watermark (git-fixes).
- tracing: Add ioctl() to force ring buffer waiters to wake up (git-fixes).
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (git-fixes).
- tracing: Do not free snapshot if tracer is on cmdline (git-fixes).
- tracing: Fix wild-memory-access in register_synth_event() (git-fixes).
- tracing: Simplify conditional compilation code in tracing_set_tracer() (git-fixes).
- tracing: Wake up ring buffer waiters on closing of the file (git-fixes).
- tracing: Wake up waiters when tracing is disabled (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: dwc3: fix PHY disable sequence (git-fixes).
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- usb: dwc3: gadget: Fix null pointer exception (git-fixes).
- usb: dwc3: qcom: fix runtime PM wakeup.
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: xhci: add XHCI_SPURIOUS_SUCCESS to ASM1042 despite being a V0.96 controller (git-fixes).
- usbip: add sysfs_lock to synchronize sysfs code paths (git-fixes).
- usbip: stub-dev synchronize sysfs code paths (git-fixes).
- usbip: stub_dev: remake locking for kABI (git-fixes).
- usbip: synchronize event handler with sysfs code paths (git-fixes).
- usbip: usbip_event: use global lock (git-fixes).
- usbip: vudc synchronize sysfs code paths (git-fixes).
- usbip: vudc_sysfs: use global lock (git-fixes).
- use __netdev_notify_peers in hyperv (git-fixes).
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI'
- v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' (bsc#1200845)
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- virtio-blk: Do not use MAX_DISCARD_SEGMENTS if max_discard_seg is zero (git-fixes).
- virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes).
- virtio_blk: eliminate anonymous module_init & module_exit (git-fixes).
- virtio_blk: fix the discard_granularity and discard_alignment queue limits (git-fixes).
- vmlinux.lds.h: Fix placement of '.data..decrypted' section (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes).
- workqueue: do not skip lockdep work dependency in cancel_work_sync() (bsc#1204967).
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037).
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- x86/hyperv: Output host build info as normal Windows version number (git-fixes).
- x86/hyperv: check cpu mask after interrupt has been disabled (git-fixes).
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264).
- x86/xen: Add xen_no_vector_callback option to test PCI INTX delivery (git-fixes).
- x86/xen: Distribute switch variables for initialization (git-fixes).
- x86/xen: do not unbind uninitialized lock_kicker_irq (git-fixes).
- xen-blkback: prevent premature module unload (git-fixes).
- xen-netback: correct success/error reporting for the SKB-with-fraglist case (git-fixes).
- xen/balloon: fix balloon kthread freezing (git-fixes).
- xen/balloon: fix ballooned page accounting without hotplug enabled (git-fixes).
- xen/balloon: fix cancelled balloon action (git-fixes).
- xen/balloon: use a kernel thread instead a workqueue (git-fixes).
- xen/gntdev: Avoid blocking in unmap_grant_pages() (git-fixes).
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (git-fixes).
- xen/gntdev: Prevent leaking grants (git-fixes).
- xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes).
- xen/privcmd: Corrected error handling path (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: Fix granting of vmalloc'd memory (git-fixes).
- xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant status (git-fixes).
- xen: Fix XenStore initialisation for XS_LOCAL (git-fixes).
- xen: Fix event channel callback via INTX/GSI (git-fixes).
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes).
- xenbus: req->body should be updated before req->state (git-fixes).
- xenbus: req->err should be updated before req->state (git-fixes).
- xfs: Lower CIL flush limit for large logs (git-fixes).
- xfs: Throttle commits on delayed background CIL push (git-fixes).
- xfs: Use scnprintf() for avoiding potential buffer overflow (git-fixes).
- xfs: check owner of dir3 blocks (git-fixes).
- xfs: factor common AIL item deletion code (git-fixes).
- xfs: open code insert range extent split helper (git-fixes).
- xfs: rework collapse range into an atomic operation (git-fixes).
- xfs: rework insert range into an atomic operation (git-fixes).
- xfs: tail updates only need to occur when LSN changes (git-fixes).
- xfs: trylock underlying buffer on dquot flush (git-fixes).
- xfs: xfs_buf_corruption_error should take __this_address (git-fixes).
- xhci: Remove device endpoints from bandwidth list when freeing the device (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1071995SUSE bug 1156395SUSE bug 1184350SUSE bug 1189297SUSE bug 1192761SUSE bug 1199657SUSE bug 1200845SUSE bug 1201455SUSE bug 1201469SUSE bug 1203144SUSE bug 1203746SUSE bug 1203960SUSE bug 1204017SUSE bug 1204142SUSE bug 1204215SUSE bug 1204228SUSE bug 1204241SUSE bug 1204328SUSE bug 1204414SUSE bug 1204446SUSE bug 1204636SUSE bug 1204693SUSE bug 1204780SUSE bug 1204791SUSE bug 1204810SUSE bug 1204827SUSE bug 1204850SUSE bug 1204868SUSE bug 1204934SUSE bug 1204957SUSE bug 1204963SUSE bug 1204967SUSE bug 1205128SUSE bug 1205130SUSE bug 1205220SUSE bug 1205264SUSE bug 1205329SUSE bug 1205330SUSE bug 1205428SUSE bug 1205473SUSE bug 1205514SUSE bug 1205567SUSE bug 1205617SUSE bug 1205671SUSE bug 1205700SUSE bug 1205705SUSE bug 1205709SUSE bug 1205753SUSE bug 1205796SUSE bug 1205984SUSE bug 1205985SUSE bug 1205986SUSE bug 1205987SUSE bug 1205988SUSE bug 1205989SUSE bug 1206032SUSE bug 1206037SUSE bug 1206207CVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-28693 at SUSECVE-2022-28693 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3567 at SUSECVE-2022-3567 at NVDCVE-2022-3628 at SUSECVE-2022-3628 at NVDCVE-2022-3635 at SUSECVE-2022-3635 at NVDCVE-2022-3707 at SUSECVE-2022-3707 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4129 at SUSECVE-2022-4129 at NVDCVE-2022-4139 at SUSECVE-2022-4139 at NVDCVE-2022-41850 at SUSECVE-2022-41850 at NVDCVE-2022-41858 at SUSECVE-2022-41858 at NVDCVE-2022-42895 at SUSECVE-2022-42895 at NVDCVE-2022-42896 at SUSECVE-2022-42896 at NVDCVE-2022-4378 at SUSECVE-2022-4378 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
ModerateSUSE bug 1206337CVE-2022-46908 at SUSECVE-2022-46908 at NVDcpe:/o:suse:suse-microos:5.2Security update for systemd (Important)SUSE Linux Enterprise Micro 5.2
This update for systemd fixes the following issues:
- CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000).
Bug fixes:
- Support by-path devlink for multipath nvme block devices (bsc#1200723).
- Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857).
- Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423).
ImportantSUSE bug 1200723SUSE bug 1203857SUSE bug 1204423SUSE bug 1205000CVE-2022-4415 at SUSECVE-2022-4415 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Updated to version 9.0.1040:
- CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028).
- CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071).
- CVE-2022-3591: vim: Use After Free (bsc#1206072).
- CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075).
- CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077).
- CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797).
- CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779).
ImportantSUSE bug 1204779SUSE bug 1205797SUSE bug 1206028SUSE bug 1206071SUSE bug 1206072SUSE bug 1206075SUSE bug 1206077CVE-2022-3491 at SUSECVE-2022-3491 at NVDCVE-2022-3520 at SUSECVE-2022-3520 at NVDCVE-2022-3591 at SUSECVE-2022-3591 at NVDCVE-2022-3705 at SUSECVE-2022-3705 at NVDCVE-2022-4141 at SUSECVE-2022-4141 at NVDCVE-2022-4292 at SUSECVE-2022-4292 at NVDCVE-2022-4293 at SUSECVE-2022-4293 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309).
ModerateSUSE bug 1206309CVE-2022-43552 at SUSECVE-2022-43552 at NVDcpe:/o:suse:suse-microos:5.2Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.2
This update for wpa_supplicant fixes the following issues:
- CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732).
- CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733).
ImportantSUSE bug 1194732SUSE bug 1194733CVE-2022-23303 at SUSECVE-2022-23303 at NVDCVE-2022-23304 at SUSECVE-2022-23304 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
- CVE-2022-23648: A specially-crafted image configuration could gain access to
read-only copies of arbitrary files and directories on the host (bsc#1196441).
ModerateSUSE bug 1196441CVE-2022-23648 at SUSECVE-2022-23648 at NVDcpe:/o:suse:suse-microos:5.2Security update for libeconf, shadow and util-linux (Moderate)SUSE Linux Enterprise Micro 5.2
This security update for libeconf, shadow and util-linux fix the following issues:
libeconf:
- Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow'
to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
Issues fixed in libeconf:
- Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)
- Fixed different issues while writing string values to file.
- Writing comments to file too.
- Fixed crash while merging values.
- Added econftool cat option (#146)
- new API call: econf_readDirsHistory (showing ALL locations)
- new API call: econf_getPath (absolute path of the configuration file)
- Man pages libeconf.3 and econftool.8.
- Handling multiline strings.
- Added libeconf_ext which returns more information like
line_nr, comments, path of the configuration file,...
- Econftool, an command line interface for handling configuration
files.
- Generating HTML API documentation with doxygen.
- Improving error handling and semantic file check.
- Joining entries with the same key to one single entry if
env variable ECONF_JOIN_SAME_ENTRIES has been set.
shadow:
- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to
read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
util-linux:
- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to
read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)
- Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507)
- Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507)
- CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
- CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976)
ModerateSUSE bug 1188507SUSE bug 1192954SUSE bug 1193632SUSE bug 1194976CVE-2021-3995 at SUSECVE-2021-3995 at NVDCVE-2021-3996 at SUSECVE-2021-3996 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570).
- CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893).
- CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481).
- CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478).
- CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294).
- CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298).
- CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556).
- CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066).
- CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126).
- CVE-2022-0361: Fixed buffer overflow (bsc#1195126).
- CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356).
ImportantSUSE bug 1190533SUSE bug 1190570SUSE bug 1191893SUSE bug 1192478SUSE bug 1192481SUSE bug 1193294SUSE bug 1193298SUSE bug 1194216SUSE bug 1194556SUSE bug 1195004SUSE bug 1195066SUSE bug 1195126SUSE bug 1195202SUSE bug 1195356CVE-2021-3778 at SUSECVE-2021-3778 at NVDCVE-2021-3796 at SUSECVE-2021-3796 at NVDCVE-2021-3872 at SUSECVE-2021-3872 at NVDCVE-2021-3927 at SUSECVE-2021-3927 at NVDCVE-2021-3928 at SUSECVE-2021-3928 at NVDCVE-2021-3984 at SUSECVE-2021-3984 at NVDCVE-2021-4019 at SUSECVE-2021-4019 at NVDCVE-2021-4193 at SUSECVE-2021-4193 at NVDCVE-2021-46059 at SUSECVE-2021-46059 at NVDCVE-2022-0318 at SUSECVE-2022-0318 at NVDCVE-2022-0319 at SUSECVE-2022-0319 at NVDCVE-2022-0351 at SUSECVE-2022-0351 at NVDCVE-2022-0361 at SUSECVE-2022-0361 at NVDCVE-2022-0413 at SUSECVE-2022-0413 at NVDcpe:/o:suse:suse-microos:5.2Security update for cyrus-sasl (Important)SUSE Linux Enterprise Micro 5.2
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
The following non-security bugs were fixed:
- postfix: sasl authentication with password fails (bsc#1194265).
ImportantSUSE bug 1194265SUSE bug 1196036CVE-2022-24407 at SUSECVE-2022-24407 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-libxml2-python (Important)SUSE Linux Enterprise Micro 5.2
This update for python-libxml2-python fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
ImportantSUSE bug 1196490CVE-2022-23308 at SUSECVE-2022-23308 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Important)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
ImportantSUSE bug 1196025SUSE bug 1196784CVE-2022-25236 at SUSECVE-2022-25236 at NVDcpe:/o:suse:suse-microos:5.2Security update for chrony (Moderate)SUSE Linux Enterprise Micro 5.2
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Don’t set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that don’t support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step ModerateSUSE bug 1099272SUSE bug 1115529SUSE bug 1128846SUSE bug 1162964SUSE bug 1172113SUSE bug 1173277SUSE bug 1174075SUSE bug 1174911SUSE bug 1180689SUSE bug 1181826SUSE bug 1187906SUSE bug 1190926SUSE bug 1194229CVE-2020-14367 at SUSECVE-2020-14367 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
ImportantSUSE bug 1182959SUSE bug 1195149SUSE bug 1195792SUSE bug 1195856SUSE bug 1196877CVE-2022-0778 at SUSECVE-2022-0778 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161).
- CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525).
Non-security fixes:
- Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737).
- Included vmxcap in the qemu-tools package (bsc#1193364).
- Fixed package dependencies (bsc#1196087).
- Fixed an issue were PowerPC firmwares would not be built for non-PowerPC
builds (bsc#1193545).
- Fixed multiple issues in I/O (bsc#1178049 bsc#1194938).
ImportantSUSE bug 1178049SUSE bug 1192525SUSE bug 1193364SUSE bug 1193545SUSE bug 1194938SUSE bug 1195161SUSE bug 1196087SUSE bug 1196737CVE-2021-3930 at SUSECVE-2021-3930 at NVDCVE-2022-0358 at SUSECVE-2022-0358 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819).
ModerateSUSE bug 1186819CVE-2021-3572 at SUSECVE-2021-3572 at NVDcpe:/o:suse:suse-microos:5.2Security update for slirp4netns (Moderate)SUSE Linux Enterprise Micro 5.2
This update for slirp4netns fixes the following issues:
- CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467).
ModerateSUSE bug 1179467CVE-2020-29130 at SUSECVE-2020-29130 at NVDcpe:/o:suse:suse-microos:5.2Security update for sudo (Important)SUSE Linux Enterprise Micro 5.2
This update for sudo fixes the following issues:
- CVE-2023-22809: Fixed an arbitrary file write issue that could be
exploited by users with sudoedit permissions (bsc#1207082).
ImportantSUSE bug 1207082CVE-2023-22809 at SUSECVE-2023-22809 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
- CVE-2022-3479: Fixed a potential crash that could be triggered when
a server requested a client authentication certificate, but the
client had no certificates stored (bsc#1204272).
- Updated to version 3.79.3 (bsc#1207038):
- CVE-2022-23491: Removed trust for 3 root certificates from TrustCor.
ImportantSUSE bug 1204272SUSE bug 1207038CVE-2022-23491 at SUSECVE-2022-23491 at NVDCVE-2022-3479 at SUSECVE-2022-3479 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049).
The following non-security bugs were fixed:
- afs: Fix some tracing details (git-fixes).
- block: Do not reread partition table on exclusively open device (bsc#1190969).
- cuse: prevent clone (bsc#1206177).
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- fuse: do not check refcount after stealing page (bsc#1206174).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179).
- fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175).
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
- mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250).
- net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
- net: usb: cdc_ncm: do not spew notifications (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
- tracing: Delete all matched events (git-fixes).
- tracing: Free buffers when a used dynamic event is removed (git-fixes).
- usb: host: xhci-hub: fix extra endianness conversion (git-fixes).
- usbnet: move new members to end (git-fixes).
ImportantSUSE bug 1151927SUSE bug 1157049SUSE bug 1190969SUSE bug 1203183SUSE bug 1204171SUSE bug 1204250SUSE bug 1204693SUSE bug 1205256SUSE bug 1206113SUSE bug 1206114SUSE bug 1206174SUSE bug 1206175SUSE bug 1206176SUSE bug 1206177SUSE bug 1206178SUSE bug 1206179SUSE bug 1206389SUSE bug 1206394SUSE bug 1206395SUSE bug 1206397SUSE bug 1206398SUSE bug 1206664CVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-certifi (Important)SUSE Linux Enterprise Micro 5.2
This update for python-certifi fixes the following issues:
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
certs (bsc#1206212 CVE-2022-23491)
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
- Add removeTrustCor.patch
ImportantSUSE bug 1206212CVE-2022-23491 at SUSECVE-2022-23491 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Important)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
Update to 4.15.13
- CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385).
- CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386).
- CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504).
- Fixed issue with bind start up (bsc#1205946).
ImportantSUSE bug 1205385SUSE bug 1205386SUSE bug 1205946SUSE bug 1206504CVE-2022-37966 at SUSECVE-2022-37966 at NVDCVE-2022-37967 at SUSECVE-2022-37967 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134)
- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237)
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036)
- CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125)
- CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171).
- CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664)
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393)
- CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515)
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399)
- CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073)
- CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389)
- CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049).
- CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114).
- CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113).
- CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113).
- CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395)
- CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394)
- CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398)
- CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397)
The following non-security bugs were fixed:
- afs: Fix some tracing details (git-fixes).
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- block: Do not reread partition table on exclusively open device (bsc#1190969).
- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).
- ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).
- cuse: prevent clone (bsc#1206177).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes).
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: Detect already used quota file early (bsc#1206873).
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: Fixup pages without buffers (bsc#1205495).
- ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
- fuse: do not check refcount after stealing page (bsc#1206174).
- fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176).
- fuse: fix use after free in fuse_read_interrupt() (bsc#1206178).
- fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179).
- fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175).
- HID: betop: check shape of output reports (git-fixes, bsc#1207186).
- HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
- HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- ibmveth: Always stop tx queues during close (bsc#1065729).
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693).
- lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
- module: avoid *goto*s in module_sig_check() (git-fixes).
- module: lockdep: Suppress suspicious RCU usage warning (git-fixes).
- module: merge repetitive strings in module_sig_check() (git-fixes).
- module: Remove accidental change of module_enable_x() (git-fixes).
- module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).
- net: mana: Fix race on per-CQ variable napi work_done (git-fixes).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- net: usb: cdc_ncm: do not spew notifications (git-fixes).
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: Fix memory leaks (git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
- NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- NFS: nfs_find_open_context() may only select open files (git-fixes).
- NFS: nfs_xdr_status should record the procedure name (git-fixes).
- NFS: nfs4clinet: check the return value of kstrdup() (git-fixes).
- NFS: we do not support removing system.nfs4_acl (git-fixes).
- NFS: Zero-stateid SETATTR should first return delegation (git-fixes).
- NFS4: Fix kmemleak when allocate slot failed (git-fixes).
- NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).
- NFSD: Clone should commit src file metadata too (git-fixes).
- NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes).
- NFSD: fix error handling in NFSv4.0 callbacks (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- NFSD: safer handling of corrupted c_type (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check (git-fixes).
- NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
- NFSv4: Fix races between open and dentry revalidation (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- NFSv4.2: error out when relink swapfile (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes).
- NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes).
- NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes).
- powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).
- powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).
- powerpc/xive: Add a check for memory allocation failure (git-fixes).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- rtc: pcf85063: Fix reading alarm (git-fixes).
- s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- SUNRPC: check that domain table is empty at module unload (git-fixes).
- SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- SUNRPC: Do not start a timer on an already queued rpc task (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes).
- SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes).
- tracing: Free buffers when a used dynamic event is removed (git-fixes).
- tracing: Verify if trace array exists before destroying it (git-fixes).
- tracing/dynevent: Delete all matched events (git-fixes).
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- udf: fix the problem that the disc content is not displayed (bsc#1206644).
- udf: Limit sparing table size (bsc#1206643).
- usb: host: xhci-hub: fix extra endianness conversion (git-fixes).
- usbnet: move new members to end (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1151927SUSE bug 1156395SUSE bug 1157049SUSE bug 1190969SUSE bug 1203183SUSE bug 1203693SUSE bug 1203740SUSE bug 1204171SUSE bug 1204250SUSE bug 1204614SUSE bug 1204693SUSE bug 1204760SUSE bug 1204989SUSE bug 1205149SUSE bug 1205256SUSE bug 1205495SUSE bug 1205496SUSE bug 1205601SUSE bug 1205695SUSE bug 1206073SUSE bug 1206113SUSE bug 1206114SUSE bug 1206174SUSE bug 1206175SUSE bug 1206176SUSE bug 1206177SUSE bug 1206178SUSE bug 1206179SUSE bug 1206344SUSE bug 1206389SUSE bug 1206393SUSE bug 1206394SUSE bug 1206395SUSE bug 1206397SUSE bug 1206398SUSE bug 1206399SUSE bug 1206515SUSE bug 1206602SUSE bug 1206634SUSE bug 1206635SUSE bug 1206636SUSE bug 1206637SUSE bug 1206640SUSE bug 1206641SUSE bug 1206642SUSE bug 1206643SUSE bug 1206644SUSE bug 1206645SUSE bug 1206646SUSE bug 1206647SUSE bug 1206648SUSE bug 1206649SUSE bug 1206663SUSE bug 1206664SUSE bug 1206784SUSE bug 1206841SUSE bug 1206854SUSE bug 1206855SUSE bug 1206857SUSE bug 1206858SUSE bug 1206859SUSE bug 1206860SUSE bug 1206873SUSE bug 1206875SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206896SUSE bug 1206904SUSE bug 1207036SUSE bug 1207125SUSE bug 1207134SUSE bug 1207186SUSE bug 1207198SUSE bug 1207218SUSE bug 1207237CVE-2019-19083 at SUSECVE-2019-19083 at NVDCVE-2022-3105 at SUSECVE-2022-3105 at NVDCVE-2022-3106 at SUSECVE-2022-3106 at NVDCVE-2022-3107 at SUSECVE-2022-3107 at NVDCVE-2022-3108 at SUSECVE-2022-3108 at NVDCVE-2022-3111 at SUSECVE-2022-3111 at NVDCVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-3643 at SUSECVE-2022-3643 at NVDCVE-2022-42328 at SUSECVE-2022-42328 at NVDCVE-2022-42329 at SUSECVE-2022-42329 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:suse-microos:5.2Security update for ceph (Important)SUSE Linux Enterprise Micro 5.2
This update for ceph fixes the following issues:
Security issues fixed:
- CVE-2022-0670: Fixed user/tenant read/write access to an entire file system (bsc#1201837).
- CVE-2022-3650: Fixed Python script that allowed privilege escalation from ceph to root (bsc#1204430).
- CVE-2022-3854: Fixed possible DoS issue in ceph URL processing on RGW backends (bsc#1205025).
Bug fixes:
- osd, tools, kv: non-aggressive, on-line trimming of accumulated dups (bsc#1199183).
- ceph-volume: fix fast device alloc size on mulitple device (bsc#1200262).
- cephadm: update monitoring container images (bsc#1200501).
- mgr/dashboard: prevent alert redirect (bsc#1200978).
- mgr/volumes: Add subvolumegroup resize cmd (bsc#1201797).
- monitoring/ceph-mixin: add RGW host to label info (bsc#1201976).
- mgr/dashboard: enable addition of custom Prometheus alerts (bsc#1202077).
- python-common: Add 'KB' to supported suffixes in SizeMatcher (bsc#1203375).
- mgr/dashboard: fix rgw connect when using ssl (bsc#1205436).
- ceph.spec.in: Add -DFMT_DEPRECATED_OSTREAM to CXXFLAGS (bsc#1202292).
- cephfs-shell: move source to separate subdirectory (bsc#1201604).
Fix in previous release:
- mgr/cephadm: try to get FQDN for configuration files (bsc#1196046).
- When an RBD is mapped, it is attempted to be deployed as an OSD. (bsc#1187748).
- OSD marked down causes wrong backfill_toofull (bsc#1188911).
- cephadm: Fix iscsi client caps (allow mgr <service status> calls) (bsc#1192838).
- mgr/cephadm: fix and improve osd draining (bsc#1200317).
- add iscsi and nfs to upgrade process (bsc#1206158).
- mgr/mgr_module.py: CLICommand: Fix parsing of kwargs arguments (bsc#1192840).
ImportantSUSE bug 1187748SUSE bug 1188911SUSE bug 1192838SUSE bug 1192840SUSE bug 1196046SUSE bug 1199183SUSE bug 1200262SUSE bug 1200317SUSE bug 1200501SUSE bug 1200978SUSE bug 1201604SUSE bug 1201797SUSE bug 1201837SUSE bug 1201976SUSE bug 1202077SUSE bug 1202292SUSE bug 1203375SUSE bug 1204430SUSE bug 1205025SUSE bug 1205436SUSE bug 1206158CVE-2022-0670 at SUSECVE-2022-0670 at NVDCVE-2022-3650 at SUSECVE-2022-3650 at NVDCVE-2022-3854 at SUSECVE-2022-3854 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-py (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-py fixes the following issues:
- CVE-2022-42969: Fixed an excessive resource consumption that could
be triggered when interacting with a Subversion repository
containing crated data (bsc#1204364).
ModerateSUSE bug 1204364CVE-2022-42969 at SUSECVE-2022-42969 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Important)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
- CVE-2021-20251: Fixed an issue where the bad password count would
not be properly incremented, which could allow attackers to brute
force a user's password (bsc#1206546).
ImportantSUSE bug 1206504SUSE bug 1206546CVE-2021-20251 at SUSECVE-2021-20251 at NVDCVE-2022-38023 at SUSECVE-2022-38023 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
- CVE-2022-23471: Fixed host memory exhaustion through Terminal resize goroutine leak (bsc#1206235).
- Re-build containerd to use updated golang-packaging (jsc#1342).
- Update to containerd v1.6.16 for Docker v23.0.0-ce.
* https://github.com/containerd/containerd/releases/tag/v1.6.16
ImportantSUSE bug 1206235CVE-2022-23471 at SUSECVE-2022-23471 at NVDcpe:/o:suse:suse-microos:5.2Security update for libmicrohttpd (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libmicrohttpd fixes the following issues:
- CVE-2023-27371: Fixed a parser bug that could be used to crash servers using the MHD_PostProcessor (bsc#1208745).
ModerateSUSE bug 1208745CVE-2023-27371 at SUSECVE-2023-27371 at NVDcpe:/o:suse:suse-microos:5.2Security update for ldb, samba (Important)SUSE Linux Enterprise Micro 5.2
This update for ldb, samba fixes the following issues:
ldb:
- CVE-2022-32746: Fixed an use-after-free issue in the database audit logging module (bsc#1201490).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
samba:
- CVE-2023-0922: Fixed cleartext password sending by AD DC admin tool (bso#15315) (bsc#1209481).
- CVE-2023-0225: Fixed deletion of AD DC 'dnsHostname' attribute by unprivileged authenticated users (bso#15276) (bsc#1209483).
- CVE-2023-0614: Fixed discovering of access controlled AD LDAP attributes (bso#15270) (bsc#1209485).
The following non-security bug was fixed:
- Prevent use after free of messaging_ctdb_fde_ev structs (bso#15293) (bsc#1207416).
ImportantSUSE bug 1201490SUSE bug 1207416SUSE bug 1209481SUSE bug 1209483SUSE bug 1209485CVE-2022-32746 at SUSECVE-2022-32746 at NVDCVE-2023-0225 at SUSECVE-2023-0225 at NVDCVE-2023-0614 at SUSECVE-2023-0614 at NVDCVE-2023-0922 at SUSECVE-2023-0922 at NVDcpe:/o:suse:suse-microos:5.2Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update of grub2 fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-microos:5.2Security update for sudo (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sudo fixes the following issue:
Security fixes:
- CVE-2023-28486: Fixed missing control characters escaping in log messages (bsc#1209362).
- CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output (bsc#1209361).
Other fixes:
- Fix a situation where 'sudo -U otheruser -l' would dereference a NULL pointer (bsc#1206483).
- Do not re-enable the reader when flushing the buffers as part of pty_finish() (bsc#1203201).
ModerateSUSE bug 1203201SUSE bug 1206483SUSE bug 1209361SUSE bug 1209362CVE-2023-28486 at SUSECVE-2023-28486 at NVDCVE-2023-28487 at SUSECVE-2023-28487 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209).
ImportantSUSE bug 1027519SUSE bug 1205209CVE-2022-23824 at SUSECVE-2022-23824 at NVDcpe:/o:suse:suse-microos:5.2Security update for shim (Important)SUSE Linux Enterprise Micro 5.2
This update for shim fixes the following issues:
- Updated shim signature after shim 15.7 be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Enable the NX compatibility flag by default. (jsc#PED-127)
Update to 15.7 (bsc#1198458) (jsc#PED-127):
- Make SBAT variable payload introspectable
- Reference MokListRT instead of MokList
- Add a link to the test plan in the readme.
- [V3] Enable TDX measurement to RTMR register
- Discard load-options that start with a NUL
- Fixed load_cert_file bugs
- Add -malign-double to IA32 compiler flags
- pe: Fix image section entry-point validation
- make-archive: Build reproducible tarball
- mok: remove MokListTrusted from PCR 7
Other fixes:
- Support enhance shim measurement to TD RTMR. (jsc#PED-1273)
- shim-install: ensure grub.cfg created is not overwritten after installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable. (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
Update to 15.6 (bsc#1198458):
- MokManager: removed Locate graphic output protocol fail error message
- shim: implement SBAT verification for the shim_lock protocol
- post-process-pe: Fix a missing return code check
- Update github actions matrix to be more useful
- post-process-pe: Fix format string warnings on 32-bit platforms
- Allow MokListTrusted to be enabled by default
- Re-add ARM AArch64 support
- Use ASCII as fallback if Unicode Box Drawing characters fail
- make: don't treat cert.S specially
- shim: use SHIM_DEVEL_VERBOSE when built in devel mode
- Break out of the inner sbat loop if we find the entry.
- Support loading additional certificates
- Add support for NX (W^X) mitigations.
- Fix preserve_sbat_uefi_variable() logic
- SBAT Policy latest should be a one-shot
- pe: Fix a buffer overflow when SizeOfRawData > VirtualSize
- pe: Perform image verification earlier when loading grub
- Update advertised sbat generation number for shim
- Update SBAT generation requirements for 05/24/22
- Also avoid CVE-2022-28737 in verify_image() by @vathpela
Update to 15.5 (bsc#1198458):
- Broken ia32 relocs and an unimportant submodule change.
- mok: allocate MOK config table as BootServicesData
- Don't call QueryVariableInfo() on EFI 1.10 machines (bsc#1187260)
- Relax the check for import_mok_state() (bsc#1185261)
- SBAT.md: trivial changes
- shim: another attempt to fix load options handling
- Add tests for our load options parsing.
- arm/aa64: fix the size of .rela* sections
- mok: fix potential buffer overrun in import_mok_state
- mok: relax the maximum variable size check
- Don't unhook ExitBootServices when EBS protection is disabled
- fallback: find_boot_option() needs to return the index for the boot entry in optnum
- httpboot: Ignore case when checking HTTP headers
- Fallback allocation errors
- shim: avoid BOOTx64.EFI in message on other architectures
- str: remove duplicate parameter check
- fallback: add compile option FALLBACK_NONINTERACTIVE
- Test mok mirror
- Modify sbat.md to help with readability.
- csv: detect end of csv file correctly
- Specify that the .sbat section is ASCII not UTF-8
- tests: add 'include-fixed' GCC directory to include directories
- pe: simplify generate_hash()
- Don't make shim abort when TPM log event fails (RHBZ #2002265)
- Fallback to default loader if parsed one does not exist
- fallback: Fix for BootOrder crash when index returned
- Better console checks
- docs: update SBAT UEFI variable name
- Don't parse load options if invoked from removable media path
- fallback: fix fallback not passing arguments of the first boot option
- shim: Don't stop forever at 'Secure Boot not enabled' notification
- Allocate mokvar table in runtime memory.
- Remove post-process-pe on 'make clean'
- pe: missing perror argument
- CVE-2022-28737: Fixed a buffer overflow when SizeOfRawData > VirtualSize (bsc#1198458)
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
- avoid buffer overflow when copying data to the MOK config table (bsc#1185232)
- Disable exporting vendor-dbx to MokListXRT since writing a large RT variable could crash some machines (bsc#1185261)
- ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
- relax the maximum variable size check for u-boot (bsc#1185621)
- handle ignore_db and user_insecure_mode correctly (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
ImportantSUSE bug 1185232SUSE bug 1185261SUSE bug 1185441SUSE bug 1185621SUSE bug 1187071SUSE bug 1187260SUSE bug 1193282SUSE bug 1198458SUSE bug 1201066SUSE bug 1202120SUSE bug 1205588CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209).
- CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210).
- CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211).
- CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212).
- CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214).
- CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).
ModerateSUSE bug 1207992SUSE bug 1209209SUSE bug 1209210SUSE bug 1209211SUSE bug 1209212SUSE bug 1209214CVE-2023-23916 at SUSECVE-2023-23916 at NVDCVE-2023-27533 at SUSECVE-2023-27533 at NVDCVE-2023-27534 at SUSECVE-2023-27534 at NVDCVE-2023-27535 at SUSECVE-2023-27535 at NVDCVE-2023-27536 at SUSECVE-2023-27536 at NVDCVE-2023-27538 at SUSECVE-2023-27538 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975)
Other issues fixed:
- Fix avx2 strncmp offset compare condition check (bsc#1208358)
- elf: Allow dlopen of filter object to work (bsc#1207571)
- powerpc: Fix unrecognized instruction errors with recent GCC
- x86: Cache computation for AMD architecture (bsc#1207957)
ModerateSUSE bug 1207571SUSE bug 1207957SUSE bug 1207975SUSE bug 1208358CVE-2023-0687 at SUSECVE-2023-0687 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
LowSUSE bug 1183533CVE-2021-28153 at SUSECVE-2021-28153 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-cryptography fixes the following issues:
- CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036).
ModerateSUSE bug 1208036CVE-2023-23931 at SUSECVE-2023-23931 at NVDcpe:/o:suse:suse-microos:5.2Security update for conmon (Moderate)SUSE Linux Enterprise Micro 5.2
This update for conmon fixes the following issues:
- rebuild against supported go 1.19 (bsc#1209307)
- no functional changes.
ModerateSUSE bug 1209307cpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
- CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878).
- CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).
ModerateSUSE bug 1209624SUSE bug 1209873SUSE bug 1209878CVE-2023-0464 at SUSECVE-2023-0464 at NVDCVE-2023-0465 at SUSECVE-2023-0465 at NVDCVE-2023-0466 at SUSECVE-2023-0466 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
The following non-security bugs were fixed:
- Do not sign the vanilla kernel (bsc#1209008).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785).
- Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1209785).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
- net: ena: optimize data access in fast-path code (bsc#1208137).
ImportantSUSE bug 1207168SUSE bug 1207560SUSE bug 1208137SUSE bug 1208179SUSE bug 1208598SUSE bug 1208599SUSE bug 1208601SUSE bug 1208777SUSE bug 1208787SUSE bug 1208843SUSE bug 1209008SUSE bug 1209052SUSE bug 1209256SUSE bug 1209288SUSE bug 1209289SUSE bug 1209290SUSE bug 1209291SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209672SUSE bug 1209683SUSE bug 1209778SUSE bug 1209785CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
Update to version 4.4.4:
* libpod: always use direct mapping
* macos pkginstaller: do not fail when podman-mac-helper fails
* podman-mac-helper: install: do not error if already installed
- podman.spec: Bump required version for libcontainers-common (bsc#1209495)
Update to version 4.4.3:
* compat: /auth: parse server address correctly
* vendor github.com/containers/common@v0.51.1
* pkginstaller: bump Qemu to version 7.2.0
* podman machine: Adjust Chrony makestep config
* [v4.4] fix --health-on-failure=restart in transient unit
* podman logs passthrough driver support --cgroups=split
* journald logs: simplify entry parsing
* podman logs: read journald with passthrough
* journald: remove initializeJournal()
* netavark: only use aardvark ip as nameserver
* compat API: network create return 409 for duplicate
* fix 'podman logs --since --follow' flake
* system service --log-level=trace: support hijack
* podman-mac-helper: exit 1 on error
* bump golang.org/x/net to v0.8.0
* Fix package restore
* Quadlet - use the default runtime
Update podman to version 4.4.2:
* kube play: only enforce passthrough in Quadlet
* Emergency fix for man pages: check for broken includes
* quadlet system tests: add useful defaults, logging
* volume,container: chroot to source before exporting content
* install sigproxy before start/attach
* Update to c/image 5.24.1
* events + container inspect test: RHEL fixes
- Add `crun` requirement for quadlet
- Set PREFIX at build stage (bsc#1208510)
- CVE-2023-0778: fixed symlink exchange attack in podman export volume (bsc#1208364)
Update to version 4.4.1:
* kube play: do not teardown unconditionally on error
* Resolve symlink path for qemu directory if possible
* events: document journald identifiers
* Quadlet: exit 0 when there are no files to process
* Cleanup podman-systemd.unit file
* Install podman-systemd.unit man page, make quadlet discoverable
* Add missing return after errors
* oci: bind mount /sys with --userns=(auto|pod:)
* docs: specify order preference for FROM
* Cirrus: Fix & remove GraphQL API tests
* test: adapt test to work on cgroupv1
* make hack/markdown-preprocess parallel-safe
* Fix default handling of pids-limit
* system tests: fix volume exec/noexec test
Update to version 4.4.0:
* Do not mount /dev/tty into rootless containers
* Fixes port collision issue on use of --publish-all
* Fix usage of absolute windows paths with --image-path
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
* podman-events: document verbose create events
* Making gvproxy.exe optional for building Windows installer
* Add gvproxy to Windows packages
* Match VT device paths to be blocked from mounting exactly
* Clean up more language for inclusiveness
* Set runAsNonRoot=true in gen kube
* quadlet: Add device support for .volume files
* fix: running check error when podman is default in wsl
* fix: don't output 'ago' when container is currently up and running
* journald: podman logs only show logs for current user
* journald: podman events only show events for current user
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
* DB: make loading container states optional
* ps: do not sync container
* Allow --device-cgroup-rule to be passed in by docker API
* Cirrus: Update operating branch
* fix APIv2 python attach test flake
* ps: query health check in batch mode
* make example volume import, not import volume
* Correct output when inspecting containers created with --ipc
* Vendor containers/(storage, image, common, buildah)
* Get correct username in pod when using --userns=keep-id
* ps: get network data in batch mode
* build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
* add hack/perf for comparing two container engines
* systems: retrofit dns options test to honor other search domains
* ps: do not create copy of container config
* libpod: set search domain independently of nameservers
* libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
* podman: relay custom DNS servers to network stack
* (fix) mount_program is in storage.options.overlay
* Change example target to default in doc
* network create: do not allow `default` as name
* kube-play: add support for HostPID in podSpec
* build(deps): bump github.com/docker/docker
* Let's see if #14653 is fixed or not
* Add support for podman build --group-add
* vendor in latests containers/(storage, common, build, image)
* unskip network update test
* do not install swagger by default
* pasta: skip 'Local forwarder, IPv4' test
* add testbindings Makefile target
* update CI images to include pasta
* [CI:DOCS] Add CNI deprecation notices to documentation
* Cirrus: preserve podman-server logs
* waitPidStop: reduce sleep time to 10ms
* StopContainer: return if cleanup process changed state
* StopSignal: add a comment
* StopContainer: small refactor
* waitPidStop: simplify code
* e2e tests: reenable long-skipped build test
* Add openssh-clients to podmanimage
* Reworks Windows smoke test to tunnel through interactive session.
* fix bud-multiple-platform-with-base-as-default-arg flake
* Remove ReservedAnnotations from kube generate specification
* e2e: update test/README.md
* e2e: use isRootless() instead of rootless.IsRootless()
* Cleanup documentation on --userns=auto
* Vendor in latest c/common
* sig-proxy system test: bump timeout
* build(deps): bump github.com/containernetworking/plugins
* rootless: rename auth-scripts to preexec-hooks
* Docs: version-check updates
* commit: use libimage code to parse changes
* [CI:DOCS] Remove experimental mac tutorial
* man: Document the interaction between --systemd and --privileged
* Make rootless privileged containers share the same tty devices as rootfull ones
* container kill: handle stopped/exited container
* Vendor in latest containers/(image,ocicrypt)
* add a comment to container removal
* Vendor in latest containers/storage
* Cirrus: Run machine tests on PR merge
* fix flake in kube system test
* kube play: complete container spec
* E2E Tests: Use inspect instead of actual data to avoid UDP flake
* Use containers/storage/pkg/regexp in place of regexp
* Vendor in latest containers/storage
* Cirrus: Support using updated/latest NV/AV in PRs
* Limit replica count to 1 when deploying from kubernetes YAML
* Set StoppedByUser earlier in the process of stopping
* podman-play system test: refactor
* network: add support for podman network update and --network-dns-server
* service container: less verbose error logs
* Quadlet Kube - add support for PublishPort key
* e2e: fix systemd_activate_test
* Compile regex on demand not in init
* [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
* E2E Test: Play Kube set deadline to connection to avoid hangs
* Only prevent VTs to be mounted inside privileged systemd containers
* e2e: fix play_kube_test
* Updated error message for supported VolumeSource types
* Introduce pkg retry logic in win installer task
* logformatter: include base SHA, with history link
* Network tests: ping redhat.com, not podman.io
* cobra: move engine shutdown to Execute
* Updated options for QEMU on Windows hosts
* Update Mac installer to use gvproxy v0.5.0
* podman: podman rm -f doesn't leave processes
* oci: check for valid PID before kill(pid, 0)
* linux: add /sys/fs/cgroup if /sys is a bind mount
* Quadlet: Add support for ConfigMap key in Kube section
* remove service container _after_ pods
* Kube Play - allow setting and overriding published host ports
* oci: terminate all container processes on cleanup
* Update win-sshproxy to 0.5.0 gvisor tag
* Vendor in latest containers/common
* Fix a potential defer logic error around locking
* logformatter: nicer formatting for bats failures
* logformatter: refactor verbose line-print
* e2e tests: stop using UBI images
* k8s-file: podman logs --until --follow exit after time
* journald: podman logs --until --follow exit after time
* journald: seek to time when --since is used
* podman logs: journald fix --since and --follow
* Preprocess files in UTF-8 mode
* Vendor in latest containers/(common, image, storage)
* Switch to C based msi hooks for win installer
* hack/bats: improve usage message
* hack/bats: add --remote option
* hack/bats: fix root/rootless logic
* Describe copy volume options
* Support sig-proxy for podman-remote attach and start
* libpod: fix race condition rm'ing stopping containers
* e2e: fix run_volume_test
* Add support for Windows ARM64
* Add shared --compress to man pages
* Add container error message to ContainerState
* Man page checker: require canonical name in SEE ALSO
* system df: improve json output code
* kube play: fix the error logic with --quiet
* System tests: quadlet network test
* Fix: List container with volume filter
* adding -dryrun flag
* Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
* Kube Play: use passthrough as the default log-driver if service-container is set
* System tests: add missing cleanup
* System tests: fix unquoted question marks
* Build and use a newer systemd image
* Quadlet Network - Fix the name of the required network service
* System Test Quadlet - Volume dependency test did not test the dependency
* fix `podman system connection - tcp` flake
* vendor: bump c/storage to a747b27
* Fix instructions about setting storage driver on command-line
* Test README - point users to hack/bats
* System test: quadlet kube basic test
* Fixed `podman update --pids-limit`
* podman-remote,bindings: trim context path correctly when its emptydir
* Quadlet Doc: Add section for .kube files
* e2e: fix containers_conf_test
* Allow '/' to prefix container names to match Docker
* Remove references to qcow2
* Fix typos in man page regarding transient storage mode.
* make: Use PYTHON var for .install.pre-commit
* Add containers.conf read-only flag support
* Explain that relabeling/chowning of volumes can take along time
* events: support 'die' filter
* infra/abi: refactor ContainerRm
* When in transient store mode, use rundir for bundlepath
* quadlet: Support Type=oneshot container files
* hacks/bats: keep QUADLET env var in test env
* New system tests for conflicting options
* Vendor in latest containers/(buildah, image, common)
* Output Size and Reclaimable in human form for json output
* podman service: close duplicated /dev/null fd
* ginkgo tests: apply ginkgolinter fixes
* Add support for hostPath and configMap subpath usage
* export: use io.Writer instead of file
* rootless: always create userns with euid != 0
* rootless: inhibit copy mapping for euid != 0
* pkg/domain/infra/abi: introduce `type containerWrapper`
* vendor: bump to buildah ca578b290144 and use new cache API
* quadlet: Handle booleans that have defaults better
* quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
* Add podman-clean-transient.service service
* Stop recording annotations set to false
* Unify --noheading and -n to be consistent on all commands
* pkg/domain/infra/abi: add `getContainers`
* Update vendor of containters/(common, image)
* specfile: Drop user-add depedency from quadlet subpackage.
* quadlet: Default BINDIR to /usr/bin if tag not specified
* Quadlet: add network support
* Add comment for jsonMarshal command
* Always allow pushing from containers-storage
* libpod: move NetNS into state db instead of extra bucket
* Add initial system tests for quadlets
* quadlet: Add --user option
* libpod: remove CNI word were no longer applicable
* libpod: fix header length in http attach with logs
* podman-kube@ template: use `podman kube`
* build(deps): bump github.com/docker/docker
* wait: add --ignore option
* qudlet: Respect $PODMAN env var for podman binary
* e2e: Add assert-key-is-regex check to quadlet e2e testsuite
* e2e: Add some assert to quadlet test to make sure testcases are sane
* remove unmapped ports from inspect port bindings
* update podman-network-create for clarity
* Vendor in latest containers/common with default capabilities
* pkg/rootless: Change error text ...
* rootless: add cli validator
* rootless: define LIBEXECPODMAN
* doc: fix documentation for idmapped mounts
* bump golangci-lint to v1.50.1
* build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
* [CI:DOCS] podman-mount: s/umount/unmount/
* create/pull --help: list pull policies
* Network Create: Add --ignore flag to support idempotent script
* Make qemu security model none
* libpod: use OCI idmappings for mounts
* stop reporting errors removing containers that don't exist
* test: added test from wait endpoint with to long label
* quadlet: Default VolatileTmp to off
* build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
* docs/options/ipc: fix list syntax
* Docs: Add dedicated DOWNLOAD doc w/ links to bins
* Make a consistently-named windows installer
* checkpoint restore: fix --ignore-static-ip/mac
* add support for subpath in play kube for named volumes
* build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
* golangci-lint: remove three deprecated linters
* parse-localbenchmarks: separate standard deviation
* build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
* podman play kube support container startup probe
* Add podman buildx version support
* Cirrus: Collect benchmarks on machine instances
* Cirrus: Remove escape codes from log files
* [CI:DOCS] Clarify secret target behavior
* Fix typo on network docs
* podman-remote build add --volume support
* remote: allow --http-proxy for remote clients
* Cleanup kube play workloads if error happens
* health check: ignore dependencies of transient systemd units/timers
* fix: event read from syslog
* Fixes secret (un)marshaling for kube play.
* Remove 'you' from man pages
* build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
* [CI:DOCS] test/README.md: run tests with podman-remote
* e2e: keeps the http_proxy value
* Makefile: Add podman-mac-helper to darwin client zip
* test/e2e: enable 'podman run with ipam none driver' for nv
* [skip-ci] GHA/Cirrus-cron: Fix execution order
* kube sdnotify: run proxies for the lifespan of the service
* Update containers common package
* podman manpage: Use man-page links instead of file names
* e2e: fix e2e tests in proxy environment
* Fix test
* disable healthchecks automatically on non systemd systems
* Quadlet Kube: Add support for userns flag
* [CI:DOCS] Add warning about --opts,o with mount's -o
* Add podman system prune --external
* Add some tests for transient store
* runtime: In transient_store mode, move bolt_state.db to rundir
* runtime: Handle the transient store options
* libpod: Move the creation of TmpDir to an earlier time
* network create: support '-o parent=XXX' for ipvlan
* compat API: allow MacAddress on container config
* Quadlet Kube: Add support for relative path for YAML file
* notify k8s system test: move sending message into exec
* runtime: do not chown idmapped volumes
* quadlet: Drop ExecStartPre=rm %t/%N.cid
* Quadlet Kube: Set SyslogIdentifier if was not set
* Add a FreeBSD cross build to the cirrus alt build task
* Add completion for --init-ctr
* Fix handling of readonly containers when defined in kube.yaml
* Build cross-compilation fixes
* libpod: Track healthcheck API changes in healthcheck_unsupported.go
* quadlet: Use same default capability set as podman run
* quadlet: Drop --pull=never
* quadlet: Change default of ReadOnly to no
* quadlet: Change RunInit default to no
* quadlet: Change NoNewPrivileges default to false
* test: podman run with checkpoint image
* Enable 'podman run' for checkpoint images
* test: Add tests for checkpoint images
* CI setup: simplify environment passthrough code
* Init containers should not be restarted
* Update c/storage after https://github.com/containers/storage/pull/1436
* Set the latest release explicitly
* add friendly comment
* fix an overriding logic and load config problem
* Update the issue templates
* Update vendor of containers/(image, buildah)
* [CI:DOCS] Skip windows-smoke when not useful
* [CI:DOCS] Remove broken gate-container docs
* OWNERS: add Jason T. Greene
* hack/podmansnoop: print arguments
* Improve atomicity of VM state persistence on Windows
* [CI:BUILD] copr: enable podman-restart.service on rpm installation
* macos: pkg: Use -arm64 suffix instead of -aarch64
* linux: Add -linux suffix to podman-remote-static binaries
* linux: Build amd64 and arm64 podman-remote-static binaries
* container create: add inspect data to event
* Allow manual override of install location
* Run codespell on code
* Add missing parameters for checkpoint/restore endpoint
* Add support for startup healthchecks
* Add information on metrics to the `network create` docs
* Introduce podman machine os commands
* Document that ignoreRootFS depends on export/import
* Document ignoreVolumes in checkpoint/restore endpoint
* Remove leaveRunning from swagger restore endpoint
* libpod: Add checks to avoid nil pointer dereference if network setup fails
* Address golangci-lint issues
* Documenting Hyper-V QEMU acceleration settings
* Kube Play: fix the handling of the optional field of SecretVolumeSource
* Update Vendor of containers/(common, image, buildah)
* Fix swapped NetInput/-Output stats
* libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
* chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
* test/tools: rebuild when files are changed
* ginkgo tests: apply ginkgolinter fixes
* ginkgo: restructure install work flow
* Fix manpage emphasis
* specgen: support CDI devices from containers.conf
* vendor: update containers/common
* pkg/trust: Take the default policy path from c/common/pkg/config
* Add validate-in-container target
* Adding encryption decryption feature
* container restart: clean up healthcheck state
* Add support for podman-remote manifest annotate
* Quadlet: Add support for .kube files
* Update vendor of containers/(buildah, common, storage, image)
* specgen: honor user namespace value
* [CI:DOCS] Migrate OSX Cross to M1
* quadlet: Rework uid/gid remapping
* GHA: Fix cirrus re-run workflow for other repos.
* ssh system test: skip until it becomes a test
* shell completion: fix hard coded network drivers
* libpod: Report network setup errors properly on FreeBSD
* E2E Tests: change the registry for the search test to avoid authentication
* pkginstaller: install podman-mac-helper by default
* Fix language. Mostly spelling a -> an
* podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
* [CI:DOCS] Fix spelling and typos
* Modify man page of '--pids-limit' option to correct a default value.
* Update docs/source/markdown/podman-remote.1.md
* Update pkg/bindings/connection.go
* Add more documentation on UID/GID Mappings with --userns=keep-id
* support podman-remote to connect tcpURL with proxy
* Removing the RawInput from the API output
* fix port issues for CONTAINER_HOST
* CI: Package versions: run in the 'main' step
* build(deps): bump github.com/rootless-containers/rootlesskit
* pkg/domain: Make checkExecPreserveFDs platform-specific
* e2e tests: fix restart race
* Fix podman --noout to suppress all output
* remove pod if creation has failed
* pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
* Fix more podman-logs flakes
* healthcheck system tests: try to fix flake
* libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
* GHA: Configure workflows for reuse
* compat,build: handle docker's preconfigured cacheTo,cacheFrom
* docs: deprecate pasta network name
* utils: Enable cgroup utils for FreeBSD
* pkg/specgen: Disable kube play tests on FreeBSD
* libpod/lock: Fix build and tests for SHM locks on FreeBSD
* podman cp: fix copying with '.' suffix
* pkginstaller: bump Qemu to version 7.1.0
* specgen,wasm: switch to crun-wasm wherever applicable
* vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
* libpod: Make unit test for statToPercent Linux only
* Update vendor of containers/storage
* fix connection usage with containers.conf
* Add --quiet and --no-info flags to podman machine start
* Add hidden podman manifest inspect -v option
* Add podman volume create -d short option for driver
* Vendor in latest containers/(common,image,storage)
* Add podman system events alias to podman events
* Fix search_test to return correct version of alpine
* GHA: Fix undefined secret env. var.
* GHA: Fix make_email-body script reference
* Add release keys to README
* GHA: Fix typo setting output parameter
* GHA: Fix typo.
* New tool, docs/version-check
* Formalize our compare-against-docker mechanism
* Add restart-sec for container service files
* test/tools: bump module to go 1.17
* contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
* build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
* libpod: Add FreeBSD support in packageVersion
* Allow podman manigest push --purge|-p as alias for --rm
* [CI:DOCS] Add performance tutorial
* [CI:DOCS] Fix build targets in build_osx.md.
* fix --format {{json .}} output to match docker
* remote: fix manifest add --annotation
* Skip test if `--events-backend` is necessary with podman-remote
* kube play: update the handling of PersistentVolumeClaim
* system tests: fix a system test in proxy environment
* Use single unqualified search registry on Windows
* test/system: Add, use tcp_port_probe() to check for listeners rather than binds
* test/system: Add tests for pasta(1) connectivity
* test/system: Move network-related helpers to helpers.network.bash
* test/system: Use procfs to find bound ports, with optional address and protocol
* test/system: Use port_is_free() from wait_for_port()
* libpod: Add pasta networking mode
* More log-flake work
* Fix test flakes caused by improper podman-logs
* fix incorrect systemd booted check
* Cirrus: Add tests for GHA scripts
* GHA: Update scripts to pass shellcheck
* Cirrus: Shellcheck github-action scripts
* Cirrus: shellcheck support for github-action scripts
* GHA: Fix cirrus-cron scripts
* Makefile: don't install to tmpfiles.d on FreeBSD
* Make sure we can build and read each line of docker py's api client
* Docker compat build api - make sure only one line appears per flush
* Run codespell on code
* Update vendor of containers/(image, storage, common)
* Allow namespace path network option for pods.
* Cirrus: Never skip running Windows Cross task
* GHA: Auto. re-run failed cirrus-cron builds once
* GHA: Migrate inline script to file
* GHA: Simplify script reference
* test/e2e: do not use apk in builds
* remove container/pod id file along with container/pod
* Cirrus: Synchronize windows image
* Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
* runtime: add check for valid pod systemd cgroup
* CI: set and verify DESIRED_NETWORK (netavark, cni)
* [CI:DOCS] troubleshooting: document keep-id options
* Man pages: refactor common options: --security-opt
* Cirrus: Guarantee CNI testing w/o nv/av present
* Cirrus: temp. disable all Ubuntu testing
* Cirrus: Update to F37beta
* buildah bud tests: better handling of remote
* quadlet: Warn in generator if using short names
* Add Windows Smoke Testing
* Add podman kube apply command
* docs: offer advice on installing test dependencies
* Fix documentation on read-only-tmpfs
* version bump to 4.4.0-dev
* deps: bump go-criu to v6
* Makefile: Add cross build targets for freebsd
* pkg/machine: Make this build on FreeBSD/arm64
* pkg/rctl: Remove unused cgo dependency
* man pages: assorted underscore fixes
* Upgrade GitHub actions packages from v2 to v3
* vendor github.com/godbus/dbus/v5@4b691ce
* [CI:DOCS] fix --tmpdir typos
* Do not report that /usr/share/containers/storage.conf has been edited.
* Eval symlinks on XDG_RUNTIME_DIR
* hack/podmansnoop
* rootless: support keep-id with one mapping
* rootless: add argument to GetConfiguredMappings
* Update vendor containers/(common,storage,buildah,image)
* Fix deadlock between 'podman ps' and 'container inspect' commands
* Add information about where the libpod/boltdb database lives
* Consolidate the dependencies for the IsTerminal() API
* Ensure that StartAndAttach locks while sending signals
* ginkgo testing: fix podman usernamespace join
* Test runners: nuke podman from $PATH before tests
* volumes: Fix idmap not working for volumes
* FIXME: Temporary workaround for ubi8 CI breakage
* System tests: teardown: clean up volumes
* update api versions on docs.podman.io
* system tests: runlabel: use podman-under-test
* system tests: podman network create: use random port
* sig-proxy test: bump timeout
* play kube: Allow the user to import the contents of a tar file into a volume
* Clarify the docs on DropCapability
* quadlet tests: Disable kmsg logging while testing
* quadlet: Support multiple Network=
* quadlet: Add support for Network=...
* Fix manpage for podman run --network option
* quadlet: Add support for AddDevice=
* quadlet: Add support for setting seccomp profile
* quadlet: Allow multiple elements on each Add/DropCaps line
* quadlet: Embed the correct binary name in the generated comment
* quadlet: Drop the SocketActivated key
* quadlet: Switch log-driver to passthrough
* quadlet: Change ReadOnly to default to enabled
* quadlet tests: Run the tests even for (exected) failed tests
* quadlet tests: Fix handling of stderr checks
* Remove unused script file
* notifyproxy: fix container watcher
* container/pod id file: truncate instead of throwing an error
* quadlet: Use the new podman create volume --ignore
* Add podman volume create --ignore
* logcollector: include aardvark-dns
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
* build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
* docs: generate systemd: point to kube template
* docs: kube play: mention restart policy
* Fixes: 15858 (podman system reset --force destroy machine)
* fix search flake
* use cached containers.conf
* adding regex support to the ancestor ps filter function
* Fix `system df` issues with `-f` and `-v`
* markdown-preprocess: cross-reference where opts are used
* Default qemu flags for Windows amd64
* build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
* Update main to reflect v4.3.0 release
* build(deps): bump github.com/docker/docker
* move quadlet packages into pkg/systemd
* system df: fix image-size calculations
* Add man page for quadlet
* testimage: add iproute2 & socat, for pasta networking
* Set up minikube for k8s testing
* [CI:BUILD] copr: podman rpm should depend on containers-common-extra
* Podman image: Set default_sysctls to empty for rootless containers
* libpod: Add support for 'podman top' on FreeBSD
* libpod: Factor out jail name construction from stats_freebsd.go
* pkg/util: Add pid information descriptors for FreeBSD
* Initial quadlet version integrated in golang
* bump golangci-lint to v1.49.0
* Update vendor containers/(common,image,storage)
* Allow volume mount dups, iff source and dest dirs
* rootless: fix return value handling
* Change to correct break statements
* vendor containers/psgo@v1.8.0
* Clarify that MacOSX docs are client specific
* libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
* Add swagger install + allow version updates in CI
* Cirrus: Fix windows clone race
* kill: wait for the container
* generate systemd: set --stop-timeout for stopping containers
* hack/tree_status.sh: print diff at the end
* Fix markdown header typo
* markdown-preprocess: add generic include mechanism
* markdown-preprocess: almost complete OO rewrite
* Update tests for changed error messages
* Update c/image after https://github.com/containers/image/pull/1299
* Man pages: refactor common options (misc)
* Man pages: Refactor common options: --detach-keys
* vendor containers/storage@main
* Man pages: refactor common options: --attach
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
* KillContainer: improve error message
* docs: add missing options
* Man pages: refactor common options: --annotation (manifest)
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
* system tests: health-on-failure: fix broken logic
* build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
* build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
* ContainerEngine.SetupRootless(): Avoid calling container.Config()
* Container filters: Avoid use of ctr.Config()
* Avoid unnecessary calls to Container.Spec()
* Add and use Container.LinuxResource() helper
* play kube: notifyproxy: listen before starting the pod
* play kube: add support for configmap binaryData
* Add and use libpod/Container.Terminal() helper
* Revert 'Add checkpoint image tests'
* Revert 'cmd/podman: add support for checkpoint images'
* healthcheck: fix --on-failure=stop
* Man pages: Add mention of behavior due to XDG_CONFIG_HOME
* build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
* Avoid unnecessary timeout of 250msec when waiting on container shutdown
* health checks: make on-failure action retry aware
* libpod: Remove 100msec delay during shutdown
* libpod: Add support for 'podman pod' on FreeBSD
* libpod: Factor out cgroup validation from (*Runtime).NewPod
* libpod: Move runtime_pod_linux.go to runtime_pod_common.go
* specgen/generate: Avoid a nil dereference in MakePod
* libpod: Factor out cgroups handling from (*Pod).refresh
* Adds a link to OSX docs in CONTRIBUTING.md
* Man pages: refactor common options: --os-version
* Create full path to a directory when DirectoryOrCreate is used with play kube
* Return error in podman system service if URI scheme is not unix/tcp
* Man pages: refactor common options: --time
* man pages: document some --format options: images
* Clean up when stopping pods
ImportantSUSE bug 1197093SUSE bug 1208364SUSE bug 1208510SUSE bug 1209495CVE-2023-0778 at SUSECVE-2023-0778 at NVDcpe:/o:suse:suse-microos:5.2Security update for harfbuzz (Important)SUSE Linux Enterprise Micro 5.2
This update for harfbuzz fixes the following issues:
- CVE-2023-25193: Fixed vulnerability that allowed attackers to trigger O(n^2) growth via consecutive marks (bsc#1207922).
ImportantSUSE bug 1207922CVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
Update to containerd v1.6.19:
Security fixes:
- CVE-2023-25153: Fixed OCI image importer memory exhaustion (bnc#1208423).
- CVE-2023-25173: Fixed supplementary groups not set up properly (bnc#1208426).
ModerateSUSE bug 1208423SUSE bug 1208426CVE-2023-25153 at SUSECVE-2023-25153 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:suse:suse-microos:5.2Security update for wayland (Important)SUSE Linux Enterprise Micro 5.2
This update for wayland fixes the following issues:
- CVE-2021-3782: Fixed a reference-count overflow in libwayland-server SHM handling. (bsc#1190486)
ImportantSUSE bug 1190486CVE-2021-3782 at SUSECVE-2021-3782 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-28464: Fixed use-after-free that could lead to privilege escalation in hci_conn_cleanup in net/bluetooth/hci_conn.c (bsc#1209052).
- CVE-2023-0394: Fixed a null pointer dereference flaw in the network subcomponent in the Linux kernel which could lead to system crash (bsc#1207168).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2021-3923: Fixed stack information leak vulnerability that could lead to kernel protection bypass in infiniband RDMA (bsc#1209778).
- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1281: Fixed use after free that could lead to privilege escalation in tcindex (bsc#1209634).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2017-5753: Fixed spectre V1 vulnerability on netlink (bsc#1209547).
The following non-security bugs were fixed:
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168).
- net: ena: optimize data access in fast-path code (bsc#1208137).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1209785).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1209785).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1209785).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1209785).
ImportantSUSE bug 1207168SUSE bug 1208137SUSE bug 1208598SUSE bug 1208601SUSE bug 1208787SUSE bug 1209052SUSE bug 1209256SUSE bug 1209288SUSE bug 1209289SUSE bug 1209290SUSE bug 1209291SUSE bug 1209366SUSE bug 1209532SUSE bug 1209547SUSE bug 1209549SUSE bug 1209634SUSE bug 1209635SUSE bug 1209636SUSE bug 1209778SUSE bug 1209785CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2021-3923 at SUSECVE-2021-3923 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1281 at SUSECVE-2023-1281 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1390 at SUSECVE-2023-1390 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28772 at SUSECVE-2023-28772 at NVDcpe:/o:suse:suse-microos:5.2Security update for dnsmasq (Moderate)SUSE Linux Enterprise Micro 5.2
This update for dnsmasq fixes the following issues:
- CVE-2023-28450: Fixed default maximum size for EDNS.0 UDP packets (bsc#1209358).
ModerateSUSE bug 1209358CVE-2023-28450 at SUSECVE-2023-28450 at NVDcpe:/o:suse:suse-microos:5.2Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.2
This update for ovmf fixes the following issues:
- CVE-2019-14560: Fixed potential secure boot bypass via an improper check of GetEfiGlobalVariable2 (bsc#1174246).
- CVE-2021-38578: Fixed underflow in MdeModulePkg/PiSmmCore SmmEntryPointAdd (bsc#1196741).
ImportantSUSE bug 1174246SUSE bug 1196741CVE-2019-14560 at SUSECVE-2019-14560 at NVDCVE-2021-38578 at SUSECVE-2021-38578 at NVDcpe:/o:suse:suse-microos:5.2Security update for s390-tools (Moderate)SUSE Linux Enterprise Micro 5.2
This update of s390-tools fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-microos:5.2Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
ImportantSUSE bug 1205126CVE-2022-42898 at SUSECVE-2022-42898 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2023-1981: Fixed crash in avahi-daemon (bsc#1210328).
ModerateSUSE bug 1210328CVE-2023-1981 at SUSECVE-2023-1981 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
Update to runc v1.1.5:
Security fixes:
- CVE-2023-25809: Fixed rootless `/sys/fs/cgroup` is writable when cgroupns isn't unshared (bnc#1209884).
- CVE-2023-27561: Fixed regression that reintroduced CVE-2019-19921 vulnerability (bnc#1208962).
- CVE-2023-28642: Fixed AppArmor/SELinux bypass with symlinked /proc (bnc#1209888).
Other fixes:
- Fix the inability to use `/dev/null` when inside a container.
- Fix changing the ownership of host's `/dev/null` caused by fd redirection (bsc#1168481).
- Fix rare runc exec/enter unshare error on older kernels.
- nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
ImportantSUSE bug 1168481SUSE bug 1208962SUSE bug 1209884SUSE bug 1209888CVE-2023-25809 at SUSECVE-2023-25809 at NVDCVE-2023-27561 at SUSECVE-2023-27561 at NVDCVE-2023-28642 at SUSECVE-2023-28642 at NVDcpe:/o:suse:suse-microos:5.2Security update for sssd (Important)SUSE Linux Enterprise Micro 5.2
This update for sssd fixes the following issues:
- CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474)
ImportantSUSE bug 1207474CVE-2022-4254 at SUSECVE-2022-4254 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).
The following non-security bugs were fixed:
- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .
ImportantSUSE bug 1065270SUSE bug 1199132SUSE bug 1204585SUSE bug 1210411SUSE bug 1210412CVE-2021-3541 at SUSECVE-2021-3541 at NVDCVE-2022-29824 at SUSECVE-2022-29824 at NVDCVE-2023-28484 at SUSECVE-2023-28484 at NVDCVE-2023-29469 at SUSECVE-2023-29469 at NVDcpe:/o:suse:suse-microos:5.2Security update for libtpms (Important)SUSE Linux Enterprise Micro 5.2
This update for libtpms fixes the following issues:
- CVE-2023-1017: Fixed out-of-bounds write in CryptParameterDecryption (bsc#1206022).
- CVE-2023-1018: Fixed out-of-bounds read in CryptParameterDecryption (bsc#1206023).
ImportantSUSE bug 1206022SUSE bug 1206023CVE-2023-1017 at SUSECVE-2023-1017 at NVDCVE-2023-1018 at SUSECVE-2023-1018 at NVDcpe:/o:suse:suse-microos:5.2Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.2
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
ModerateSUSE bug 1210507CVE-2023-29383 at SUSECVE-2023-29383 at NVDcpe:/o:suse:suse-microos:5.2Security update for zstd (Moderate)SUSE Linux Enterprise Micro 5.2
This update for zstd fixes the following issues:
- CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533).
ModerateSUSE bug 1209533CVE-2022-4899 at SUSECVE-2022-4899 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2023-24593: Fixed a denial of service caused by handling a malicious text-form variant (bsc#1209714).
- CVE-2023-25180: Fixed a denial of service caused by malicious serialised variant (bsc#1209713).
The following non-security bug was fixed:
- Fixed regression on s390x (bsc#1210135, glgo#GNOME/glib!2978).
ModerateSUSE bug 1209713SUSE bug 1209714SUSE bug 1210135CVE-2023-24593 at SUSECVE-2023-24593 at NVDCVE-2023-25180 at SUSECVE-2023-25180 at NVDcpe:/o:suse:suse-microos:5.2Security update for shim (Important)SUSE Linux Enterprise Micro 5.2
This update for shim fixes the following issues:
- CVE-2022-28737 was missing as reference previously.
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
Logic was added that is using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
ImportantSUSE bug 1210382CVE-2022-28737 at SUSECVE-2022-28737 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1443, fixes the following security problems
- CVE-2023-1264: Fixed NULL Pointer Dereference (bsc#1209042).
- CVE-2023-1355: Fixed NULL Pointer Dereference (bsc#1209187).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
ModerateSUSE bug 1208828SUSE bug 1209042SUSE bug 1209187CVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1264 at SUSECVE-2023-1264 at NVDCVE-2023-1355 at SUSECVE-2023-1355 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- Updated to version 9.0.1234:
- CVE-2023-0433: Fixed an out of bounds memory access that could
cause a crash (bsc#1207396).
- CVE-2023-0288: Fixed an out of bounds memory access that could
cause a crash (bsc#1207162).
- CVE-2023-0054: Fixed an out of bounds memory write that could
cause a crash or memory corruption (bsc#1206868).
- CVE-2023-0051: Fixed an out of bounds memory access that could
cause a crash (bsc#1206867).
- CVE-2023-0049: Fixed an out of bounds memory access that could
cause a crash (bsc#1206866).
ModerateSUSE bug 1206866SUSE bug 1206867SUSE bug 1206868SUSE bug 1207162SUSE bug 1207396CVE-2023-0049 at SUSECVE-2023-0049 at NVDCVE-2023-0051 at SUSECVE-2023-0051 at NVDCVE-2023-0054 at SUSECVE-2023-0054 at NVDCVE-2023-0288 at SUSECVE-2023-0288 at NVDCVE-2023-0433 at SUSECVE-2023-0433 at NVDcpe:/o:suse:suse-microos:5.2Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ncurses fixes the following issues:
- CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).
ModerateSUSE bug 1210434CVE-2023-29491 at SUSECVE-2023-29491 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
The following non-security bugs were fixed:
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- cifs: fix negotiate context parsing (bsc#1210301).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
ImportantSUSE bug 1202353SUSE bug 1206992SUSE bug 1207088SUSE bug 1209687SUSE bug 1209739SUSE bug 1209777SUSE bug 1209871SUSE bug 1210202SUSE bug 1210203SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210414SUSE bug 1210453SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210629SUSE bug 1210647CVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1872 at SUSECVE-2023-1872 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2124: Fixed an out of bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2020-36691: Fixed a denial of service vulnerability via a nested Netlink policy with a back reference (bsc#1209777).
- CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
The following non-security bugs were fixed:
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- cifs: fix negotiate context parsing (bsc#1210301).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
ImportantSUSE bug 1202353SUSE bug 1205128SUSE bug 1206992SUSE bug 1207088SUSE bug 1209687SUSE bug 1209739SUSE bug 1209777SUSE bug 1209871SUSE bug 1210202SUSE bug 1210203SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210414SUSE bug 1210453SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210629SUSE bug 1210647CVE-2020-36691 at SUSECVE-2020-36691 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1872 at SUSECVE-2023-1872 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2008 at SUSECVE-2023-2008 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDcpe:/o:suse:suse-microos:5.2Security update for dmidecode (Moderate)SUSE Linux Enterprise Micro 5.2
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
ModerateSUSE bug 1210418CVE-2023-30630 at SUSECVE-2023-30630 at NVDcpe:/o:suse:suse-microos:5.2Security update for conmon (Important)SUSE Linux Enterprise Micro 5.2
This update of conmon fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.2Security update for curl (Important)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233).
ImportantSUSE bug 1211231SUSE bug 1211232SUSE bug 1211233SUSE bug 1211339CVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-setuptools (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-setuptools fixes the following issues:
- CVE-2022-40897: Fixed an excessive CPU usage that could be triggered
by fetching a malicious HTML document (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382).
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
- Rebuild containerd with a current version of go to catch up on bugfixes and security fixes (bsc#1210298)
ImportantSUSE bug 1210298cpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update of runc fixes the following issues:
- rebuild the package with the go 19.9 secure release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.2Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.2
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:suse:suse-microos:5.2Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.2
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.2Security update for cni (Important)SUSE Linux Enterprise Micro 5.2
This update of cni fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
ImportantSUSE bug 1200441cpe:/o:suse:suse-microos:5.2Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
Fixed multiple out of bounds read/write security issues:
CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228),
CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231),
CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234),
CVE-2023-0804 (bsc#1208236).
ModerateSUSE bug 1208226SUSE bug 1208227SUSE bug 1208228SUSE bug 1208229SUSE bug 1208230SUSE bug 1208231SUSE bug 1208232SUSE bug 1208233SUSE bug 1208234SUSE bug 1208236CVE-2023-0795 at SUSECVE-2023-0795 at NVDCVE-2023-0796 at SUSECVE-2023-0796 at NVDCVE-2023-0797 at SUSECVE-2023-0797 at NVDCVE-2023-0798 at SUSECVE-2023-0798 at NVDCVE-2023-0799 at SUSECVE-2023-0799 at NVDCVE-2023-0800 at SUSECVE-2023-0800 at NVDCVE-2023-0801 at SUSECVE-2023-0801 at NVDCVE-2023-0802 at SUSECVE-2023-0802 at NVDCVE-2023-0803 at SUSECVE-2023-0803 at NVDCVE-2023-0804 at SUSECVE-2023-0804 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:suse:suse-microos:5.2Security update for installation-images (Moderate)SUSE Linux Enterprise Micro 5.2
This update of installation-images fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
ModerateSUSE bug 1209188cpe:/o:suse:suse-microos:5.2Security update for openldap2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
ModerateSUSE bug 1211795CVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940 bsc#1211260).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove due caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
ImportantSUSE bug 1199636SUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1208474SUSE bug 1208604SUSE bug 1209287SUSE bug 1209779SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211037SUSE bug 1211043SUSE bug 1211105SUSE bug 1211131SUSE bug 1211186SUSE bug 1211203SUSE bug 1211590SUSE bug 1211592SUSE bug 1211596SUSE bug 1211622CVE-2020-36694 at SUSECVE-2020-36694 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-23586 at SUSECVE-2023-23586 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:suse-microos:5.2Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.2
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
ModerateSUSE bug 1211894CVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:suse:suse-microos:5.2Security update for Salt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:suse-microos:5.2Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:suse-microos:5.2Security update for salt and python-pyzmq (Moderate)SUSE Linux Enterprise Micro 5.2
This update for salt and python-pyzmq fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-pyzmq:
- Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945)
ModerateSUSE bug 1186945SUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:suse:suse-microos:5.2Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).
Bug fixes:
- Fixed build problem with grpc 1.54 (bsc#1210695).
ModerateSUSE bug 1210695SUSE bug 1212143CVE-2023-20867 at SUSECVE-2023-20867 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208).
- CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474).
The following non-security bugs were fixed:
- SUNRPC: Ensure the transport backchannel association (bsc#1211203).
- hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
ImportantSUSE bug 1184208SUSE bug 1199636SUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206024SUSE bug 1208474SUSE bug 1208604SUSE bug 1209287SUSE bug 1209779SUSE bug 1210715SUSE bug 1210783SUSE bug 1210940SUSE bug 1211037SUSE bug 1211043SUSE bug 1211105SUSE bug 1211131SUSE bug 1211186SUSE bug 1211203SUSE bug 1211590SUSE bug 1211592SUSE bug 1211596SUSE bug 1211622CVE-2020-36694 at SUSECVE-2020-36694 at NVDCVE-2021-29650 at SUSECVE-2021-29650 at NVDCVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-23586 at SUSECVE-2023-23586 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDcpe:/o:suse:suse-microos:5.2Security update for libX11 (Important)SUSE Linux Enterprise Micro 5.2
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
ImportantSUSE bug 1212230CVE-2023-34241 at SUSECVE-2023-34241 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996).
- CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256).
- CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257).
ImportantSUSE bug 1210996SUSE bug 1211256SUSE bug 1211257CVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
The following non-security bugs were fixed:
- Drivers: hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- Drop dvb-core fix patch due to bug (bsc#1205758).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- k-m-s: Drop Linux 2.6 support
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636).
- sunrpc: Ensure the transport backchannel association (bsc#1211203).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
ImportantSUSE bug 1160435SUSE bug 1172073SUSE bug 1187829SUSE bug 1191731SUSE bug 1199046SUSE bug 1199636SUSE bug 1200217SUSE bug 1202353SUSE bug 1205758SUSE bug 1207088SUSE bug 1208600SUSE bug 1209039SUSE bug 1209342SUSE bug 1209739SUSE bug 1210301SUSE bug 1210469SUSE bug 1210533SUSE bug 1210791SUSE bug 1211089SUSE bug 1211203SUSE bug 1211519SUSE bug 1211592SUSE bug 1211622SUSE bug 1211796SUSE bug 1212128SUSE bug 1212129SUSE bug 1212154SUSE bug 1212158SUSE bug 1212494SUSE bug 1212501SUSE bug 1212502SUSE bug 1212504SUSE bug 1212513SUSE bug 1212606SUSE bug 1212842CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3159 at SUSECVE-2023-3159 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35824 at SUSECVE-2023-35824 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
The following non-security bugs were fixed:
- Also include kernel-docs build requirements for ALP
- Avoid unsuported tar parameter on SLE12
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix usrmerge error (boo#1211796)
- Generalize kernel-doc build requirements.
- Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file.
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file.
- Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore
- Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1.
- cifs: do not include page data when checking signature (bsc#1200217).
- cifs: fix open leaks in open_cached_dir() (bsc#1209342).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE.
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046)
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
ImportantSUSE bug 1160435SUSE bug 1172073SUSE bug 1187829SUSE bug 1191731SUSE bug 1199046SUSE bug 1200217SUSE bug 1205758SUSE bug 1208600SUSE bug 1209039SUSE bug 1209342SUSE bug 1210533SUSE bug 1210791SUSE bug 1211089SUSE bug 1211519SUSE bug 1211796SUSE bug 1212128SUSE bug 1212129SUSE bug 1212154SUSE bug 1212158SUSE bug 1212494SUSE bug 1212501SUSE bug 1212502SUSE bug 1212504SUSE bug 1212513SUSE bug 1212606SUSE bug 1212842CVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3159 at SUSECVE-2023-3159 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35824 at SUSECVE-2023-35824 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
ModerateSUSE bug 1211674CVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:suse:suse-microos:5.2Security update for cni (Important)SUSE Linux Enterprise Micro 5.2
This update of cni fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:suse-microos:5.2Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.2
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:suse:suse-microos:5.2Security update for dbus-1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
ModerateSUSE bug 1212126CVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:suse:suse-microos:5.2Security update for perl (Important)SUSE Linux Enterprise Micro 5.2
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssh (Important)SUSE Linux Enterprise Micro 5.2
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
ImportantSUSE bug 1186673SUSE bug 1209536SUSE bug 1213004SUSE bug 1213008SUSE bug 1213504CVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:suse:suse-microos:5.2Security update for libcap (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libcap fixes the following issues:
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
ModerateSUSE bug 1211419CVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Important)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
ImportantSUSE bug 1213171SUSE bug 1213172SUSE bug 1213173SUSE bug 1213174SUSE bug 1213384CVE-2022-2127 at SUSECVE-2022-2127 at NVDCVE-2023-34966 at SUSECVE-2023-34966 at NVDCVE-2023-34967 at SUSECVE-2023-34967 at NVDCVE-2023-34968 at SUSECVE-2023-34968 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
- FIPS: list only FIPS approved public key algorithms (bsc#1121365, bsc#1198472)
ImportantSUSE bug 1121365SUSE bug 1198472SUSE bug 1207533SUSE bug 1207534SUSE bug 1207536SUSE bug 1207538CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2022-4450 at SUSECVE-2022-4450 at NVDCVE-2023-0215 at SUSECVE-2023-0215 at NVDCVE-2023-0286 at SUSECVE-2023-0286 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
ModerateSUSE bug 1210994SUSE bug 1211591SUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:suse-microos:5.2Security update for SUSE Manager Client Tools (Moderate)SUSE Linux Enterprise Micro 5.2
This update fixes the following issues:
python-tornado:
- Security fixes:
* CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
* Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
spacecmd:
- Version 4.3.22-1
* Bypass traditional systems check on older SUMA instances (bsc#1208612)
ModerateSUSE bug 1208612SUSE bug 1211741SUSE bug 1212279CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
- Update further expiring certificates that affect tests [bsc#1201627]
ModerateSUSE bug 1201627SUSE bug 1207534SUSE bug 1213487CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:suse:suse-microos:5.2Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.2
This update for kernel-firmware fixes the following issues:
- CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).
ModerateSUSE bug 1213286CVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:suse-microos:5.2Security update for librsvg (Important)SUSE Linux Enterprise Micro 5.2
This update for librsvg fixes the following issues:
librsvg was updated to version 2.46.7:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
ImportantSUSE bug 1213502CVE-2023-38633 at SUSECVE-2023-38633 at NVDcpe:/o:suse:suse-microos:5.2Security update for pcre2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
ModerateSUSE bug 1213514CVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
podman was updated to version 4.3.1:
4.3.1:
* Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
* Misc
- Updated the containers/image library to v5.23.1
4.3.0:
* Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml`
- The `podman kube play` command now supports the `emptyDir` volume type
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge 'PATH=$PATH:/my/app' ...`)
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container)
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set
### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers)
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
Update to version 4.2.0:
* Features
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared)
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
- The remote Podman client now supports the podman image scp command.
- The podman image scp command now supports tagging the transferred image with a new name.
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
- The podman events command now includes the -f short option for the --filter option.
- The podman pull command now includes the -a short option for the --all-tags option.
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
- The Podman global option --url now has two aliases: -H and --host.
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
- Added the ability to create sigstore signatures in podman push and podman manifest push.
- Added an option to read image signing passphrase from a file.
* Changes
- Paused containers can now be killed with the podman kill command.
- The podman system prune command now removes unused networks.
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
- Init containers created with podman play kube now default to the once type (#14877).
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
- The libpod/common package has been removed as it's not used anywhere.
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
* Misc
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
- Podman Machine support for QEMU installations at non-default paths has been improved.
- The podman machine ssh command no longer prints spurious warnings every time it is run.
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
- Updated the containers/image library to v5.22.0
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
- Updated the containers/common library to v0.49.1
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
- Fixed an incorrect release note about regexp.
- A new MacOS installer (via pkginstaller) is now supported.
Update to version 4.1.1:
* The output of the podman load command now mirrors that of docker load.
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
* Fix CVE-2022-27191 / bsc#1197284
- Require catatonit >= 0.1.7 for pause functionality needed by pods
Update to version 4.0.3:
* Security
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
* Changes
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
- Updated the containers/common library to v0.47.5
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
ImportantSUSE bug 1181640SUSE bug 1181961SUSE bug 1193166SUSE bug 1193273SUSE bug 1197672SUSE bug 1199790SUSE bug 1202809CVE-2021-20199 at SUSECVE-2021-20199 at NVDCVE-2021-20206 at SUSECVE-2021-20206 at NVDCVE-2021-4024 at SUSECVE-2021-4024 at NVDCVE-2021-41190 at SUSECVE-2021-41190 at NVDCVE-2022-27649 at SUSECVE-2022-27649 at NVDCVE-2022-2989 at SUSECVE-2022-2989 at NVDcpe:/o:suse:suse-microos:5.2Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.2
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2023-37327: Fixed GStreamer FLAC File Parsing Integer Overflow (bsc#1213128).
- CVE-2023-37328: Fixed Heap-based Buffer Overflow in GStreamer PGS (bsc#1213131).
ImportantSUSE bug 1213128SUSE bug 1213131CVE-2023-37327 at SUSECVE-2023-37327 at NVDCVE-2023-37328 at SUSECVE-2023-37328 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213517SUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:suse:suse-microos:5.2Security update for libyajl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
ModerateSUSE bug 1212928CVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:suse:suse-microos:5.2Security update for kernel-firmware (Moderate)SUSE Linux Enterprise Micro 5.2
This update for kernel-firmware fixes the following issues:
- CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287)
ModerateSUSE bug 1213287CVE-2023-20569 at SUSECVE-2023-20569 at NVDcpe:/o:suse:suse-microos:5.2Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
ImportantSUSE bug 1214054CVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:suse:suse-microos:5.2Recommended update for rsync (Moderate)SUSE Linux Enterprise Micro 5.2
This update for rsync fixes the following issues:
- Update to version 3.2.3 (jsc#SLE-21252, jsc#PED-3146)
- Add support for using --atimes to preserve atime of files in destination sync (jsc#PED-3145)
- Remove SuSEfirewall2 service as this was replaced by firewalld (which already provides a rsyncd service).
- Fix --delay-updates never updates after interruption (bsc#1204538)
- Arbitrary file write vulnerability via do_server_recv function (bsc#1201840, CVE-2022-29154)
- rsync-ssl: Verify the hostname in the certificate when using openssl. (bsc#1176160, CVE-2020-14387)
ModerateSUSE bug 1176160SUSE bug 1201840SUSE bug 1204538CVE-2020-14387 at SUSECVE-2020-14387 at NVDCVE-2022-29154 at SUSECVE-2022-29154 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
- CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure.
- CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure.
- CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege.
ImportantSUSE bug 1206418SUSE bug 1214099CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- get module prefix from kmod (bsc#1212835).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- remove more packaging cruft for sle < 12 sp3
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
ImportantSUSE bug 1199304SUSE bug 1206418SUSE bug 1207270SUSE bug 1210584SUSE bug 1211131SUSE bug 1211738SUSE bug 1211867SUSE bug 1212301SUSE bug 1212741SUSE bug 1212835SUSE bug 1212846SUSE bug 1213059SUSE bug 1213061SUSE bug 1213167SUSE bug 1213245SUSE bug 1213286SUSE bug 1213287SUSE bug 1213354SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213653SUSE bug 1213868CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2022-48281: Fixed a buffer overflow that could be triggered via
a crafted image (bsc#1207413).
ImportantSUSE bug 1207413CVE-2022-48281 at SUSECVE-2022-48281 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- get module prefix from kmod (bsc#1212835).
- remove more packaging cruft for sle < 12 sp3
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
ImportantSUSE bug 1199304SUSE bug 1206418SUSE bug 1207270SUSE bug 1210584SUSE bug 1211131SUSE bug 1211738SUSE bug 1211867SUSE bug 1212301SUSE bug 1212741SUSE bug 1212835SUSE bug 1212846SUSE bug 1213059SUSE bug 1213061SUSE bug 1213167SUSE bug 1213245SUSE bug 1213286SUSE bug 1213287SUSE bug 1213354SUSE bug 1213543SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213653SUSE bug 1213868CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:suse:suse-microos:5.2Security update for gawk (Low)SUSE Linux Enterprise Micro 5.2
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
LowSUSE bug 1214025CVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2023-0330: Fixed a stack overflow due to a DMA reentrancy issue. (bsc#1207205)
- CVE-2023-3354: Fixed a remote unauthenticated DoS due to an improper I/O watch removal in VNC TLS handshake. (bsc#1212850)
- CVE-2023-3180: Fixed a heap buffer overflow in virtio_crypto_sym_op_helper(). (bsc#1213925)
- CVE-2021-3638: Fixed an out-of-bounds write due to an inconsistent check in ati_2d_blt(). (bsc#1188609)
- CVE-2023-3301: Fixed a DoS due to an assertion failure. (bsc#1213414)
- CVE-2021-3750: Fixed an use-after-free in DMA reentrancy issue. (bsc#1190011)
ImportantSUSE bug 1188609SUSE bug 1190011SUSE bug 1207205SUSE bug 1212850SUSE bug 1213414SUSE bug 1213925CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2021-3750 at SUSECVE-2021-3750 at NVDCVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
ModerateSUSE bug 1027519SUSE bug 1204489SUSE bug 1213616SUSE bug 1214082SUSE bug 1214083CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:suse:suse-microos:5.2Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.2
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
ImportantSUSE bug 1214248cpe:/o:suse:suse-microos:5.2Security update for freetype2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
ModerateSUSE bug 1210419CVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:suse:suse-microos:5.2Security update for procps (Low)SUSE Linux Enterprise Micro 5.2
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
LowSUSE bug 1214290CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:suse-microos:5.2Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
- CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).
This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421)
ImportantSUSE bug 1214566CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
ModerateSUSE bug 1210797SUSE bug 1212368SUSE bug 1213120SUSE bug 1213229SUSE bug 1213500SUSE bug 1214107SUSE bug 1214108SUSE bug 1214109CVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.2
This update for libssh2_org fixes the following issues:
- CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527)
ImportantSUSE bug 1214527CVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:suse:suse-microos:5.2Security update for icu73_2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for icu73_2 fixes the following issues:
- Update to release 73.2
* CLDR extends the support for “short” Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine
- Update to release 73.1
* Improved Japanese and Korean short-text line breaking
* Reduction of C++ memory use in date formatting
- Update to release 72.1
* Support for Unicode 15, including new characters, scripts,
emoji, and corresponding API constants.
* Support for CLDR 42 locale data with various additions and
corrections.
* Shift to tzdb 2022e. Pre-1970 data for a number of timezones
has been removed.
- bump library packagename to libicu71 to match the version.
- update to 71.1:
* updates to CLDR 41 locale data with various additions and corrections.
* phrase-based line breaking for Japanese. Existing line breaking methods
follow standards and conventions for body text but do not work well for
short Japanese text, such as in titles and headings. This new feature is
optimized for these use cases.
* support for Hindi written in Latin letters (hi_Latn). The CLDR data for
this increasingly popular locale has been significantly revised and
expanded. Note that based on user expectations, hi_Latn incorporates a
large amount of English, and can also be referred to as “Hinglish”.
* time zone data updated to version 2022a. Note that pre-1970 data for a
number of time zones has been removed, as has been the case in the upstream
tzdata release since 2021b.
- ICU-21793 Fix ucptrietest golden diff [bsc#1192935]
- Update to release 70.1:
* Unicode 14 (new characters, scripts, emoji, and API constants)
* CLDR 40 (many additions and corrections)
* Fixes for measurement unit formatting
* Can now be built with up to C++20 compilers
- ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder
- Update to release 69.1
* CLDR 39
* For Norwegian, 'no' is back to being the canonical code, with
'nb' treated as equivalent. This aligns handling of Norwegian
with other macro language codes.
* Binary prefixes in measurement units (KiB, MiB, etc.)
* Time zone offsets from local time: New APIs
BasicTimeZone::getOffsetFromLocal() (C++) and
ucal_getTimeZoneOffsetFromLocal()
- Backport ICU-21366 (bsc#1182645)
- Update to release 68.2
* Fix memory problem in FormattedStringBuilder
* Fix assertion when setKeywordValue w/ long value.
* Fix UBSan breakage on 8bit of rbbi
* fix int32_t overflow in listFormat
* Fix memory handling in MemoryPool::operator=()
* Fix memory leak in AliasReplacer
- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
Update to release 68.1:
* CLDR 38
* Measurement unit preferences
* PluralRules selection for ranges of numbers
* Locale ID canonicalization now conforms to the CLDR spec
including edge cases
* DateIntervalFormat supports output options such as capitalization
* Measurement units are normalized in skeleton string output
* Time zone data (tzdata) version 2020d
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
Update to version 67.1:
* Unicode 13 (ICU-20893, same as in ICU 66)
+ Total of 5930 new characters
+ 4 new scripts
+ 55 new emoji characters, plus additional new sequences
+ New CJK extension, first characters in plane 3: U+30000..U+3134A
* CLDR 37
+ New language at Modern coverage: Nigerian Pidgin
+ New languages at Basic coverage: Fulah (Adlam), Maithili,
Manipuri, Santali, Sindhi (Devanagari), Sundanese
+ Region containment: EU no longer includes GB
+ Unicode 13 root collation data and Chinese data for collation and transliteration
* DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442)
* Various other improvements for ECMA-402 conformance
* Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418)
* Currency formatting options for formal and other currency display name variants (ICU-20854)
* ListFormatter: new public API to select the style & type (ICU-12863)
* ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
* Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
* LocaleMatcher: New option to ignore one-way matches (ICU-20936),
and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
* acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
* Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073)
* Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
* and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
* Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
* Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531).
Update to version 66.1:
* Unicode 13 support
* Fix uses of u8'literals' broken by C++20 introduction of
incompatible char8_t type. (ICU-20972)
* use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- Remove /usr/lib(64)/icu/current [bsc#1158955].
Update to release 65.1 (jsc#SLE-11118):
* Updated to CLDR 36 locale data with many additions and
corrections, and some new measurement units.
* The Java LocaleMatcher API is improved, and ported to C++.
ModerateSUSE bug 1030253SUSE bug 1095425SUSE bug 1103893SUSE bug 1112183SUSE bug 1146907SUSE bug 1158955SUSE bug 1159131SUSE bug 1161007SUSE bug 1162882SUSE bug 1166844SUSE bug 1167603SUSE bug 1182252SUSE bug 1182645SUSE bug 1192935SUSE bug 1193951SUSE bug 354372SUSE bug 437293SUSE bug 824262CVE-2020-10531 at SUSECVE-2020-10531 at NVDCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:suse:suse-microos:5.2Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.2
This update for ovmf fixes the following issues:
- CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371).
ImportantSUSE bug 1188371CVE-2019-11098 at SUSECVE-2019-11098 at NVDcpe:/o:suse:suse-microos:5.2Security update for libeconf (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
The following non-security bug was fixed:
- Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165).
ModerateSUSE bug 1198165SUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:suse:suse-microos:5.2Security update for gcc12 (Important)SUSE Linux Enterprise Micro 5.2
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
ImportantSUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
The following non-security bugs were fixed:
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- Do not add and remove genksyms ifdefs
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove checker warning (jsc#PED-5738).
- kabi/severities: Ignore newly added SRSO mitigation functions
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738).
- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas: move syscall filter setup into separate function (bsc#1023051).
- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275).
- xfs: update superblock counters correctly for !lazysbcount (bsc#1214275).
ImportantSUSE bug 1023051SUSE bug 1203517SUSE bug 1210448SUSE bug 1213272SUSE bug 1213546SUSE bug 1213601SUSE bug 1213666SUSE bug 1213916SUSE bug 1213927SUSE bug 1213968SUSE bug 1213969SUSE bug 1213970SUSE bug 1213971SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214275SUSE bug 1214297SUSE bug 1214348SUSE bug 1214350SUSE bug 1214451CVE-2022-36402 at SUSECVE-2022-36402 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4385 at SUSECVE-2023-4385 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:suse:suse-microos:5.2Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.2
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
Removed CAs:
- Global Chambersign Root
- EC-ACC
- Network Solutions Certificate Authority
- Staat der Nederlanden EV Root CA
- SwissSign Platinum CA - G2
Added CAs:
- DIGITALSIGN GLOBAL ROOT ECDSA CA
- DIGITALSIGN GLOBAL ROOT RSA CA
- Security Communication ECC RootCA1
- Security Communication RootCA3
Changed trust:
- TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022'
and it is not clear how many certs were issued for SSL middleware by TrustCor:
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- TrustCor ECA-1
ImportantSUSE bug 1206212SUSE bug 1206622cpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
The following non-security bugs were fixed:
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- Do not add and remove genksyms ifdefs
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- e1000: Fix fall-through warnings for Clang (jsc#PED-5738).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove checker warning (jsc#PED-5738).
- kabi/severities: Ignore newly added SRSO mitigation functions
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738).
- net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas: move syscall filter setup into separate function (bsc#1023051).
- powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051).
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214275).
- xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275).
- xfs: update superblock counters correctly for !lazysbcount (bsc#1214275).
ImportantSUSE bug 1023051SUSE bug 1203517SUSE bug 1210448SUSE bug 1213272SUSE bug 1213546SUSE bug 1213601SUSE bug 1213666SUSE bug 1213916SUSE bug 1213927SUSE bug 1213968SUSE bug 1213969SUSE bug 1213970SUSE bug 1213971SUSE bug 1214019SUSE bug 1214120SUSE bug 1214149SUSE bug 1214275SUSE bug 1214297SUSE bug 1214348SUSE bug 1214350SUSE bug 1214451CVE-2022-36402 at SUSECVE-2022-36402 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4385 at SUSECVE-2023-4385 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDcpe:/o:suse:suse-microos:5.2Security update for cni (Important)SUSE Linux Enterprise Micro 5.2
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.2Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.2
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.2Security update for supportutils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:suse:suse-microos:5.2Securitys update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
ImportantSUSE bug 1205927SUSE bug 1214850CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base
name. (bsc#1214797, bsc#1193948)
Bugs fixed:
- Create minion_id with reproducible mtime
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'salt_version' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses
(bsc#1213960, bsc#1213630, bsc#1213257)
ModerateSUSE bug 1193948SUSE bug 1210994SUSE bug 1212794SUSE bug 1212844SUSE bug 1212855SUSE bug 1213257SUSE bug 1213441SUSE bug 1213630SUSE bug 1213960SUSE bug 1214796SUSE bug 1214797SUSE bug 1215489CVE-2023-20897 at SUSECVE-2023-20897 at NVDCVE-2023-20898 at SUSECVE-2023-20898 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616).
ImportantSUSE bug 1213616SUSE bug 1215145SUSE bug 1215474CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:suse:suse-microos:5.2Security update for mdadm (Moderate)SUSE Linux Enterprise Micro 5.2
This update for mdadm fixes the following issues:
- CVE-2023-28736: Fixed a buffer overflow (bsc#1214244).
- CVE-2023-28938: Fixed uncontrolled resource consumption (bsc#1214245).
ModerateSUSE bug 1214244SUSE bug 1214245CVE-2023-28736 at SUSECVE-2023-28736 at NVDCVE-2023-28938 at SUSECVE-2023-28938 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Security fixes:
- CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004).
- CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925).
- CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924).
- CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922).
- CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006).
- CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033).
Other fixes:
- Update to version 9.0 with patch level 1894,
for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894
- Use app icons generated from vimlogo.eps in the source tarball;
add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033CVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDcpe:/o:suse:suse-microos:5.2Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:suse:suse-microos:5.2Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.2
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:suse:suse-microos:5.2Security update for shadow (Low)SUSE Linux Enterprise Micro 5.2
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
LowSUSE bug 1214806CVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889).
ModerateSUSE bug 1215889CVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bnc#1204502).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
The following non-security bugs were fixed:
- KVM: VMX: fix crash cleanup when KVM wasn't used (bsc#1207508).
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: fix flush with external metadata device (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm space maps: do not reset space map allocation cursor when committing (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm verity: fix require_signatures module_param permissions (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting down (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- kabi/severities: add mlx5 internal symbols
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix max value for 'first_minor' (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- nbd: make the config put is called before the notifying the waiter (git-fixes).
- nbd: restore default timeout when setting it to zero (git-fixes).
- net/mlx5: Allocate individual capability (bsc#1195175).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#1195175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#1195175).
- net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#1195175).
- net/mlx5: Use order-0 allocations for EQs (bsc#1195175).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- rbd: work around -Wuninitialized warning (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: core: Do not start concurrent async scan on same host (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: core: free sgtables in case command setup fails (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
- scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
- scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
- scsi: iscsi: Do not send data to unbound connection (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Report unbind session event when the target has been removed (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
- scsi: sr: Return correct event when media event code is 3 (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
- scsi: ufs: Clean up completed request without interrupt notification (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
ImportantSUSE bug 1195175SUSE bug 1204502SUSE bug 1206677SUSE bug 1207034SUSE bug 1207497SUSE bug 1207508SUSE bug 1207769SUSE bug 1207878CVE-2022-3606 at SUSECVE-2022-3606 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150)
- CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351)
- CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275)
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117)
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299)
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169)
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643)
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
ImportantSUSE bug 1176588SUSE bug 1202845SUSE bug 1207036SUSE bug 1207270SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212703SUSE bug 1213812SUSE bug 1214233SUSE bug 1214351SUSE bug 1214380SUSE bug 1214386SUSE bug 1215115SUSE bug 1215117SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215299SUSE bug 1215322SUSE bug 1215356CVE-2020-36766 at SUSECVE-2020-36766 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Important)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
ImportantSUSE bug 1215904SUSE bug 1215905SUSE bug 1215908CVE-2023-4091 at SUSECVE-2023-4091 at NVDCVE-2023-4154 at SUSECVE-2023-4154 at NVDCVE-2023-42669 at SUSECVE-2023-42669 at NVDcpe:/o:suse:suse-microos:5.2Security update for conmon (Important)SUSE Linux Enterprise Micro 5.2
This update for conmon fixes the following issues:
conmon is rebuilt with the current stable release go1.21 (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:suse:suse-microos:5.2Security update for opensc (Important)SUSE Linux Enterprise Micro 5.2
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Important)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:suse:suse-microos:5.2Security update for cni (Important)SUSE Linux Enterprise Micro 5.2
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:suse-microos:5.2Security update for cni-plugins (Important)SUSE Linux Enterprise Micro 5.2
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:suse:suse-microos:5.2Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.2
This update for grub2 fixes the following issues:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
ImportantSUSE bug 1215935SUSE bug 1215936CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- locking/rwsem: Disable reader optimistic spinning (bnc#1176588).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
ImportantSUSE bug 1176588SUSE bug 1202845SUSE bug 1207270SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212703SUSE bug 1213812SUSE bug 1214233SUSE bug 1214351SUSE bug 1214380SUSE bug 1214386SUSE bug 1215115SUSE bug 1215117SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215299SUSE bug 1215322SUSE bug 1215356CVE-2020-36766 at SUSECVE-2020-36766 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDcpe:/o:suse:suse-microos:5.2Security update for suse-module-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for suse-module-tools fixes the following issues:
- Updated to version 15.3.17:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
- Updated to version 15.3.16:
- Fixed a build issue for s390x (bsc#1207853).
ImportantSUSE bug 1205767SUSE bug 1207853SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:suse:suse-microos:5.2Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.2
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-34323: Fixed a potential crash in C Xenstored due to an
incorrect assertion (XSA-440) (bsc#1215744).
- CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems
with IOMMU hardware and PCI passthrough enabled (XSA-442)
(bsc#1215746).
- CVE-2023-34325: Fixed multiple parsing issues in libfsimage
(XSA-443) (bsc#1215747).
- CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86
debugging functionality for guests (XSA-444) (bsc#1215748).
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:suse:suse-microos:5.2Recommended update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:suse:suse-microos:5.2Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.2
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:suse:suse-microos:5.2Security update for zlib (Moderate)SUSE Linux Enterprise Micro 5.2
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:suse:suse-microos:5.2Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
ImportantSUSE bug 1210778SUSE bug 1210853SUSE bug 1212051SUSE bug 1214842SUSE bug 1215095SUSE bug 1215467SUSE bug 1215518SUSE bug 1215745SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1216046SUSE bug 1216051SUSE bug 1216134CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
The following non-security bugs were fixed:
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
ImportantSUSE bug 1212051SUSE bug 1214842SUSE bug 1215095SUSE bug 1215467SUSE bug 1215518SUSE bug 1215745SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1216046CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
ModerateSUSE bug 1212535SUSE bug 1212881SUSE bug 1212883SUSE bug 1212888SUSE bug 1213273SUSE bug 1213274SUSE bug 1213589SUSE bug 1213590SUSE bug 1214574CVE-2020-18768 at SUSECVE-2020-18768 at NVDCVE-2023-25433 at SUSECVE-2023-25433 at NVDCVE-2023-26966 at SUSECVE-2023-26966 at NVDCVE-2023-2908 at SUSECVE-2023-2908 at NVDCVE-2023-3316 at SUSECVE-2023-3316 at NVDCVE-2023-3576 at SUSECVE-2023-3576 at NVDCVE-2023-3618 at SUSECVE-2023-3618 at NVDCVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-38289 at SUSECVE-2023-38289 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
Updated to NSS 3.79.4 (bsc#1208138):
- CVE-2023-0767: Fixed handling of unknown PKCS#12 safe bag types.
ImportantSUSE bug 1208138CVE-2023-0767 at SUSECVE-2023-0767 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:suse-microos:5.2Security update for gcc13 (Important)SUSE Linux Enterprise Micro 5.2
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
ImportantSUSE bug 1216654SUSE bug 1216807CVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:suse:suse-microos:5.2Security update for fdo-client (Moderate)SUSE Linux Enterprise Micro 5.2
This update for fdo-client fixes the following issues:
- Removed build key via utils/keys_gen.sh. (bsc#1216293)
ModerateSUSE bug 1216293cpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
- CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001)
- CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167)
- CVE-2023-46246: Integer Overflow in :history command (bsc#1216696)
ImportantSUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:suse:suse-microos:5.2Security update for squashfs (Important)SUSE Linux Enterprise Micro 5.2
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:suse:suse-microos:5.2Security update for tar (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tar fixes the following issues:
- CVE-2022-48303: Fixed a one-byte out-of-bounds read that resulted in use of uninitialized memory for a conditional jump (bsc#1207753).
Bug fixes:
- Fix hang when unpacking test tarball (bsc#1202436).
ModerateSUSE bug 1202436SUSE bug 1207753CVE-2022-48303 at SUSECVE-2022-48303 at NVDcpe:/o:suse:suse-microos:5.2Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.2
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:suse:suse-microos:5.2Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.2
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
ModerateSUSE bug 1217573CVE-2023-46218 at SUSECVE-2023-46218 at NVDcpe:/o:suse:suse-microos:5.2Security update for catatonit, containerd, runc (Important)SUSE Linux Enterprise Micro 5.2
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
The following non-security bugs were fixed:
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
ImportantSUSE bug 1084909SUSE bug 1210780SUSE bug 1214037SUSE bug 1214344SUSE bug 1214764SUSE bug 1215371SUSE bug 1216058SUSE bug 1216259SUSE bug 1216584SUSE bug 1216965SUSE bug 1216976SUSE bug 1217140SUSE bug 1217332SUSE bug 1217408SUSE bug 1217780CVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
The following non-security bugs were fixed:
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- Call flush_delayed_fput() from nfsd main-loop (bsc#1217408).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
ImportantSUSE bug 1084909SUSE bug 1210780SUSE bug 1214037SUSE bug 1214344SUSE bug 1214764SUSE bug 1215371SUSE bug 1216058SUSE bug 1216259SUSE bug 1216584SUSE bug 1216965SUSE bug 1216976SUSE bug 1217140SUSE bug 1217332SUSE bug 1217408SUSE bug 1217780CVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:suse:suse-microos:5.2Security update for c-ares (Important)SUSE Linux Enterprise Micro 5.2
This update for c-ares fixes the following issues:
Updated to version 1.19.0:
- CVE-2022-4904: Fixed missing string length check in config_sortlist() (bsc#1208067).
ImportantSUSE bug 1208067CVE-2022-4904 at SUSECVE-2022-4904 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
ImportantSUSE bug 1199483SUSE bug 1210231SUSE bug 1211478SUSE bug 1212398SUSE bug 1214680CVE-2022-1622 at SUSECVE-2022-1622 at NVDCVE-2022-40090 at SUSECVE-2022-40090 at NVDCVE-2023-1916 at SUSECVE-2023-1916 at NVDCVE-2023-26965 at SUSECVE-2023-26965 at NVDCVE-2023-2731 at SUSECVE-2023-2731 at NVDcpe:/o:suse:suse-microos:5.2Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssh (Important)SUSE Linux Enterprise Micro 5.2
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
- CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947).
ModerateSUSE bug 1215947SUSE bug 1216419CVE-2023-38470 at SUSECVE-2023-38470 at NVDCVE-2023-38473 at SUSECVE-2023-38473 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-cryptography (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker, rootlesskit (Important)SUSE Linux Enterprise Micro 5.2
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:suse:suse-microos:5.2Security update for jbigkit (Low)SUSE Linux Enterprise Micro 5.2
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
ModerateSUSE bug 1217277CVE-2023-5981 at SUSECVE-2023-5981 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2022-45061: Fixed DoS when IDNA decodes extremely long domain names (bsc#1205244).
Bugfixes:
- Fixed issue where email.generator.py replaces a non-existent header (bsc#1208443).
ModerateSUSE bug 1205244SUSE bug 1208443CVE-2022-45061 at SUSECVE-2022-45061 at NVDcpe:/o:suse:suse-microos:5.2Security update for libksba (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
ModerateSUSE bug 1206579CVE-2022-47629 at SUSECVE-2022-47629 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20230214 release.
Security issues fixed:
- CVE-2022-38090: Security updates for [INTEL-SA-00767](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html) (bsc#1208275)
- CVE-2022-33196: Security updates for [INTEL-SA-00738](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html) (bsc#1208276)
- CVE-2022-21216: Security updates for [INTEL-SA-00700](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html) (bsc#1208277)
- New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SPR-SP | E2 | 06-8f-05/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | | 2b000181 | Xeon Scalable Gen4
| SPR-HBM | B3 | 06-8f-08/10 | | 2c000170 | Xeon Max
| RPL-P 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-H 6+8 | J0 | 06-ba-02/07 | | 0000410e | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-02/07 | | 0000410e | Core Gen13
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-97-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-02/07 | 00000026 | 0000002c | Core Gen12
| ADL | C0 | 06-bf-05/07 | 00000026 | 0000002c | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000424 | 00000429 | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000424 | 00000429 | Core Gen12
| CLX-SP | B0 | 06-55-06/bf | 04003302 | 04003303 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003302 | 05003303 | Xeon Scalable Gen2
| CPX-SP | A1 | 06-55-0b/bf | 07002501 | 07002503 | Xeon Scalable Gen3
| GLK | B0 | 06-7a-01/01 | 0000003c | 0000003e | Pentium Silver N/J5xxx, Celeron N/J4xxx
| GLK-R | R0 | 06-7a-08/01 | 00000020 | 00000022 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 01000201 | 01000211 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b6 | 000000b8 | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000375 | 0d000389 | Xeon Scalable Gen3
| JSL | A0/A1 | 06-9c-00/01 | 24000023 | 24000024 | Pentium N6000/N6005, Celeron N4500/N4505/N5100/N5105
| LKF | B2/B3 | 06-8a-01/10 | 00000031 | 00000032 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000056 | 00000057 | Core Gen11
| RPL-S | S0 | 06-b7-01/32 | 0000010e | 00000112 | Core Gen13
| SKX-SP | B1 | 06-55-03/97 | 0100015e | 01000161 | Xeon Scalable
ImportantSUSE bug 1208275SUSE bug 1208276SUSE bug 1208277CVE-2022-21216 at SUSECVE-2022-21216 at NVDCVE-2022-33196 at SUSECVE-2022-33196 at NVDCVE-2022-38090 at SUSECVE-2022-38090 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases (bsc#1206399).
- CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc (bsc#1206393).
- CVE-2022-3564: Fixed use-after-free in l2cap_core.c of the Bluetooth component (bsc#1206073).
- CVE-2022-47520: Fixed a out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet in the WILC1000 wireless driver (bsc#1206515).
- CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (bsc#1207125).
The following non-security bugs were fixed:
- arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes)
- arm64: dts: allwinner: H5: Add PMU node (git-fixes)
- arm64: dts: allwinner: H6: Add PMU mode (git-fixes)
- arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes)
- arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes)
- arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes)
- arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes)
- arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes)
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes).
- arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes)
- arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes)
- btrfs: Avoid unnecessary lock and leaf splits when up (bsc#1206904).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove usage of list iterator variable after loop (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- ext4: Detect already used quota file early (bsc#1206873).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid race conditions when remounting with options that change dax (bsc#1206860).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use matching invalidatepage in ext4_writepage (bsc#1206858).
- fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes).
- ibmveth: Always stop tx queues during close (bsc#1065729).
- isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636).
- lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634).
- lockd: lockd server-side shouldn't set fl_ops (git-fixes).
- memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896).
- memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344).
- mm, memcg: do not high throttle allocators based on wraparound
- mm, memcg: fix corruption on 64-bit divisor in memory.high throttling
- mm, memcg: throttle allocators based on ancestral memory.high
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601).
- module: Remove accidental change of module_enable_x() (git-fixes).
- module: avoid *goto*s in module_sig_check() (git-fixes).
- module: merge repetitive strings in module_sig_check() (git-fixes).
- module: set MODULE_STATE_GOING state when a module fails to load (git-fixes).
- modules: lockdep: Suppress suspicious RCU usage warning (git-fixes).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes).
- nfs: Fix an Oops in nfs_d_automount() (git-fixes).
- nfs: Fix memory leaks (git-fixes).
- nfs: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes).
- nfs: Handle missing attributes in OPEN reply (bsc#1203740).
- nfs: Zero-stateid SETATTR should first return delegation (git-fixes).
- nfs: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfs_find_open_context() may only select open files (git-fixes).
- nfs: nfs_xdr_status should record the procedure name (git-fixes).
- nfs: we do not support removing system.nfs4_acl (git-fixes).
- nfsd: Clone should commit src file metadata too (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes).
- nfsd: Keep existing listeners on portlist error (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix error handling in NFSv4.0 callbacks (git-fixes).
- nfsd: safer handling of corrupted c_type (git-fixes).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: error out when relink swapfile (git-fixes).
- nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- nfsv4/pnfs: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- nfsv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes).
- nfsv4: Fix races between open and dentry revalidation (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- pnfs/nfsv4: Try to return invalid layout in pnfs_layout_process() (git-fixes).
- powerpc/64: Init jump labels before parse_early_param() (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/crashkernel: Take 'mem=' option into account (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395).
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729).
- powerpc/pseries/eeh: use correct API for error log size (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729).
- powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603).
- powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729).
- powerpc/xive/spapr: correct bitmap allocation size (git-fixes).
- powerpc/xive: Add a check for memory allocation failure (git-fixes).
- powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes).
- powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395).
- powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- sbitmap: fix lockup while swapping (bsc#1206602).
- sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841).
- scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445).
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568).
- string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Do not start a timer on an already queued rpc task (git-fixes).
- sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).
- sunrpc: Fix potential leaks in sunrpc_cache_unhash() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Handle 0 length opaque XDR object data properly (git-fixes).
- sunrpc: Mitigate cond_resched() in xprt_transmit() (git-fixes).
- sunrpc: Move simple_get_bytes and simple_get_netobj into private header (git-fixes).
- sunrpc: check that domain table is empty at module unload (git-fixes).
- sunrpc: stop printk reading past end of string (git-fixes).
- svcrdma: Fix another Receive buffer leak (git-fixes).
- svcrdma: Fix backchannel return code (git-fixes).
- tracing: Verify if trace array exists before destroying it (git-fixes).
- udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642).
- udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641).
- udf: Fix iocharset=utf8 mount option (bsc#1206647).
- udf: Limit sparing table size (bsc#1206643).
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- udf: fix the problem that the disc content is not displayed (bsc#1206644).
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1203740SUSE bug 1204614SUSE bug 1204989SUSE bug 1205496SUSE bug 1205601SUSE bug 1205695SUSE bug 1206073SUSE bug 1206344SUSE bug 1206393SUSE bug 1206399SUSE bug 1206515SUSE bug 1206602SUSE bug 1206634SUSE bug 1206635SUSE bug 1206636SUSE bug 1206637SUSE bug 1206640SUSE bug 1206641SUSE bug 1206642SUSE bug 1206643SUSE bug 1206644SUSE bug 1206645SUSE bug 1206646SUSE bug 1206647SUSE bug 1206648SUSE bug 1206649SUSE bug 1206841SUSE bug 1206854SUSE bug 1206855SUSE bug 1206857SUSE bug 1206858SUSE bug 1206859SUSE bug 1206860SUSE bug 1206873SUSE bug 1206875SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206896SUSE bug 1206904SUSE bug 1207036SUSE bug 1207125CVE-2022-3112 at SUSECVE-2022-3112 at NVDCVE-2022-3115 at SUSECVE-2022-3115 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-47520 at SUSECVE-2022-47520 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-cryptography, python-cryptography-vectors (Important)SUSE Linux Enterprise Micro 5.2
This update for python-cryptography, python-cryptography-vectors fixes the following issues:
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066).
- CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168).
- update to 3.3.2 (bsc#1198331)
ImportantSUSE bug 1178168SUSE bug 1182066SUSE bug 1198331SUSE bug 1199282CVE-2020-25659 at SUSECVE-2020-25659 at NVDCVE-2020-36242 at SUSECVE-2020-36242 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2023-0361: Fixed a Bleichenbacher oracle in the TLS RSA key exchange (bsc#1208143).
ModerateSUSE bug 1208143CVE-2023-0361 at SUSECVE-2023-0361 at NVDcpe:/o:suse:suse-microos:5.2Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libX11 fixes the following issues:
- Fixed a regression introduced with security update for CVE-2022-3555 (bsc#1204425, bsc#1208881)
ModerateSUSE bug 1204425SUSE bug 1208881CVE-2022-3555 at SUSECVE-2022-3555 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.2
This update for libxslt fixes the following issues:
- CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574).
ImportantSUSE bug 1208574CVE-2021-30560 at SUSECVE-2021-30560 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599).
- CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
The following non-security bugs were fixed:
- add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).
- ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.
- delete config/armv7hl/default.
- delete config/armv7hl/lpae.
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: fix flush with external metadata device (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm space maps: do not reset space map allocation cursor when committing (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm verity: fix require_signatures module_param permissions (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting down (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- ext4: Fixup pages without buffers (bsc#1205495).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- hid: betop: check shape of output reports (git-fixes, bsc#1207186).
- hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
- hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- kabi/severities: add mlx5 internal symbols
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix max value for 'first_minor' (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- nbd: make the config put is called before the notifying the waiter (git-fixes).
- nbd: restore default timeout when setting it to zero (git-fixes).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- rbd: work around -Wuninitialized warning (git-fixes).
- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351).
- revert 'constraints: increase disk space for all architectures' (bsc#1203693).
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well.
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support).
- rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings.
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: core: Do not start concurrent async scan on same host (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: core: free sgtables in case command setup fails (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
- scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
- scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
- scsi: iscsi: Do not send data to unbound connection (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Report unbind session event when the target has been removed (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption (git-fixes).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
- scsi: sr: Return correct event when media event code is 3 (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
- scsi: ufs: Clean up completed request without interrupt notification (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
ImportantSUSE bug 1186449SUSE bug 1203331SUSE bug 1203332SUSE bug 1203693SUSE bug 1204502SUSE bug 1204760SUSE bug 1205149SUSE bug 1206351SUSE bug 1206677SUSE bug 1206784SUSE bug 1207034SUSE bug 1207051SUSE bug 1207134SUSE bug 1207186SUSE bug 1207237SUSE bug 1207497SUSE bug 1207508SUSE bug 1207560SUSE bug 1207773SUSE bug 1207795SUSE bug 1207845SUSE bug 1207875SUSE bug 1207878SUSE bug 1208212SUSE bug 1208599SUSE bug 1208700SUSE bug 1208741SUSE bug 1208776SUSE bug 1208816SUSE bug 1208837SUSE bug 1208845SUSE bug 1208971SUSE bug 1209008CVE-2022-3606 at SUSECVE-2022-3606 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-47929 at SUSECVE-2022-47929 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0266 at SUSECVE-2023-0266 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1195 at SUSECVE-2023-1195 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
The following non-security bugs were fixed:
- cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1208971).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351). The former kABI fix only move the newly added member to scsi_host_template to the end of the struct. But that is usually allocated statically, even by 3rd party modules relying on kABI. Before we use the member we need to signalize that it is to be expected. As we only expect it to be allocated by in-tree modules that we can control, we can use a space in the bitfield to signalize that.
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- update suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
ImportantSUSE bug 1186449SUSE bug 1195175SUSE bug 1198438SUSE bug 1203331SUSE bug 1203332SUSE bug 1204356SUSE bug 1204662SUSE bug 1206103SUSE bug 1206351SUSE bug 1207051SUSE bug 1207575SUSE bug 1207773SUSE bug 1207795SUSE bug 1207845SUSE bug 1207875SUSE bug 1208023SUSE bug 1208153SUSE bug 1208212SUSE bug 1208700SUSE bug 1208741SUSE bug 1208776SUSE bug 1208816SUSE bug 1208837SUSE bug 1208845SUSE bug 1208971CVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-22995 at SUSECVE-2023-22995 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2023-0512: Fixed a divide By Zero (bsc#1207780).
- CVE-2023-1175: vim: an incorrect calculation of buffer size (bsc#1208957).
- CVE-2023-1170: Fixed a heap-based Buffer Overflow (bsc#1208959).
- CVE-2023-1127: Fixed divide by zero in scrolldown() (bsc#1208828).
Updated to version 9.0 with patch level 1386.
- https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
ImportantSUSE bug 1207780SUSE bug 1208828SUSE bug 1208957SUSE bug 1208959CVE-2023-0512 at SUSECVE-2023-0512 at NVDCVE-2023-1127 at SUSECVE-2023-1127 at NVDCVE-2023-1170 at SUSECVE-2023-1170 at NVDCVE-2023-1175 at SUSECVE-2023-1175 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-future (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-future fixes the following issues:
- CVE-2022-40899: Fixed an issue that could allow attackers to cause
an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673).
ModerateSUSE bug 1206673CVE-2022-40899 at SUSECVE-2022-40899 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
Docker was updated to 20.10.23-ce.
See upstream changelog at https://docs.docker.com/engine/release-notes/#201023
Docker was updated to 20.10.21-ce (bsc#1206065)
See upstream changelog at https://docs.docker.com/engine/release-notes/#201021
Security issues fixed:
- CVE-2022-36109: Fixed supplementary group permissions bypass (bsc#1205375)
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
with it installed even if they are primarily running SELinux.
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
ModerateSUSE bug 1205375SUSE bug 1206065CVE-2022-36109 at SUSECVE-2022-36109 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2022-4144: Fixed unsafe address translation can lead to out-of-bounds read in qxl_phys2virt (bsc#1205808).
- CVE-2021-3507: Fixed heap buffer overflow in DMA read data transfers in fdc (bsc#1185000).
- CVE-2020-14394: Fixed infinite loop in xhci_ring_chain_length() (bsc#1180207).
- CVE-2022-0216: Fixed a use-after-free in lsi_do_msgout function in hw/scsi/lsi53c895a.c (bsc#1198038).
- CVE-2022-1050: Fixed a use-after-free issue in pvrdma_exec_cmd() in pvrdma (bsc#1197653).
- CVE-2021-3929: Fixed a DMA reentrancy issue leads to use-after-free in nvme (bsc#1193880).
The following non-security bugs were fixed:
- Fix bsc#1202364.
ImportantSUSE bug 1180207SUSE bug 1185000SUSE bug 1193880SUSE bug 1197653SUSE bug 1198038SUSE bug 1202364SUSE bug 1205808CVE-2020-14394 at SUSECVE-2020-14394 at NVDCVE-2021-3507 at SUSECVE-2021-3507 at NVDCVE-2021-3929 at SUSECVE-2021-3929 at NVDCVE-2022-0216 at SUSECVE-2022-0216 at NVDCVE-2022-1050 at SUSECVE-2022-1050 at NVDCVE-2022-4144 at SUSECVE-2022-4144 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2022-42332: Fixed use-after-free in x86 shadow plus log-dirty mode (bsc#1209017).
- CVE-2022-42333,CVE-2022-42334: Fixed x86/HVM pinned cache attributes mis-handling (bsc#1209018).
- CVE-2022-42331: Fixed speculative vulnerability in 32bit SYSCALL path on x86 (bsc#1209019).
ImportantSUSE bug 1209017SUSE bug 1209018SUSE bug 1209019SUSE bug 1209188CVE-2022-42331 at SUSECVE-2022-42331 at NVDCVE-2022-42332 at SUSECVE-2022-42332 at NVDCVE-2022-42333 at SUSECVE-2022-42333 at NVDCVE-2022-42334 at SUSECVE-2022-42334 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2023-24329: Fixed a blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
The following non-security bug was fixed:
- Eliminate unnecessary and dangerous calls to PyThread_exit_thread() (bsc#1203355).
ImportantSUSE bug 1203355SUSE bug 1208471CVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:suse:suse-microos:5.2Security update for polkit (Moderate)SUSE Linux Enterprise Micro 5.2
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
ModerateSUSE bug 1209282cpe:/o:suse:suse-microos:5.2Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
ImportantSUSE bug 1220770SUSE bug 1220771CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677).
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:suse-microos:5.2Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libvirt fixes the following issues:
- CVE-2024-2494: Fixed negative g_new0 length can lead to unbounded memory allocation (bsc#1221815).
ModerateSUSE bug 1221815CVE-2024-2494 at SUSECVE-2024-2494 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the Bluetooth subsystem that would allow replay attacks (bsc#1179610 bsc#1215237).
- CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query packet due to reference count mismanagement (bsc#1218253).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
The following non-security bugs were fixed:
- Reviewed and added more information to README.SUSE (jsc#PED-5021).
- Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226, bsc#1218184).
- clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105).
- clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105).
- efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).
ImportantSUSE bug 1179610SUSE bug 1211226SUSE bug 1215237SUSE bug 1215375SUSE bug 1217250SUSE bug 1217709SUSE bug 1217946SUSE bug 1217947SUSE bug 1218105SUSE bug 1218184SUSE bug 1218253SUSE bug 1218258SUSE bug 1218559CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
ModerateSUSE bug 1216594SUSE bug 1216598CVE-2023-38469 at SUSECVE-2023-38469 at NVDCVE-2023-38471 at SUSECVE-2023-38471 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:suse:suse-microos:5.2Security update for ncurses (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:suse:suse-microos:5.2Security update for c-ares (Moderate)SUSE Linux Enterprise Micro 5.2
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:suse:suse-microos:5.2Security update for buildah (Important)SUSE Linux Enterprise Micro 5.2
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
ImportantSUSE bug 1219563SUSE bug 1220568SUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
ModerateSUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:suse:suse-microos:5.2Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.2
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:suse:suse-microos:5.2Security update for util-linux (Important)SUSE Linux Enterprise Micro 5.2
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1194038SUSE bug 1207987SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:suse:suse-microos:5.2Security update for less (Important)SUSE Linux Enterprise Micro 5.2
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:suse:suse-microos:5.2Recommended update for libzypp, zypper, PackageKit (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libzypp, zypper, PackageKit fixes the following issues:
- Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544)
- Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- Add default stripe minimum
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config
- version 17.32.0
- ProblemSolution::skipsPatchesOnly overload to handout the patches
- Show active dry-run/download-only at the commit propmpt
- Add --skip-not-applicable-patches option
- Fix printing detailed solver problem description
- Fix bash-completion to work with right adjusted numbers in the 1st column too
- Set libzypp shutdown request signal on Ctrl+C
- In the detailed view show all baseurls not just the first one (bsc#1218171)
ModerateSUSE bug 1175678SUSE bug 1218171SUSE bug 1218544SUSE bug 1221525CVE-2024-0217 at SUSECVE-2024-0217 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.2
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:suse:suse-microos:5.2Security update for shim (Important)SUSE Linux Enterprise Micro 5.2
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Important)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-idna (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-36780: Fixed a reference leak when pm_runtime_get_sync fails in i2c (bsc#1220556).
- CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557).
- CVE-2020-36782: Fixed a reference leak when pm_runtime_get_sync fails in i2c imx-lpi2c (bsc#1220560).
- CVE-2020-36783: Fixed a reference leak when pm_runtime_get_sync fails in i2c img-scb (bsc#1220561).
- CVE-2021-46908: Fixed incorrect permission flag for mixed signed bounds arithmetic in bpf (bsc#1220425).
- CVE-2021-46909: Fixed a PCI interrupt mapping in ARM footbridge (bsc#1220442).
- CVE-2021-46911: Fixed kernel panic (bsc#1220400).
- CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465).
- CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432).
- CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429).
- CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414).
- CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426).
- CVE-2021-46921: Fixed ordering in queued_write_lock_slowpath (bsc#1220468).
- CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46938: Fixed a double free of blk_mq_tag_set in dev remove after table load fails in dm rq (bsc#1220554).
- CVE-2021-46939: Fixed a denial of service in trace_clock_global() in tracing (bsc#1220580).
- CVE-2021-46943: Fixed an oops in set_fmt error handling in media: staging/intel-ipu3 (bsc#1220583).
- CVE-2021-46944: Fixed a memory leak in imu_fmt in media staging/intel-ipu3 (bsc#1220566).
- CVE-2021-46950: Fixed a data corruption bug in raid1 arrays using bitmaps in md/raid1 (bsc#1220662).
- CVE-2021-46951: Fixed an integer underflow of efi_tpm_final_log_size in tpm_read_log_efi in tpm efi (bsc#1220615).
- CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516).
- CVE-2021-46958: Fixed a race between transaction aborts and fsyncs leading to use-after-free in btrfs (bsc#1220521).
- CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734).
- CVE-2021-46960: Fixed a warning on smb2_get_enc_key in cifs (bsc#1220528).
- CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529).
- CVE-2021-46962: Fixed a resource leak in the remove function in mmc uniphier-sd (bsc#1220532).
- CVE-2021-46963: Fixed crash in qla2xxx_mqueuecommand() (bsc#1220536).
- CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697).
- CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621).
- CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663).
- CVE-2021-46981: Fixed a NULL pointer in flush_workqueue in nbd (bsc#1220611).
- CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639).
- CVE-2021-46984: Fixed an out of bounds access in kyber_bio_merge() in kyber (bsc#1220631).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
- CVE-2021-46990: Fixed a denial of service when toggling entry flush barrier in powerpc/64s (bsc#1220743).
- CVE-2021-46991: Fixed a use-after-free in i40e_client_subtask (bsc#1220575).
- CVE-2021-46992: Fixed a bug to avoid overflows in nft_hash_buckets (bsc#1220638).
- CVE-2021-46998: Fixed an use after free bug in enic_hard_start_xmit in ethernet/enic (bsc#1220625).
- CVE-2021-47000: Fixed an inode leak on getattr error in __fh_to_dentry in ceph (bsc#1220669).
- CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670).
- CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677).
- CVE-2021-47006: Fixed wrong check in overflow_handler hook in ARM 9064/1 hw_breakpoint (bsc#1220751).
- CVE-2021-47009: Fixed memory leak on object td (bsc#1220733).
- CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630).
- CVE-2021-47015: Fixed a RX consumer index logic in the error path in bnxt_rx_pkt() in bnxt_en (bsc#1220794).
- CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678).
- CVE-2021-47020: Fixed a memory leak in stream config error path in soundwire stream (bsc#1220785).
- CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685).
- CVE-2021-47034: Fixed a kernel memory fault for pte update on radix in powerpc/64s (bsc#1220687).
- CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688).
- CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753).
- CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759).
- CVE-2021-47045: Fixed a null pointer dereference in lpfc_prep_els_iocb() in scsi lpfc (bsc#1220640).
- CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758).
- CVE-2021-47049: Fixed an after free in __vmbus_open() in hv vmbus (bsc#1220692).
- CVE-2021-47051: Fixed a PM reference leak in lpspi_prepare_xfer_hardware() in spi fsl-lpspi (bsc#1220764).
- CVE-2021-47055: Fixed missing permissions for locking and badblock ioctls in mtd (bsc#1220768).
- CVE-2021-47056: Fixed a user-memory-access error on vf2pf_lock in crypto (bsc#1220769).
- CVE-2021-47058: Fixed a possible user-after-free in set debugfs_name in regmap (bsc#1220779).
- CVE-2021-47063: Fixed a potential use-after-free during bridge detach in drm bridge/panel (bsc#1220777).
- CVE-2021-47065: Fixed an array overrun in rtw_get_tx_power_params() in rtw88 (bsc#1220749).
- CVE-2021-47068: Fixed a use-after-free issue in llcp_sock_bind/connect (bsc#1220739).
- CVE-2021-47070: Fixed memory leak in error handling paths in uio_hv_generic (bsc#1220829).
- CVE-2021-47071: Fixed a memory leak in error handling paths in hv_uio_cleanup() in uio_hv_generic (bsc#1220846).
- CVE-2021-47073: Fixed oops on rmmod dell_smbios init_dell_smbios_wmi() (bsc#1220850).
- CVE-2021-47077: Fixed a NULL pointer dereference when in shost_data (bsc#1220861).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534).
- CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
- CVE-2021-47112: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221541).
- CVE-2021-47114: Fixed a data corruption by fallocate in ocfs2 (bsc#1221548).
- CVE-2021-47117: Fixed a crash in ext4_es_cache_extent as ext4_split_extent_at failed in ext4 (bsc#1221575).
- CVE-2021-47118: Fixed an use-after-free in init task's struct pid in pid (bsc#1221605).
- CVE-2021-47119: Fixed a memory leak in ext4_fill_super in ext4 (bsc#1221608).
- CVE-2021-47120: Fixed a NULL pointer dereference on disconnect in HID magicmouse (bsc#1221606).
- CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552).
- CVE-2021-47136: Fixed uninitialized memory access caused by allocation via zero-initialize tc skb extension in net (bsc#1221931).
- CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932).
- CVE-2021-47138: Fixed an out-of-bound memory access during clearing filters in cxgb4 (bsc#1221934).
- CVE-2021-47139: Fixed a race condition that lead to oops in netdevice registration in net hns3 (bsc#1221935).
- CVE-2021-47141: Fixed a null pointer dereference on priv->msix_vectors when driver is unloaded in gve (bsc#1221949).
- CVE-2021-47142: Fixed an use-after-free on ttm->sg in drm/amdgpu (bsc#1221952).
- CVE-2021-47144: Fixed a refcount leak in amdgpufb_create in drm/amd/amdgpu (bsc#1221989).
- CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
- CVE-2021-47153: Fixed wrongly generated interrupt on bus reset in i2c/i801 (bsc#1221969).
- CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974).
- CVE-2021-47161: Fixed a resource leak in an error handling path in the error handling path of the probe function in spi spi-fsl-dspi (bsc#1221966).
- CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978).
- CVE-2021-47165: Fixed shutdown crash when component not probed in drm/meson (bsc#1221965).
- CVE-2021-47166: Fixed a data corruption of pg_bytes_written in nfs_do_recoalesce() in nfs (bsc#1221998).
- CVE-2021-47167: Fixed an oopsable condition in __nfs_pageio_add_request() in nfs (bsc#1221991).
- CVE-2021-47168: Fixed an incorrect limit in filelayout_decode_layout() in nfs (bsc#1222002).
- CVE-2021-47169: Fixed a NULL pointer dereference in rp2_probe in serial rp2 (bsc#1222000).
- CVE-2021-47170: Fixed a WARN about excessively large memory allocations in usb usbfs (bsc#1222004).
- CVE-2021-47171: Fixed a memory leak in smsc75xx_bind in net usb (bsc#1221994).
- CVE-2021-47172: Fixed a potential overflow due to non sequential channel numbers in adc/ad7124 (bsc#1221992).
- CVE-2021-47173: Fixed a memory leak in uss720_probe in misc/uss720 (bsc#1221993).
- CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990).
- CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003).
- CVE-2021-47176: Fixed crash with illegal operation exception in dasd_device_tasklet in s390/dasd (bsc#1221996).
- CVE-2021-47177: Fixed a sysfs leak in alloc_iommu() in iommu/vt-d (bsc#1221997).
- CVE-2021-47179: Fixed a NULL pointer dereference in pnfs_mark_matching_lsegs_return() in nfsv4 (bsc#1222001).
- CVE-2021-47180: Fixed a memory leak in nci_allocate_device nfcmrvl_disconnect in nfc nci (bsc#1221999).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52572: Fixed UAF in cifs_demultiplex_thread() in cifs (bsc#1220946).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264).
- group-source-files.pl: Quote filenames (boo#1221077).
- mm: fix gup_pud_range (bsc#1220824).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes). Altered because 5.3 does not do SSP
ImportantSUSE bug 1192145SUSE bug 1209657SUSE bug 1218336SUSE bug 1218447SUSE bug 1218479SUSE bug 1218562SUSE bug 1219170SUSE bug 1219264SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220400SUSE bug 1220411SUSE bug 1220413SUSE bug 1220414SUSE bug 1220425SUSE bug 1220426SUSE bug 1220429SUSE bug 1220432SUSE bug 1220442SUSE bug 1220445SUSE bug 1220465SUSE bug 1220468SUSE bug 1220475SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220516SUSE bug 1220521SUSE bug 1220528SUSE bug 1220529SUSE bug 1220532SUSE bug 1220536SUSE bug 1220554SUSE bug 1220556SUSE bug 1220557SUSE bug 1220560SUSE bug 1220561SUSE bug 1220566SUSE bug 1220575SUSE bug 1220580SUSE bug 1220583SUSE bug 1220611SUSE bug 1220615SUSE bug 1220621SUSE bug 1220625SUSE bug 1220630SUSE bug 1220631SUSE bug 1220638SUSE bug 1220639SUSE bug 1220640SUSE bug 1220662SUSE bug 1220663SUSE bug 1220669SUSE bug 1220670SUSE bug 1220677SUSE bug 1220678SUSE bug 1220685SUSE bug 1220687SUSE bug 1220688SUSE bug 1220692SUSE bug 1220697SUSE bug 1220703SUSE bug 1220706SUSE bug 1220733SUSE bug 1220734SUSE bug 1220739SUSE bug 1220743SUSE bug 1220749SUSE bug 1220751SUSE bug 1220753SUSE bug 1220758SUSE bug 1220759SUSE bug 1220764SUSE bug 1220768SUSE bug 1220769SUSE bug 1220777SUSE bug 1220779SUSE bug 1220785SUSE bug 1220790SUSE bug 1220794SUSE bug 1220824SUSE bug 1220829SUSE bug 1220836SUSE bug 1220846SUSE bug 1220850SUSE bug 1220861SUSE bug 1220871SUSE bug 1220883SUSE bug 1220946SUSE bug 1220954SUSE bug 1220969SUSE bug 1220979SUSE bug 1220982SUSE bug 1220985SUSE bug 1220987SUSE bug 1221015SUSE bug 1221044SUSE bug 1221058SUSE bug 1221061SUSE bug 1221077SUSE bug 1221088SUSE bug 1221276SUSE bug 1221293SUSE bug 1221532SUSE bug 1221534SUSE bug 1221541SUSE bug 1221548SUSE bug 1221552SUSE bug 1221575SUSE bug 1221605SUSE bug 1221606SUSE bug 1221608SUSE bug 1221830SUSE bug 1221931SUSE bug 1221932SUSE bug 1221934SUSE bug 1221935SUSE bug 1221949SUSE bug 1221952SUSE bug 1221965SUSE bug 1221966SUSE bug 1221969SUSE bug 1221973SUSE bug 1221974SUSE bug 1221978SUSE bug 1221989SUSE bug 1221990SUSE bug 1221991SUSE bug 1221992SUSE bug 1221993SUSE bug 1221994SUSE bug 1221996SUSE bug 1221997SUSE bug 1221998SUSE bug 1221999SUSE bug 1222000SUSE bug 1222001SUSE bug 1222002SUSE bug 1222003SUSE bug 1222004SUSE bug 1222117SUSE bug 1222422SUSE bug 1222585SUSE bug 1222619SUSE bug 1222660SUSE bug 1222664SUSE bug 1222669SUSE bug 1222706SUSE bug 1222878CVE-2020-36780 at SUSECVE-2020-36780 at NVDCVE-2020-36781 at SUSECVE-2020-36781 at NVDCVE-2020-36782 at SUSECVE-2020-36782 at NVDCVE-2020-36783 at SUSECVE-2020-36783 at NVDCVE-2021-46908 at SUSECVE-2021-46908 at NVDCVE-2021-46909 at SUSECVE-2021-46909 at NVDCVE-2021-46911 at SUSECVE-2021-46911 at NVDCVE-2021-46914 at SUSECVE-2021-46914 at NVDCVE-2021-46917 at SUSECVE-2021-46917 at NVDCVE-2021-46918 at SUSECVE-2021-46918 at NVDCVE-2021-46919 at SUSECVE-2021-46919 at NVDCVE-2021-46920 at SUSECVE-2021-46920 at NVDCVE-2021-46921 at SUSECVE-2021-46921 at NVDCVE-2021-46922 at SUSECVE-2021-46922 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46938 at SUSECVE-2021-46938 at NVDCVE-2021-46939 at SUSECVE-2021-46939 at NVDCVE-2021-46943 at SUSECVE-2021-46943 at NVDCVE-2021-46944 at SUSECVE-2021-46944 at NVDCVE-2021-46950 at SUSECVE-2021-46950 at NVDCVE-2021-46951 at SUSECVE-2021-46951 at NVDCVE-2021-46956 at SUSECVE-2021-46956 at NVDCVE-2021-46958 at SUSECVE-2021-46958 at NVDCVE-2021-46959 at SUSECVE-2021-46959 at NVDCVE-2021-46960 at SUSECVE-2021-46960 at NVDCVE-2021-46961 at SUSECVE-2021-46961 at NVDCVE-2021-46962 at SUSECVE-2021-46962 at NVDCVE-2021-46963 at SUSECVE-2021-46963 at NVDCVE-2021-46971 at SUSECVE-2021-46971 at NVDCVE-2021-46976 at SUSECVE-2021-46976 at NVDCVE-2021-46980 at SUSECVE-2021-46980 at NVDCVE-2021-46981 at SUSECVE-2021-46981 at NVDCVE-2021-46983 at SUSECVE-2021-46983 at NVDCVE-2021-46984 at SUSECVE-2021-46984 at NVDCVE-2021-46988 at SUSECVE-2021-46988 at NVDCVE-2021-46990 at SUSECVE-2021-46990 at NVDCVE-2021-46991 at SUSECVE-2021-46991 at NVDCVE-2021-46992 at SUSECVE-2021-46992 at NVDCVE-2021-46998 at SUSECVE-2021-46998 at NVDCVE-2021-47000 at SUSECVE-2021-47000 at NVDCVE-2021-47001 at SUSECVE-2021-47001 at NVDCVE-2021-47003 at SUSECVE-2021-47003 at NVDCVE-2021-47006 at SUSECVE-2021-47006 at NVDCVE-2021-47009 at SUSECVE-2021-47009 at NVDCVE-2021-47014 at SUSECVE-2021-47014 at NVDCVE-2021-47015 at SUSECVE-2021-47015 at NVDCVE-2021-47017 at SUSECVE-2021-47017 at NVDCVE-2021-47020 at SUSECVE-2021-47020 at NVDCVE-2021-47026 at SUSECVE-2021-47026 at NVDCVE-2021-47034 at SUSECVE-2021-47034 at NVDCVE-2021-47035 at SUSECVE-2021-47035 at NVDCVE-2021-47038 at SUSECVE-2021-47038 at NVDCVE-2021-47044 at SUSECVE-2021-47044 at NVDCVE-2021-47045 at SUSECVE-2021-47045 at NVDCVE-2021-47046 at SUSECVE-2021-47046 at NVDCVE-2021-47049 at SUSECVE-2021-47049 at NVDCVE-2021-47051 at SUSECVE-2021-47051 at NVDCVE-2021-47055 at SUSECVE-2021-47055 at NVDCVE-2021-47056 at SUSECVE-2021-47056 at NVDCVE-2021-47058 at SUSECVE-2021-47058 at NVDCVE-2021-47063 at SUSECVE-2021-47063 at NVDCVE-2021-47065 at SUSECVE-2021-47065 at NVDCVE-2021-47068 at SUSECVE-2021-47068 at NVDCVE-2021-47070 at SUSECVE-2021-47070 at NVDCVE-2021-47071 at SUSECVE-2021-47071 at NVDCVE-2021-47073 at SUSECVE-2021-47073 at NVDCVE-2021-47077 at SUSECVE-2021-47077 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47109 at SUSECVE-2021-47109 at NVDCVE-2021-47110 at SUSECVE-2021-47110 at NVDCVE-2021-47112 at SUSECVE-2021-47112 at NVDCVE-2021-47114 at SUSECVE-2021-47114 at NVDCVE-2021-47117 at SUSECVE-2021-47117 at NVDCVE-2021-47118 at SUSECVE-2021-47118 at NVDCVE-2021-47119 at SUSECVE-2021-47119 at NVDCVE-2021-47120 at SUSECVE-2021-47120 at NVDCVE-2021-47130 at SUSECVE-2021-47130 at NVDCVE-2021-47136 at SUSECVE-2021-47136 at NVDCVE-2021-47137 at SUSECVE-2021-47137 at NVDCVE-2021-47138 at SUSECVE-2021-47138 at NVDCVE-2021-47139 at SUSECVE-2021-47139 at NVDCVE-2021-47141 at SUSECVE-2021-47141 at NVDCVE-2021-47142 at SUSECVE-2021-47142 at NVDCVE-2021-47144 at SUSECVE-2021-47144 at NVDCVE-2021-47150 at SUSECVE-2021-47150 at NVDCVE-2021-47153 at SUSECVE-2021-47153 at NVDCVE-2021-47160 at SUSECVE-2021-47160 at NVDCVE-2021-47161 at SUSECVE-2021-47161 at NVDCVE-2021-47164 at SUSECVE-2021-47164 at NVDCVE-2021-47165 at SUSECVE-2021-47165 at NVDCVE-2021-47166 at SUSECVE-2021-47166 at NVDCVE-2021-47167 at SUSECVE-2021-47167 at NVDCVE-2021-47168 at SUSECVE-2021-47168 at NVDCVE-2021-47169 at SUSECVE-2021-47169 at NVDCVE-2021-47170 at SUSECVE-2021-47170 at NVDCVE-2021-47171 at SUSECVE-2021-47171 at NVDCVE-2021-47172 at SUSECVE-2021-47172 at NVDCVE-2021-47173 at SUSECVE-2021-47173 at NVDCVE-2021-47174 at SUSECVE-2021-47174 at NVDCVE-2021-47175 at SUSECVE-2021-47175 at NVDCVE-2021-47176 at SUSECVE-2021-47176 at NVDCVE-2021-47177 at SUSECVE-2021-47177 at NVDCVE-2021-47179 at SUSECVE-2021-47179 at NVDCVE-2021-47180 at SUSECVE-2021-47180 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557).
- CVE-2021-46911: Fixed kernel panic (bsc#1220400).
- CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465).
- CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432).
- CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429).
- CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414).
- CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426).
- CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516).
- CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734).
- CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529).
- CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697).
- CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621).
- CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663).
- CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639).
- CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706).
- CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670).
- CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677).
- CVE-2021-47009: Fixed memory leak on object td (bsc#1220733).
- CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630).
- CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678).
- CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685).
- CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688).
- CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753).
- CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759).
- CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534).
- CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552).
- CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932).
- CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973).
- CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974).
- CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978).
- CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990).
- CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
The following non-security bugs were fixed:
- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- group-source-files.pl: Quote filenames (boo#1221077).
- kernel-binary: certs: Avoid trailing space
- mm: fix gup_pud_range (bsc#1220824).
ImportantSUSE bug 1184942SUSE bug 1186060SUSE bug 1192145SUSE bug 1194516SUSE bug 1208995SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218336SUSE bug 1218447SUSE bug 1218479SUSE bug 1218562SUSE bug 1219170SUSE bug 1219264SUSE bug 1220320SUSE bug 1220340SUSE bug 1220366SUSE bug 1220400SUSE bug 1220411SUSE bug 1220413SUSE bug 1220414SUSE bug 1220425SUSE bug 1220426SUSE bug 1220429SUSE bug 1220432SUSE bug 1220442SUSE bug 1220445SUSE bug 1220465SUSE bug 1220468SUSE bug 1220475SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220516SUSE bug 1220521SUSE bug 1220528SUSE bug 1220529SUSE bug 1220532SUSE bug 1220554SUSE bug 1220556SUSE bug 1220557SUSE bug 1220560SUSE bug 1220561SUSE bug 1220566SUSE bug 1220575SUSE bug 1220580SUSE bug 1220583SUSE bug 1220611SUSE bug 1220615SUSE bug 1220621SUSE bug 1220625SUSE bug 1220630SUSE bug 1220631SUSE bug 1220638SUSE bug 1220639SUSE bug 1220640SUSE bug 1220641SUSE bug 1220662SUSE bug 1220663SUSE bug 1220669SUSE bug 1220670SUSE bug 1220677SUSE bug 1220678SUSE bug 1220685SUSE bug 1220687SUSE bug 1220688SUSE bug 1220692SUSE bug 1220697SUSE bug 1220703SUSE bug 1220706SUSE bug 1220733SUSE bug 1220734SUSE bug 1220739SUSE bug 1220743SUSE bug 1220745SUSE bug 1220749SUSE bug 1220751SUSE bug 1220753SUSE bug 1220758SUSE bug 1220759SUSE bug 1220764SUSE bug 1220768SUSE bug 1220769SUSE bug 1220777SUSE bug 1220779SUSE bug 1220785SUSE bug 1220790SUSE bug 1220794SUSE bug 1220824SUSE bug 1220826SUSE bug 1220829SUSE bug 1220836SUSE bug 1220846SUSE bug 1220850SUSE bug 1220861SUSE bug 1220871SUSE bug 1220883SUSE bug 1220946SUSE bug 1220954SUSE bug 1220969SUSE bug 1220979SUSE bug 1220982SUSE bug 1220985SUSE bug 1220987SUSE bug 1221015SUSE bug 1221044SUSE bug 1221058SUSE bug 1221061SUSE bug 1221077SUSE bug 1221088SUSE bug 1221276SUSE bug 1221293SUSE bug 1221532SUSE bug 1221534SUSE bug 1221541SUSE bug 1221548SUSE bug 1221552SUSE bug 1221575SUSE bug 1221605SUSE bug 1221606SUSE bug 1221608SUSE bug 1221830SUSE bug 1221931SUSE bug 1221932SUSE bug 1221934SUSE bug 1221935SUSE bug 1221949SUSE bug 1221952SUSE bug 1221965SUSE bug 1221966SUSE bug 1221969SUSE bug 1221973SUSE bug 1221974SUSE bug 1221978SUSE bug 1221989SUSE bug 1221990SUSE bug 1221991SUSE bug 1221992SUSE bug 1221993SUSE bug 1221994SUSE bug 1221996SUSE bug 1221997SUSE bug 1221998SUSE bug 1221999SUSE bug 1222000SUSE bug 1222001SUSE bug 1222002SUSE bug 1222003SUSE bug 1222004SUSE bug 1222117SUSE bug 1222422SUSE bug 1222585SUSE bug 1222619SUSE bug 1222660SUSE bug 1222664SUSE bug 1222669SUSE bug 1222706CVE-2020-36780 at SUSECVE-2020-36780 at NVDCVE-2020-36781 at SUSECVE-2020-36781 at NVDCVE-2020-36782 at SUSECVE-2020-36782 at NVDCVE-2020-36783 at SUSECVE-2020-36783 at NVDCVE-2021-23134 at SUSECVE-2021-23134 at NVDCVE-2021-29155 at SUSECVE-2021-29155 at NVDCVE-2021-46908 at SUSECVE-2021-46908 at NVDCVE-2021-46909 at SUSECVE-2021-46909 at NVDCVE-2021-46911 at SUSECVE-2021-46911 at NVDCVE-2021-46914 at SUSECVE-2021-46914 at NVDCVE-2021-46917 at SUSECVE-2021-46917 at NVDCVE-2021-46918 at SUSECVE-2021-46918 at NVDCVE-2021-46919 at SUSECVE-2021-46919 at NVDCVE-2021-46920 at SUSECVE-2021-46920 at NVDCVE-2021-46921 at SUSECVE-2021-46921 at NVDCVE-2021-46922 at SUSECVE-2021-46922 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46938 at SUSECVE-2021-46938 at NVDCVE-2021-46939 at SUSECVE-2021-46939 at NVDCVE-2021-46943 at SUSECVE-2021-46943 at NVDCVE-2021-46944 at SUSECVE-2021-46944 at NVDCVE-2021-46950 at SUSECVE-2021-46950 at NVDCVE-2021-46951 at SUSECVE-2021-46951 at NVDCVE-2021-46956 at SUSECVE-2021-46956 at NVDCVE-2021-46958 at SUSECVE-2021-46958 at NVDCVE-2021-46959 at SUSECVE-2021-46959 at NVDCVE-2021-46960 at SUSECVE-2021-46960 at NVDCVE-2021-46961 at SUSECVE-2021-46961 at NVDCVE-2021-46962 at SUSECVE-2021-46962 at NVDCVE-2021-46963 at SUSECVE-2021-46963 at NVDCVE-2021-46971 at SUSECVE-2021-46971 at NVDCVE-2021-46976 at SUSECVE-2021-46976 at NVDCVE-2021-46980 at SUSECVE-2021-46980 at NVDCVE-2021-46981 at SUSECVE-2021-46981 at NVDCVE-2021-46983 at SUSECVE-2021-46983 at NVDCVE-2021-46984 at SUSECVE-2021-46984 at NVDCVE-2021-46988 at SUSECVE-2021-46988 at NVDCVE-2021-46990 at SUSECVE-2021-46990 at NVDCVE-2021-46991 at SUSECVE-2021-46991 at NVDCVE-2021-46992 at SUSECVE-2021-46992 at NVDCVE-2021-46998 at SUSECVE-2021-46998 at NVDCVE-2021-47000 at SUSECVE-2021-47000 at NVDCVE-2021-47001 at SUSECVE-2021-47001 at NVDCVE-2021-47003 at SUSECVE-2021-47003 at NVDCVE-2021-47006 at SUSECVE-2021-47006 at NVDCVE-2021-47009 at SUSECVE-2021-47009 at NVDCVE-2021-47013 at SUSECVE-2021-47013 at NVDCVE-2021-47014 at SUSECVE-2021-47014 at NVDCVE-2021-47015 at SUSECVE-2021-47015 at NVDCVE-2021-47017 at SUSECVE-2021-47017 at NVDCVE-2021-47020 at SUSECVE-2021-47020 at NVDCVE-2021-47026 at SUSECVE-2021-47026 at NVDCVE-2021-47034 at SUSECVE-2021-47034 at NVDCVE-2021-47035 at SUSECVE-2021-47035 at NVDCVE-2021-47038 at SUSECVE-2021-47038 at NVDCVE-2021-47044 at SUSECVE-2021-47044 at NVDCVE-2021-47045 at SUSECVE-2021-47045 at NVDCVE-2021-47046 at SUSECVE-2021-47046 at NVDCVE-2021-47049 at SUSECVE-2021-47049 at NVDCVE-2021-47051 at SUSECVE-2021-47051 at NVDCVE-2021-47055 at SUSECVE-2021-47055 at NVDCVE-2021-47056 at SUSECVE-2021-47056 at NVDCVE-2021-47058 at SUSECVE-2021-47058 at NVDCVE-2021-47061 at SUSECVE-2021-47061 at NVDCVE-2021-47063 at SUSECVE-2021-47063 at NVDCVE-2021-47065 at SUSECVE-2021-47065 at NVDCVE-2021-47068 at SUSECVE-2021-47068 at NVDCVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2021-47070 at SUSECVE-2021-47070 at NVDCVE-2021-47071 at SUSECVE-2021-47071 at NVDCVE-2021-47073 at SUSECVE-2021-47073 at NVDCVE-2021-47077 at SUSECVE-2021-47077 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47109 at SUSECVE-2021-47109 at NVDCVE-2021-47110 at SUSECVE-2021-47110 at NVDCVE-2021-47112 at SUSECVE-2021-47112 at NVDCVE-2021-47114 at SUSECVE-2021-47114 at NVDCVE-2021-47117 at SUSECVE-2021-47117 at NVDCVE-2021-47118 at SUSECVE-2021-47118 at NVDCVE-2021-47119 at SUSECVE-2021-47119 at NVDCVE-2021-47120 at SUSECVE-2021-47120 at NVDCVE-2021-47130 at SUSECVE-2021-47130 at NVDCVE-2021-47136 at SUSECVE-2021-47136 at NVDCVE-2021-47137 at SUSECVE-2021-47137 at NVDCVE-2021-47138 at SUSECVE-2021-47138 at NVDCVE-2021-47139 at SUSECVE-2021-47139 at NVDCVE-2021-47141 at SUSECVE-2021-47141 at NVDCVE-2021-47142 at SUSECVE-2021-47142 at NVDCVE-2021-47144 at SUSECVE-2021-47144 at NVDCVE-2021-47150 at SUSECVE-2021-47150 at NVDCVE-2021-47153 at SUSECVE-2021-47153 at NVDCVE-2021-47160 at SUSECVE-2021-47160 at NVDCVE-2021-47161 at SUSECVE-2021-47161 at NVDCVE-2021-47164 at SUSECVE-2021-47164 at NVDCVE-2021-47165 at SUSECVE-2021-47165 at NVDCVE-2021-47166 at SUSECVE-2021-47166 at NVDCVE-2021-47167 at SUSECVE-2021-47167 at NVDCVE-2021-47168 at SUSECVE-2021-47168 at NVDCVE-2021-47169 at SUSECVE-2021-47169 at NVDCVE-2021-47170 at SUSECVE-2021-47170 at NVDCVE-2021-47171 at SUSECVE-2021-47171 at NVDCVE-2021-47172 at SUSECVE-2021-47172 at NVDCVE-2021-47173 at SUSECVE-2021-47173 at NVDCVE-2021-47174 at SUSECVE-2021-47174 at NVDCVE-2021-47175 at SUSECVE-2021-47175 at NVDCVE-2021-47176 at SUSECVE-2021-47176 at NVDCVE-2021-47177 at SUSECVE-2021-47177 at NVDCVE-2021-47179 at SUSECVE-2021-47179 at NVDCVE-2021-47180 at SUSECVE-2021-47180 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2022-0487 at SUSECVE-2022-0487 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52572 at SUSECVE-2023-52572 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
The following non-security bugs were fixed:
- clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105).
- clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021).
- efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375).
- io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709).
ImportantSUSE bug 1179610SUSE bug 1215237SUSE bug 1215375SUSE bug 1217250SUSE bug 1217709SUSE bug 1217946SUSE bug 1217947SUSE bug 1218105SUSE bug 1218253SUSE bug 1218258SUSE bug 1218559CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:suse:suse-microos:5.2Security update for less (Important)SUSE Linux Enterprise Micro 5.2
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302)
ModerateSUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:suse:suse-microos:5.2Security update for sssd (Important)SUSE Linux Enterprise Micro 5.2
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2023-38472: Fix reachable assertion in avahi_rdata_parse() (bsc#1216853).
ModerateSUSE bug 1216853CVE-2023-38472 at SUSECVE-2023-38472 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
- dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
- dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113).
- net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
- tls: Fix context leak on tls_device_down (bsc#1221545).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1200313SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1211592SUSE bug 1218562SUSE bug 1218917SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220513SUSE bug 1220755SUSE bug 1220854SUSE bug 1221113SUSE bug 1221299SUSE bug 1221543SUSE bug 1221545SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222559SUSE bug 1222585SUSE bug 1222624SUSE bug 1222666SUSE bug 1222669SUSE bug 1222709SUSE bug 1222790SUSE bug 1222792SUSE bug 1222829SUSE bug 1222876SUSE bug 1222878SUSE bug 1222881SUSE bug 1222883SUSE bug 1222894SUSE bug 1222976SUSE bug 1223016SUSE bug 1223057SUSE bug 1223111SUSE bug 1223187SUSE bug 1223202SUSE bug 1223475SUSE bug 1223482SUSE bug 1223509SUSE bug 1223513SUSE bug 1223522SUSE bug 1223824SUSE bug 1223921SUSE bug 1223923SUSE bug 1223931SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223963CVE-2021-46955 at SUSECVE-2021-46955 at NVDCVE-2021-47041 at SUSECVE-2021-47041 at NVDCVE-2021-47074 at SUSECVE-2021-47074 at NVDCVE-2021-47113 at SUSECVE-2021-47113 at NVDCVE-2021-47131 at SUSECVE-2021-47131 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543).
- CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755).
- CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
The following non-security bugs were fixed:
- dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113).
- dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113).
- net/tls: Remove the context from the list in tls_device_down (bsc#1221545).
- tls: Fix context leak on tls_device_down (bsc#1221545).
ImportantSUSE bug 1190576SUSE bug 1192145SUSE bug 1200313SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1211592SUSE bug 1218562SUSE bug 1218917SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220513SUSE bug 1220755SUSE bug 1220854SUSE bug 1221113SUSE bug 1221299SUSE bug 1221543SUSE bug 1221545SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222559SUSE bug 1222624SUSE bug 1222666SUSE bug 1222709SUSE bug 1222790SUSE bug 1222792SUSE bug 1222829SUSE bug 1222876SUSE bug 1222881SUSE bug 1222883SUSE bug 1222894SUSE bug 1222976SUSE bug 1223016SUSE bug 1223057SUSE bug 1223111SUSE bug 1223187SUSE bug 1223202SUSE bug 1223475SUSE bug 1223482SUSE bug 1223509SUSE bug 1223513SUSE bug 1223522SUSE bug 1223824SUSE bug 1223921SUSE bug 1223923SUSE bug 1223931SUSE bug 1223941SUSE bug 1223948SUSE bug 1223952SUSE bug 1223963CVE-2021-46955 at SUSECVE-2021-46955 at NVDCVE-2021-47041 at SUSECVE-2021-47041 at NVDCVE-2021-47074 at SUSECVE-2021-47074 at NVDCVE-2021-47113 at SUSECVE-2021-47113 at NVDCVE-2021-47131 at SUSECVE-2021-47131 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDcpe:/o:suse:suse-microos:5.2Security update for perl (Important)SUSE Linux Enterprise Micro 5.2
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:suse:suse-microos:5.2Security update for opensc (Moderate)SUSE Linux Enterprise Micro 5.2
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed a side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:suse:suse-microos:5.2Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.2
This update for gdk-pixbuf fixes the following issues:
- CVE-2022-48622: Fixed files rejection with multiple anih chunks (bsc#1219276).
ImportantSUSE bug 1219276CVE-2022-48622 at SUSECVE-2022-48622 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:suse:suse-microos:5.2Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.2
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
ImportantSUSE bug 1224806CVE-2024-4453 at SUSECVE-2024-4453 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Important)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
ImportantSUSE bug 1223179SUSE bug 1225365CVE-2024-35235 at SUSECVE-2024-35235 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273)
ModerateSUSE bug 1219273CVE-2023-27534 at SUSECVE-2023-27534 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26929: Fixed double free of fcport (bsc#1223715).
- CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476).
- cifs: avoid race conditions with parallel reconnects (bsc#1213476).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- cifs: avoid use of global locks for high contention data (bsc#1213476).
- cifs: check only tcon status on tcon related functions (bsc#1213476).
- cifs: do all necessary checks for credits within or before locking (bsc#1213476).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1213476).
- cifs: do not take exclusive lock for updating target hints (bsc#1213476).
- cifs: fix confusing debug message (bsc#1213476).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476).
- cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476).
- cifs: fix refresh of cached referrals (bsc#1213476).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476).
- cifs: fix source pathname comparison of dfs supers (bsc#1213476).
- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476).
- cifs: get rid of dns resolve worker (bsc#1213476).
- cifs: get rid of mount options string parsing (bsc#1213476).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1213476).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476).
- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- cifs: optimize reconnect of nested links (bsc#1213476).
- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- cifs: refresh root referrals (bsc#1213476).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- cifs: remove unused function (bsc#1213476).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1213476).
- cifs: return DFS root session id in DebugData (bsc#1213476).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476).
- cifs: set correct ipc status after initial tree connect (bsc#1213476).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1213476).
- cifs: set correct tcon status after initial tree connect (bsc#1213476).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- cifs: set resolved ip in sockaddr (bsc#1213476).
- cifs: share dfs connections and supers (bsc#1213476).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476).
- cifs: use fs_context for automounts (bsc#1213476).
- cifs: use origin fullpath for automounts (bsc#1213476).
- cifs: use tcon allocation functions even for dummy tcon (bsc#1213476).
- netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes).
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes).
- netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes).
- netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes).
- netfilter: nf_tables: GC transaction race with abort path (git-fixes).
- netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes).
- netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes).
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes).
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes).
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes).
- netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes).
- netfilter: nf_tables: use correct lock to protect gc_list (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_rbtree: Add missing expired checks (git-fixes).
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes).
- netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes).
- netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes).
- netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes).
- netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes).
- netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes).
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes).
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes).
- netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes).
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes).
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes).
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes).
- NFC: nxp: add NXP1002 (bsc#1185589).
- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
- smb: client: fix dfs link mount against w2k8 (git-fixes).
- smb: client: fix null auth (bsc#1213476).
- smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1151927SUSE bug 1152472SUSE bug 1154353SUSE bug 1156395SUSE bug 1174585SUSE bug 1176447SUSE bug 1176774SUSE bug 1176869SUSE bug 1178134SUSE bug 1181147SUSE bug 1184631SUSE bug 1185589SUSE bug 1185902SUSE bug 1186885SUSE bug 1188616SUSE bug 1188772SUSE bug 1189883SUSE bug 1190795SUSE bug 1191452SUSE bug 1192107SUSE bug 1194288SUSE bug 1194591SUSE bug 1196956SUSE bug 1197760SUSE bug 1198029SUSE bug 1199304SUSE bug 1200619SUSE bug 1203389SUSE bug 1206646SUSE bug 1209657SUSE bug 1210335SUSE bug 1210629SUSE bug 1213476SUSE bug 1215420SUSE bug 1216702SUSE bug 1217169SUSE bug 1220137SUSE bug 1220144SUSE bug 1220754SUSE bug 1220877SUSE bug 1220960SUSE bug 1221044SUSE bug 1221113SUSE bug 1221829SUSE bug 1222251SUSE bug 1222619SUSE bug 1222838SUSE bug 1222867SUSE bug 1223084SUSE bug 1223138SUSE bug 1223384SUSE bug 1223390SUSE bug 1223512SUSE bug 1223626SUSE bug 1223715SUSE bug 1223932SUSE bug 1223934SUSE bug 1224099SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224816SUSE bug 1224826SUSE bug 1224830SUSE bug 1224831SUSE bug 1224832SUSE bug 1224834SUSE bug 1224841SUSE bug 1224842SUSE bug 1224843SUSE bug 1224844SUSE bug 1224846SUSE bug 1224849SUSE bug 1224852SUSE bug 1224853SUSE bug 1224854SUSE bug 1224859SUSE bug 1224882SUSE bug 1224886SUSE bug 1224888SUSE bug 1224889SUSE bug 1224891SUSE bug 1224892SUSE bug 1224893SUSE bug 1224899SUSE bug 1224904SUSE bug 1224907SUSE bug 1224909SUSE bug 1224916SUSE bug 1224917SUSE bug 1224922SUSE bug 1224923SUSE bug 1224924SUSE bug 1224926SUSE bug 1224928SUSE bug 1224953SUSE bug 1224954SUSE bug 1224955SUSE bug 1224957SUSE bug 1224961SUSE bug 1224963SUSE bug 1224965SUSE bug 1224966SUSE bug 1224968SUSE bug 1224981SUSE bug 1224982SUSE bug 1224983SUSE bug 1224984SUSE bug 1224987SUSE bug 1224990SUSE bug 1224993SUSE bug 1224996SUSE bug 1224997SUSE bug 1225026SUSE bug 1225030SUSE bug 1225058SUSE bug 1225060SUSE bug 1225083SUSE bug 1225084SUSE bug 1225091SUSE bug 1225112SUSE bug 1225113SUSE bug 1225128SUSE bug 1225140SUSE bug 1225143SUSE bug 1225148SUSE bug 1225155SUSE bug 1225164SUSE bug 1225177SUSE bug 1225178SUSE bug 1225181SUSE bug 1225192SUSE bug 1225193SUSE bug 1225198SUSE bug 1225201SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225237SUSE bug 1225238SUSE bug 1225243SUSE bug 1225244SUSE bug 1225247SUSE bug 1225251SUSE bug 1225252SUSE bug 1225256SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225301SUSE bug 1225303SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225330SUSE bug 1225333SUSE bug 1225336SUSE bug 1225341SUSE bug 1225346SUSE bug 1225351SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225374SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225390SUSE bug 1225393SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225411SUSE bug 1225424SUSE bug 1225427SUSE bug 1225435SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225446SUSE bug 1225447SUSE bug 1225448SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225468SUSE bug 1225499SUSE bug 1225500SUSE bug 1225508SUSE bug 1225534CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47220 at SUSECVE-2021-47220 at NVDCVE-2021-47227 at SUSECVE-2021-47227 at NVDCVE-2021-47228 at SUSECVE-2021-47228 at NVDCVE-2021-47229 at SUSECVE-2021-47229 at NVDCVE-2021-47230 at SUSECVE-2021-47230 at NVDCVE-2021-47231 at SUSECVE-2021-47231 at NVDCVE-2021-47235 at SUSECVE-2021-47235 at NVDCVE-2021-47236 at SUSECVE-2021-47236 at NVDCVE-2021-47237 at SUSECVE-2021-47237 at NVDCVE-2021-47239 at SUSECVE-2021-47239 at NVDCVE-2021-47240 at SUSECVE-2021-47240 at NVDCVE-2021-47241 at SUSECVE-2021-47241 at NVDCVE-2021-47246 at SUSECVE-2021-47246 at NVDCVE-2021-47252 at SUSECVE-2021-47252 at NVDCVE-2021-47253 at SUSECVE-2021-47253 at NVDCVE-2021-47254 at SUSECVE-2021-47254 at NVDCVE-2021-47255 at SUSECVE-2021-47255 at NVDCVE-2021-47258 at SUSECVE-2021-47258 at NVDCVE-2021-47259 at SUSECVE-2021-47259 at NVDCVE-2021-47260 at SUSECVE-2021-47260 at NVDCVE-2021-47261 at SUSECVE-2021-47261 at NVDCVE-2021-47263 at SUSECVE-2021-47263 at NVDCVE-2021-47265 at SUSECVE-2021-47265 at NVDCVE-2021-47267 at SUSECVE-2021-47267 at NVDCVE-2021-47269 at SUSECVE-2021-47269 at NVDCVE-2021-47270 at SUSECVE-2021-47270 at NVDCVE-2021-47274 at SUSECVE-2021-47274 at NVDCVE-2021-47275 at SUSECVE-2021-47275 at NVDCVE-2021-47276 at SUSECVE-2021-47276 at NVDCVE-2021-47280 at SUSECVE-2021-47280 at NVDCVE-2021-47281 at SUSECVE-2021-47281 at NVDCVE-2021-47284 at SUSECVE-2021-47284 at NVDCVE-2021-47285 at SUSECVE-2021-47285 at NVDCVE-2021-47288 at SUSECVE-2021-47288 at NVDCVE-2021-47289 at SUSECVE-2021-47289 at NVDCVE-2021-47296 at SUSECVE-2021-47296 at NVDCVE-2021-47301 at SUSECVE-2021-47301 at NVDCVE-2021-47302 at SUSECVE-2021-47302 at NVDCVE-2021-47305 at SUSECVE-2021-47305 at NVDCVE-2021-47307 at SUSECVE-2021-47307 at NVDCVE-2021-47308 at SUSECVE-2021-47308 at NVDCVE-2021-47314 at SUSECVE-2021-47314 at NVDCVE-2021-47315 at SUSECVE-2021-47315 at NVDCVE-2021-47320 at SUSECVE-2021-47320 at NVDCVE-2021-47321 at SUSECVE-2021-47321 at NVDCVE-2021-47323 at SUSECVE-2021-47323 at NVDCVE-2021-47324 at SUSECVE-2021-47324 at NVDCVE-2021-47329 at SUSECVE-2021-47329 at NVDCVE-2021-47330 at SUSECVE-2021-47330 at NVDCVE-2021-47332 at SUSECVE-2021-47332 at NVDCVE-2021-47333 at SUSECVE-2021-47333 at NVDCVE-2021-47334 at SUSECVE-2021-47334 at NVDCVE-2021-47337 at SUSECVE-2021-47337 at NVDCVE-2021-47338 at SUSECVE-2021-47338 at NVDCVE-2021-47340 at SUSECVE-2021-47340 at NVDCVE-2021-47341 at SUSECVE-2021-47341 at NVDCVE-2021-47343 at SUSECVE-2021-47343 at NVDCVE-2021-47344 at SUSECVE-2021-47344 at NVDCVE-2021-47347 at SUSECVE-2021-47347 at NVDCVE-2021-47348 at SUSECVE-2021-47348 at NVDCVE-2021-47350 at SUSECVE-2021-47350 at NVDCVE-2021-47353 at SUSECVE-2021-47353 at NVDCVE-2021-47354 at SUSECVE-2021-47354 at NVDCVE-2021-47356 at SUSECVE-2021-47356 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
ModerateSUSE bug 1212233CVE-2023-3164 at SUSECVE-2023-3164 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201).
- CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354)
- CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301)
- CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934).
- CVE-2023-52871: Handle a second device without data corruption (bsc#1225534)
- CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355).
- CVE-2021-47500: Fixed trigger reference couting (bsc#1225360).
- CVE-2024-27413: Fix incorrect allocation size (bsc#1224438).
- CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208).
- CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411).
- CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928).
- CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954)
- CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
The following non-security bugs were fixed:
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- btrfs: do not start relocation until in progress drops are done (bsc#1222251).
- cifs: add missing spinlock around tcon refcount (bsc#1213476).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476).
- cifs: avoid race conditions with parallel reconnects (bsc#1213476).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476).
- cifs: avoid use of global locks for high contention data (bsc#1213476).
- cifs: check only tcon status on tcon related functions (bsc#1213476).
- cifs: do all necessary checks for credits within or before locking (bsc#1213476).
- cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476).
- cifs: do not refresh cached referrals from unactive mounts (bsc#1213476).
- cifs: do not take exclusive lock for updating target hints (bsc#1213476).
- cifs: fix confusing debug message (bsc#1213476).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476).
- cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476).
- cifs: fix refresh of cached referrals (bsc#1213476).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476).
- cifs: fix source pathname comparison of dfs supers (bsc#1213476).
- cifs: fix status checks in cifs_tree_connect (bsc#1213476).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476).
- cifs: get rid of dns resolve worker (bsc#1213476).
- cifs: get rid of mount options string parsing (bsc#1213476).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1213476).
- cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476).
- cifs: match even the scope id for ipv6 addresses (bsc#1213476).
- cifs: optimize reconnect of nested links (bsc#1213476).
- cifs: prevent data race in smb2_reconnect() (bsc#1213476).
- cifs: refresh root referrals (bsc#1213476).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1213476).
- cifs: remove unused function (bsc#1213476).
- cifs: remove unused smb3_fs_context::mount_options (bsc#1213476).
- cifs: return DFS root session id in DebugData (bsc#1213476).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476).
- cifs: set correct ipc status after initial tree connect (bsc#1213476).
- cifs: set correct status of tcon ipc when reconnecting (bsc#1213476).
- cifs: set correct tcon status after initial tree connect (bsc#1213476).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476).
- cifs: set resolved ip in sockaddr (bsc#1213476).
- cifs: share dfs connections and supers (bsc#1213476).
- cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476).
- cifs: use fs_context for automounts (bsc#1213476).
- cifs: use origin fullpath for automounts (bsc#1213476).
- cifs: use tcon allocation functions even for dummy tcon (bsc#1213476).
- netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes).
- netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes).
- netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes).
- netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes).
- netfilter: nf_tables: GC transaction race with abort path (git-fixes).
- netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes).
- netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes).
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes).
- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes).
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes).
- netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes).
- netfilter: nf_tables: use correct lock to protect gc_list (git-fixes).
- netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes).
- netfilter: nft_set_rbtree: Add missing expired checks (git-fixes).
- netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes).
- netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes).
- netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes).
- netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes).
- netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes).
- netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes).
- netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes).
- netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes).
- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes).
- netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes).
- netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes).
- netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes).
- netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes).
- netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes).
- NFC: nxp: add NXP1002 (bsc#1185589).
- PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243).
- smb: client: fix dfs link mount against w2k8 (git-fixes).
- smb: client: fix null auth (bsc#1213476).
- smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes).
- x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1151927SUSE bug 1152472SUSE bug 1154353SUSE bug 1156395SUSE bug 1174585SUSE bug 1176447SUSE bug 1176774SUSE bug 1176869SUSE bug 1178134SUSE bug 1181147SUSE bug 1184631SUSE bug 1185570SUSE bug 1185589SUSE bug 1185902SUSE bug 1186885SUSE bug 1187357SUSE bug 1188616SUSE bug 1188772SUSE bug 1189883SUSE bug 1190795SUSE bug 1191452SUSE bug 1192107SUSE bug 1194288SUSE bug 1194591SUSE bug 1196956SUSE bug 1197760SUSE bug 1198029SUSE bug 1199304SUSE bug 1200619SUSE bug 1203389SUSE bug 1206646SUSE bug 1209657SUSE bug 1210335SUSE bug 1210629SUSE bug 1213476SUSE bug 1215420SUSE bug 1216702SUSE bug 1217169SUSE bug 1220137SUSE bug 1220144SUSE bug 1220754SUSE bug 1220877SUSE bug 1220960SUSE bug 1221044SUSE bug 1221113SUSE bug 1221829SUSE bug 1222251SUSE bug 1222619SUSE bug 1222838SUSE bug 1222867SUSE bug 1223084SUSE bug 1223138SUSE bug 1223384SUSE bug 1223390SUSE bug 1223512SUSE bug 1223932SUSE bug 1223934SUSE bug 1224099SUSE bug 1224174SUSE bug 1224438SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224816SUSE bug 1224826SUSE bug 1224830SUSE bug 1224831SUSE bug 1224832SUSE bug 1224834SUSE bug 1224841SUSE bug 1224842SUSE bug 1224843SUSE bug 1224844SUSE bug 1224846SUSE bug 1224849SUSE bug 1224852SUSE bug 1224853SUSE bug 1224854SUSE bug 1224859SUSE bug 1224882SUSE bug 1224886SUSE bug 1224888SUSE bug 1224889SUSE bug 1224891SUSE bug 1224892SUSE bug 1224893SUSE bug 1224899SUSE bug 1224904SUSE bug 1224907SUSE bug 1224909SUSE bug 1224916SUSE bug 1224917SUSE bug 1224922SUSE bug 1224923SUSE bug 1224924SUSE bug 1224926SUSE bug 1224928SUSE bug 1224953SUSE bug 1224954SUSE bug 1224955SUSE bug 1224957SUSE bug 1224961SUSE bug 1224963SUSE bug 1224965SUSE bug 1224966SUSE bug 1224968SUSE bug 1224981SUSE bug 1224982SUSE bug 1224983SUSE bug 1224984SUSE bug 1224987SUSE bug 1224990SUSE bug 1224993SUSE bug 1224996SUSE bug 1224997SUSE bug 1225026SUSE bug 1225030SUSE bug 1225058SUSE bug 1225060SUSE bug 1225083SUSE bug 1225084SUSE bug 1225091SUSE bug 1225112SUSE bug 1225113SUSE bug 1225128SUSE bug 1225140SUSE bug 1225143SUSE bug 1225148SUSE bug 1225155SUSE bug 1225164SUSE bug 1225177SUSE bug 1225178SUSE bug 1225181SUSE bug 1225192SUSE bug 1225193SUSE bug 1225198SUSE bug 1225201SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225214SUSE bug 1225223SUSE bug 1225224SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225237SUSE bug 1225238SUSE bug 1225243SUSE bug 1225244SUSE bug 1225247SUSE bug 1225251SUSE bug 1225252SUSE bug 1225256SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225301SUSE bug 1225303SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225330SUSE bug 1225333SUSE bug 1225336SUSE bug 1225341SUSE bug 1225346SUSE bug 1225351SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225374SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225390SUSE bug 1225393SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225409SUSE bug 1225411SUSE bug 1225424SUSE bug 1225427SUSE bug 1225435SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225446SUSE bug 1225447SUSE bug 1225448SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225468SUSE bug 1225499SUSE bug 1225500SUSE bug 1225508SUSE bug 1225534CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47220 at SUSECVE-2021-47220 at NVDCVE-2021-47227 at SUSECVE-2021-47227 at NVDCVE-2021-47228 at SUSECVE-2021-47228 at NVDCVE-2021-47229 at SUSECVE-2021-47229 at NVDCVE-2021-47230 at SUSECVE-2021-47230 at NVDCVE-2021-47231 at SUSECVE-2021-47231 at NVDCVE-2021-47235 at SUSECVE-2021-47235 at NVDCVE-2021-47236 at SUSECVE-2021-47236 at NVDCVE-2021-47237 at SUSECVE-2021-47237 at NVDCVE-2021-47239 at SUSECVE-2021-47239 at NVDCVE-2021-47240 at SUSECVE-2021-47240 at NVDCVE-2021-47241 at SUSECVE-2021-47241 at NVDCVE-2021-47246 at SUSECVE-2021-47246 at NVDCVE-2021-47252 at SUSECVE-2021-47252 at NVDCVE-2021-47253 at SUSECVE-2021-47253 at NVDCVE-2021-47254 at SUSECVE-2021-47254 at NVDCVE-2021-47255 at SUSECVE-2021-47255 at NVDCVE-2021-47258 at SUSECVE-2021-47258 at NVDCVE-2021-47259 at SUSECVE-2021-47259 at NVDCVE-2021-47260 at SUSECVE-2021-47260 at NVDCVE-2021-47261 at SUSECVE-2021-47261 at NVDCVE-2021-47263 at SUSECVE-2021-47263 at NVDCVE-2021-47265 at SUSECVE-2021-47265 at NVDCVE-2021-47267 at SUSECVE-2021-47267 at NVDCVE-2021-47269 at SUSECVE-2021-47269 at NVDCVE-2021-47270 at SUSECVE-2021-47270 at NVDCVE-2021-47274 at SUSECVE-2021-47274 at NVDCVE-2021-47275 at SUSECVE-2021-47275 at NVDCVE-2021-47276 at SUSECVE-2021-47276 at NVDCVE-2021-47280 at SUSECVE-2021-47280 at NVDCVE-2021-47281 at SUSECVE-2021-47281 at NVDCVE-2021-47284 at SUSECVE-2021-47284 at NVDCVE-2021-47285 at SUSECVE-2021-47285 at NVDCVE-2021-47288 at SUSECVE-2021-47288 at NVDCVE-2021-47289 at SUSECVE-2021-47289 at NVDCVE-2021-47296 at SUSECVE-2021-47296 at NVDCVE-2021-47301 at SUSECVE-2021-47301 at NVDCVE-2021-47302 at SUSECVE-2021-47302 at NVDCVE-2021-47305 at SUSECVE-2021-47305 at NVDCVE-2021-47307 at SUSECVE-2021-47307 at NVDCVE-2021-47308 at SUSECVE-2021-47308 at NVDCVE-2021-47314 at SUSECVE-2021-47314 at NVDCVE-2021-47315 at SUSECVE-2021-47315 at NVDCVE-2021-47320 at SUSECVE-2021-47320 at NVDCVE-2021-47321 at SUSECVE-2021-47321 at NVDCVE-2021-47323 at SUSECVE-2021-47323 at NVDCVE-2021-47324 at SUSECVE-2021-47324 at NVDCVE-2021-47329 at SUSECVE-2021-47329 at NVDCVE-2021-47330 at SUSECVE-2021-47330 at NVDCVE-2021-47332 at SUSECVE-2021-47332 at NVDCVE-2021-47333 at SUSECVE-2021-47333 at NVDCVE-2021-47334 at SUSECVE-2021-47334 at NVDCVE-2021-47337 at SUSECVE-2021-47337 at NVDCVE-2021-47338 at SUSECVE-2021-47338 at NVDCVE-2021-47340 at SUSECVE-2021-47340 at NVDCVE-2021-47341 at SUSECVE-2021-47341 at NVDCVE-2021-47343 at SUSECVE-2021-47343 at NVDCVE-2021-47344 at SUSECVE-2021-47344 at NVDCVE-2021-47347 at SUSECVE-2021-47347 at NVDCVE-2021-47348 at SUSECVE-2021-47348 at NVDCVE-2021-47350 at SUSECVE-2021-47350 at NVDCVE-2021-47353 at SUSECVE-2021-47353 at NVDCVE-2021-47354 at SUSECVE-2021-47354 at NVDCVE-2021-47356 at SUSECVE-2021-47356 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2022-1195 at SUSECVE-2022-1195 at NVDCVE-2022-20132 at SUSECVE-2022-20132 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52433 at SUSECVE-2023-52433 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26581 at SUSECVE-2024-26581 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:suse:suse-microos:5.2Security update for krb5 (Important)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595)
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
The following non-security bugs were fixed:
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
ImportantSUSE bug 1156395SUSE bug 1171988SUSE bug 1176447SUSE bug 1176774SUSE bug 1181147SUSE bug 1191958SUSE bug 1195065SUSE bug 1195254SUSE bug 1195798SUSE bug 1202623SUSE bug 1218148SUSE bug 1219224SUSE bug 1219633SUSE bug 1222015SUSE bug 1223011SUSE bug 1223384SUSE bug 1224671SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224865SUSE bug 1225010SUSE bug 1225047SUSE bug 1225109SUSE bug 1225161SUSE bug 1225184SUSE bug 1225203SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226226SUSE bug 1226537SUSE bug 1226552SUSE bug 1226554SUSE bug 1226557SUSE bug 1226558SUSE bug 1226562SUSE bug 1226563SUSE bug 1226575SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226595SUSE bug 1226614SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226674SUSE bug 1226679SUSE bug 1226686SUSE bug 1226691SUSE bug 1226692SUSE bug 1226698SUSE bug 1226703SUSE bug 1226708SUSE bug 1226709SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226758SUSE bug 1226762SUSE bug 1226786SUSE bug 1226962CVE-2021-3896 at SUSECVE-2021-3896 at NVDCVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47247 at SUSECVE-2021-47247 at NVDCVE-2021-47311 at SUSECVE-2021-47311 at NVDCVE-2021-47328 at SUSECVE-2021-47328 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-0435 at SUSECVE-2022-0435 at NVDCVE-2022-22942 at SUSECVE-2022-22942 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865).
- CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010).
- CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161).
- CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184).
- CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2022-2938: psi: Fix uaf issue when psi trigger is destroyed while being polled (bsc#1202623).
- CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712).
- CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
The following non-security bugs were fixed:
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- psi: Fix uaf issue when psi trigger is destroyed while being
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
ImportantSUSE bug 1156395SUSE bug 1171988SUSE bug 1176447SUSE bug 1176774SUSE bug 1181147SUSE bug 1191958SUSE bug 1195065SUSE bug 1195254SUSE bug 1195798SUSE bug 1202623SUSE bug 1218148SUSE bug 1219224SUSE bug 1219633SUSE bug 1222015SUSE bug 1223011SUSE bug 1224671SUSE bug 1224703SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224865SUSE bug 1225010SUSE bug 1225047SUSE bug 1225109SUSE bug 1225161SUSE bug 1225184SUSE bug 1225203SUSE bug 1225487SUSE bug 1225518SUSE bug 1225611SUSE bug 1225732SUSE bug 1225749SUSE bug 1225840SUSE bug 1225866SUSE bug 1226226SUSE bug 1226537SUSE bug 1226552SUSE bug 1226554SUSE bug 1226557SUSE bug 1226558SUSE bug 1226562SUSE bug 1226563SUSE bug 1226575SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226595SUSE bug 1226614SUSE bug 1226619SUSE bug 1226621SUSE bug 1226624SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226674SUSE bug 1226679SUSE bug 1226686SUSE bug 1226691SUSE bug 1226692SUSE bug 1226698SUSE bug 1226703SUSE bug 1226708SUSE bug 1226709SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226720SUSE bug 1226721SUSE bug 1226732SUSE bug 1226762SUSE bug 1226785SUSE bug 1226786SUSE bug 1226962CVE-2021-43389 at SUSECVE-2021-43389 at NVDCVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47247 at SUSECVE-2021-47247 at NVDCVE-2021-47311 at SUSECVE-2021-47311 at NVDCVE-2021-47328 at SUSECVE-2021-47328 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-2938 at SUSECVE-2022-2938 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDcpe:/o:suse:suse-microos:5.2Security update for oniguruma (Moderate)SUSE Linux Enterprise Micro 5.2
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit (Moderate)SUSE Linux Enterprise Micro 5.2
This update for cockpit fixes the following issues:
- CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). ModerateSUSE bug 1226040CVE-2024-6126 at SUSECVE-2024-6126 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075SUSE bug 1226447SUSE bug 1226448CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453)
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
ImportantSUSE bug 1222453SUSE bug 1227355CVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
- FIPS: Added more safe memset (bsc#1222811).
- FIPS: Adjusted AES GCM restrictions (bsc#1222830).
- FIPS: Adjusted approved ciphers (bsc#1222813, bsc#1222814, bsc#1222821,
bsc#1222822, bsc#1224118, bsc#1222807, bsc#1222828, bsc#1222834,
bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115,
bsc#1224116).
Update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
ModerateSUSE bug 1218851CVE-2023-46839 at SUSECVE-2023-46839 at NVDcpe:/o:suse:suse-microos:5.2Security update for shadow (Important)SUSE Linux Enterprise Micro 5.2
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:suse:suse-microos:5.2Security update for orc (Important)SUSE Linux Enterprise Micro 5.2
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:suse-microos:5.2Security update for shadow (Moderate)SUSE Linux Enterprise Micro 5.2
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:suse:suse-microos:5.2Security update for ca-certificates-mozilla (Important)SUSE Linux Enterprise Micro 5.2
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918).
- CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
The following non-security bugs were fixed:
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213)
- NFS: Clean up directory array handling (bsc#1226662).
- NFS: Clean up nfs_readdir_page_filler() (bsc#1226662).
- NFS: Clean up readdir struct nfs_cache_array (bsc#1226662).
- NFS: Do not discard readdir results (bsc#1226662).
- NFS: Do not overfill uncached readdir pages (bsc#1226662).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662).
- NFS: Fix up directory verifier races (bsc#1226662).
- NFS: Further optimisations for 'ls -l' (bsc#1226662).
- NFS: More readdir cleanups (bsc#1226662).
- NFS: Reduce number of RPC calls when doing uncached readdir (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: Support larger readdir buffers (bsc#1226662).
- NFS: Use the 64-bit server readdir cookies when possible (bsc#1226662).
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- X.509: Fix the parser of extended key usage for length (bsc#1218820 bsc#1226666).
- nfs: optimise readdir cache page invalidation (bsc#1226662).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
ImportantSUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1221539SUSE bug 1222728SUSE bug 1222824SUSE bug 1223863SUSE bug 1224918SUSE bug 1225431SUSE bug 1226519SUSE bug 1226550SUSE bug 1226574SUSE bug 1226662SUSE bug 1226666SUSE bug 1227213SUSE bug 1227362SUSE bug 1227487SUSE bug 1227716SUSE bug 1227750SUSE bug 1227810SUSE bug 1227836SUSE bug 1227976SUSE bug 1228013SUSE bug 1228040SUSE bug 1228114SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228743CVE-2021-47126 at SUSECVE-2021-47126 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2021-47291 at SUSECVE-2021-47291 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDcpe:/o:suse:suse-microos:5.2Security update for gtk3 (Important)SUSE Linux Enterprise Micro 5.2
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120).
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-setuptools (Important)SUSE Linux Enterprise Micro 5.2
This update for python-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
ModerateSUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:suse:suse-microos:5.2Security update for kernel-firmware (Important)SUSE Linux Enterprise Micro 5.2
This update for kernel-firmware fixes the following issues:
- CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing that could permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (bsc#1179610).
- CVE-2021-0129: Improper access control in BlueZ may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bsc#1186463).
- CVE-2021-47126: ipv6: Fix KASAN: slab-out-of-bounds Read in fib6_nh_flush_exceptions (bsc#1221539).
- CVE-2021-47219: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (bsc#1222824).
- CVE-2021-47291: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions (bsc#1224918).
- CVE-2021-47506: nfsd: fix use-after-free due to delegation race (bsc#1225404).
- CVE-2021-47520: can: pch_can: pch_can_rx_normal: fix use after free (bsc#1225431).
- CVE-2021-47580: scsi: scsi_debug: Fix type in min_t to avoid stack OOB (bsc#1226550).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47600: dm btree remove: fix use after free in rebalance_children() (bsc#1226575).
- CVE-2022-48792: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (bsc#1228013).
- CVE-2022-48821: misc: fastrpc: avoid double fput() on failed usercopy (bsc#1227976).
- CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729).
- CVE-2023-52885: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (bsc#1227750).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743).
The following non-security bugs were fixed:
- Fix spurious WARNING caused by a qxl driver patch (bsc#1227213)
- nfs: Clean up directory array handling (bsc#1226662).
- nfs: Clean up nfs_readdir_page_filler() (bsc#1226662).
- nfs: Clean up readdir struct nfs_cache_array (bsc#1226662).
- nfs: Do not discard readdir results (bsc#1226662).
- nfs: Do not overfill uncached readdir pages (bsc#1226662).
- nfs: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- nfs: Ensure contents of struct nfs_open_dir_context are consistent (bsc#1226662).
- nfs: Fix up directory verifier races (bsc#1226662).
- nfs: Further optimisations for 'ls -l' (bsc#1226662).
- nfs: More readdir cleanups (bsc#1226662).
- nfs: Reduce number of RPC calls when doing uncached readdir (bsc#1226662).
- nfs: Reduce use of uncached readdir (bsc#1226662).
- nfs: Support larger readdir buffers (bsc#1226662).
- nfs: Use the 64-bit server readdir cookies when possible (bsc#1226662).
- nfs: optimise readdir cache page invalidation (bsc#1226662).
- nfsv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- powerpc/rtas: clean up includes (bsc#1227487).
- x.509: Fix the parser of extended key usage for length (bsc#1218820, bsc#1226666).
ImportantSUSE bug 1065729SUSE bug 1179610SUSE bug 1186463SUSE bug 1216834SUSE bug 1218820SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1221539SUSE bug 1222728SUSE bug 1222824SUSE bug 1223863SUSE bug 1224918SUSE bug 1225404SUSE bug 1225431SUSE bug 1226519SUSE bug 1226550SUSE bug 1226574SUSE bug 1226575SUSE bug 1226662SUSE bug 1226666SUSE bug 1226785SUSE bug 1227213SUSE bug 1227362SUSE bug 1227487SUSE bug 1227716SUSE bug 1227750SUSE bug 1227810SUSE bug 1227836SUSE bug 1227976SUSE bug 1228013SUSE bug 1228040SUSE bug 1228114SUSE bug 1228328SUSE bug 1228561SUSE bug 1228644SUSE bug 1228743CVE-2020-26558 at SUSECVE-2020-26558 at NVDCVE-2021-0129 at SUSECVE-2021-0129 at NVDCVE-2021-47126 at SUSECVE-2021-47126 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2021-47291 at SUSECVE-2021-47291 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2023-2861: Fixed improper access control on special files via 9p protocol (bsc#1212968)
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
Other fixes:
- Fixed qemu build compilation with binutils 2.41 upgrade (bsc#1215311)
ImportantSUSE bug 1212968SUSE bug 1215311SUSE bug 1227322CVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
ImportantSUSE bug 1228574SUSE bug 1228575CVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed sensitive information disclosure in log files in go-retryablehttp (bsc#1227052)
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)
ModerateSUSE bug 1228924CVE-2024-7006 at SUSECVE-2024-7006 at NVDcpe:/o:suse:suse-microos:5.2Security update for buildah, docker (Critical)SUSE Linux Enterprise Micro 5.2
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
- CVE-2024-7264: ASN.1 date parser overread. (bsc#1228535)
ModerateSUSE bug 1228535SUSE bug 1230093CVE-2024-7264 at SUSECVE-2024-7264 at NVDCVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Low)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
ImportantSUSE bug 1176447SUSE bug 1195668SUSE bug 1195928SUSE bug 1195957SUSE bug 1196018SUSE bug 1196516SUSE bug 1196823SUSE bug 1202346SUSE bug 1209636SUSE bug 1209799SUSE bug 1210629SUSE bug 1216834SUSE bug 1222251SUSE bug 1225109SUSE bug 1225584SUSE bug 1227832SUSE bug 1227924SUSE bug 1227928SUSE bug 1227932SUSE bug 1227935SUSE bug 1227941SUSE bug 1227942SUSE bug 1227945SUSE bug 1227952SUSE bug 1227964SUSE bug 1227969SUSE bug 1227985SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227997SUSE bug 1228000SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228015SUSE bug 1228020SUSE bug 1228037SUSE bug 1228045SUSE bug 1228060SUSE bug 1228062SUSE bug 1228066SUSE bug 1228466SUSE bug 1228516SUSE bug 1228576SUSE bug 1228959SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229510SUSE bug 1229512SUSE bug 1229598SUSE bug 1229604SUSE bug 1229607SUSE bug 1229620SUSE bug 1229621SUSE bug 1229624SUSE bug 1229626SUSE bug 1229629SUSE bug 1229630SUSE bug 1229637SUSE bug 1229641SUSE bug 1229657SUSE bug 1229707CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48933 at SUSECVE-2022-48933 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2022-48919: Fix double free race when mount fails in cifs_get_root() (bsc#1229657).
- CVE-2023-52854: Fix refcnt handling in padata_free_shell() (bsc#1225584).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2022-48872: Fix use-after-free race condition for maps (bsc#1229510).
- CVE-2022-48873: Do not remove map on creater_process and device_release (bsc#1229512).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2022-48686: Fixed UAF when detecting digest errors (bsc#1223948).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
The following non-security bugs were fixed:
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799 bsc#1225109).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002).
ImportantSUSE bug 1176447SUSE bug 1195668SUSE bug 1195928SUSE bug 1195957SUSE bug 1196018SUSE bug 1196516SUSE bug 1196823SUSE bug 1202346SUSE bug 1209636SUSE bug 1209799SUSE bug 1210629SUSE bug 1216834SUSE bug 1220185SUSE bug 1220186SUSE bug 1222251SUSE bug 1222728SUSE bug 1223948SUSE bug 1225109SUSE bug 1225584SUSE bug 1227832SUSE bug 1227924SUSE bug 1227928SUSE bug 1227932SUSE bug 1227935SUSE bug 1227941SUSE bug 1227942SUSE bug 1227945SUSE bug 1227952SUSE bug 1227964SUSE bug 1227969SUSE bug 1227985SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228015SUSE bug 1228020SUSE bug 1228037SUSE bug 1228045SUSE bug 1228060SUSE bug 1228062SUSE bug 1228066SUSE bug 1228114SUSE bug 1228516SUSE bug 1228576SUSE bug 1228959SUSE bug 1229400SUSE bug 1229454SUSE bug 1229500SUSE bug 1229503SUSE bug 1229510SUSE bug 1229512SUSE bug 1229598SUSE bug 1229604SUSE bug 1229607SUSE bug 1229620SUSE bug 1229621SUSE bug 1229624SUSE bug 1229626SUSE bug 1229629SUSE bug 1229630SUSE bug 1229637SUSE bug 1229641SUSE bug 1229657SUSE bug 1229707CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-20368 at SUSECVE-2022-20368 at NVDCVE-2022-28748 at SUSECVE-2022-28748 at NVDCVE-2022-2964 at SUSECVE-2022-2964 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48933 at SUSECVE-2022-48933 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48791: Fix use-after-free for aborted TMF sas_task (bsc#1228002)
The following non-security bugs were fixed:
- powerpc: Remove support for PowerPC 601 (Remove unused and malformed assembly causing build error).
- scsi: pm80xx: Fix TMF task completion race condition (bsc#1228002)
ImportantSUSE bug 1228002CVE-2022-48791 at SUSECVE-2022-48791 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ModerateSUSE bug 1230366CVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596SUSE bug 1230227CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:suse:suse-microos:5.2Security update for libpcap (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:suse:suse-microos:5.2Security update for opensc (Low)SUSE Linux Enterprise Micro 5.2
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
The following non-security bugs were fixed:
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326).
- ext4: add reserved GDT blocks check (bsc#1230326).
- ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- No -rt specific changes this merge.
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326).
ImportantSUSE bug 1226666SUSE bug 1227487SUSE bug 1229633SUSE bug 1230015SUSE bug 1230245SUSE bug 1230326SUSE bug 1230398SUSE bug 1230434SUSE bug 1230519SUSE bug 1230767CVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46695 at SUSECVE-2024-46695 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47069: Fixed a crash due to relying on a stack reference past its expiry in ipc/mqueue, ipc/msg, ipc/sem (bsc#1220826).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48945: media: vivid: fix compose size exceed boundary (bsc#1230398).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-46695: selinux,smack: do not bypass permissions check in inode_setsecctx hook (bsc#1230519).
- CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145).
The following non-security bugs were fixed:
- ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1230326).
- ext4: add reserved GDT blocks check (bsc#1230326).
- ext4: consolidate checks for resize of bigalloc into ext4_resize_begin (bsc#1230326).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1230326).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- Revert 'ext4: consolidate checks for resize of bigalloc into ext4_resize_begin' (bsc#1230326).
ImportantSUSE bug 1220826SUSE bug 1226145SUSE bug 1226666SUSE bug 1227487SUSE bug 1228466SUSE bug 1229633SUSE bug 1230015SUSE bug 1230245SUSE bug 1230326SUSE bug 1230398SUSE bug 1230434SUSE bug 1230519SUSE bug 1230767CVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-46695 at SUSECVE-2024-46695 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-45818: Fixed deadlock in x86 HVM standard VGA handling (XSA-463) (bsc#1232622).
- CVE-2024-45819: Fixed libxl data leaks to PVH guests via ACPI tables (XSA-464) (bsc#1232624).
Bug fixes:
- Remove usage of net-tools-deprecated from supportconfig plugin (bsc#1232542).
ImportantSUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
- CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961).
- CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960).
- CVE-2024-36971: Fixed __dst_negative_advice() race (bsc#1226145).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
- kernel-binary: vdso: Own module_dir
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- mkspec-dtb: add toplevel symlinks also on arm
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
ImportantSUSE bug 1195775SUSE bug 1204171SUSE bug 1205796SUSE bug 1209290SUSE bug 1216223SUSE bug 1218562SUSE bug 1219125SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226145SUSE bug 1226211SUSE bug 1226212SUSE bug 1228743SUSE bug 1229042SUSE bug 1229454SUSE bug 1229456SUSE bug 1230429SUSE bug 1230454SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231887SUSE bug 1231890SUSE bug 1231893SUSE bug 1231895SUSE bug 1231936SUSE bug 1231938SUSE bug 1231942SUSE bug 1231960SUSE bug 1231961SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1232033SUSE bug 1232069SUSE bug 1232070SUSE bug 1232097SUSE bug 1232136SUSE bug 1232145SUSE bug 1232262SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47589: igbvf: fix double free in `igbvf_probe` (bsc#1226557).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48967: NFC: nci: Bounds check struct nfc_target arrays (bsc#1232304).
- CVE-2022-48988: memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1232069).
- CVE-2022-48991: khugepaged: retract_page_tables() remember to test exit (bsc#1232070 prerequisity).
- CVE-2022-49003: nvme: fix SRCU protection of nvme_ns_head list (bsc#1232136).
- CVE-2022-49014: net: tun: Fix use-after-free in tun_detach() (bsc#1231890).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49023: wifi: cfg80211: fix buffer overflow in elem comparison (bsc#1231961).
- CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table (bsc#1231960).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45026: s390/dasd: fix error recovery leading to data corruption on ESE devices (bsc#1230454).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
The following non-security bugs were fixed:
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
- kernel-binary: vdso: Own module_dir
- mkspec-dtb: add toplevel symlinks also on arm
- net: mana: Fix the extra HZ in mana_hwc_send_request (bsc#1232033).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
ImportantSUSE bug 1195775SUSE bug 1204171SUSE bug 1205796SUSE bug 1206344SUSE bug 1209290SUSE bug 1216223SUSE bug 1218562SUSE bug 1219125SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1226211SUSE bug 1226212SUSE bug 1226557SUSE bug 1228743SUSE bug 1229042SUSE bug 1229454SUSE bug 1229456SUSE bug 1230429SUSE bug 1230454SUSE bug 1231073SUSE bug 1231191SUSE bug 1231193SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231375SUSE bug 1231502SUSE bug 1231673SUSE bug 1231861SUSE bug 1231887SUSE bug 1231890SUSE bug 1231893SUSE bug 1231895SUSE bug 1231936SUSE bug 1231938SUSE bug 1231942SUSE bug 1231960SUSE bug 1231961SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1232033SUSE bug 1232069SUSE bug 1232070SUSE bug 1232097SUSE bug 1232136SUSE bug 1232145SUSE bug 1232262SUSE bug 1232280SUSE bug 1232282SUSE bug 1232286SUSE bug 1232304SUSE bug 1232383SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232519CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Low)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
ModerateSUSE bug 1233420CVE-2024-52616 at SUSECVE-2024-52616 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2024-11053: fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070)
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
The following non-security bugs were fixed:
- Update config files (bsc#1218644).
- e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
- e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778).
- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778).
- net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1198778).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778).
- net: ena: Change the name of bad_csum variable (bsc#1198778).
- net: ena: Extract recurring driver reset code into a function (bsc#1198778).
- net: ena: Flush XDP packets on error (bsc#1198778).
- net: ena: Improve error logging in driver (bsc#1198778).
- net: ena: Move reset completion print to the reset function (bsc#1198778).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
- net: ena: Remove module param and change message severity (bsc#1198778).
- net: ena: Remove redundant return code check (bsc#1198778).
- net: ena: Remove unused code (bsc#1198778).
- net: ena: Set tx_info->xdpf value to NULL (bsc#1198778).
- net: ena: Update XDP verdict upon failure (bsc#1198778).
- net: ena: Use bitmask to indicate packet redirection (bsc#1198778).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
- net: ena: add device distinct log prefix to files (bsc#1198778).
- net: ena: add jiffies of last napi call to stats (bsc#1198778).
- net: ena: aggregate doorbell common operations into a function (bsc#1198778).
- net: ena: aggregate stats increase into a function (bsc#1198778).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
- net: ena: fix coding style nits (bsc#1198778).
- net: ena: fix inaccurate print type (bsc#1198778).
- net: ena: introduce XDP redirect implementation (bsc#1198778).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
- net: ena: re-organize code to improve readability (bsc#1198778).
- net: ena: remove extra words from comments (bsc#1198778).
- net: ena: store values in their appropriate variables types (bsc#1198778).
- net: ena: use build_skb() in RX path (bsc#1198778).
- net: ena: use constant value for net_device allocation (bsc#1198778).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353).
ImportantSUSE bug 1154353SUSE bug 1198778SUSE bug 1218644SUSE bug 1220927SUSE bug 1231939SUSE bug 1231940SUSE bug 1231958SUSE bug 1231962SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1232006SUSE bug 1232163SUSE bug 1232172SUSE bug 1232224SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557CVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-52524: net: nfc: llcp: Add lock when modifying device list (bsc#1220927).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50290: media: cx24116: prevent overflows on SNR calculus (bsc#1233479).
- CVE-2024-50301: security/keys: fix slab-out-of-bounds in key_task_permission (bsc#1233490).
- CVE-2024-50302: HID: core: zero-initialize the report buffer (bsc#1233491).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
The following non-security bugs were fixed:
- e1000e: Correct NVM checksum verification flow (jsc#SLE-8100).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- ena: Remove rcu_read_lock() around XDP program invocation (bsc#1198778).
- ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1198778).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
- net: ena: Add capabilities field with support for ENI stats capability (bsc#1198778).
- net: ena: Add debug prints for invalid req_id resets (bsc#1198778).
- net: ena: Change ENI stats support check to use capabilities field (bsc#1198778).
- net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1198778).
- net: ena: Change the name of bad_csum variable (bsc#1198778).
- net: ena: Extract recurring driver reset code into a function (bsc#1198778).
- net: ena: Flush XDP packets on error (bsc#1198778).
- net: ena: Improve error logging in driver (bsc#1198778).
- net: ena: Move reset completion print to the reset function (bsc#1198778).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1198778).
- net: ena: Remove module param and change message severity (bsc#1198778).
- net: ena: Remove redundant return code check (bsc#1198778).
- net: ena: Remove unused code (bsc#1198778).
- net: ena: Set tx_info->xdpf value to NULL (bsc#1198778).
- net: ena: Update XDP verdict upon failure (bsc#1198778).
- net: ena: Use bitmask to indicate packet redirection (bsc#1198778).
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1198778).
- net: ena: add device distinct log prefix to files (bsc#1198778).
- net: ena: add jiffies of last napi call to stats (bsc#1198778).
- net: ena: aggregate doorbell common operations into a function (bsc#1198778).
- net: ena: aggregate stats increase into a function (bsc#1198778).
- net: ena: fix DMA mapping function issues in XDP (bsc#1198778).
- net: ena: fix coding style nits (bsc#1198778).
- net: ena: fix inaccurate print type (bsc#1198778).
- net: ena: introduce XDP redirect implementation (bsc#1198778).
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1198778).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1198778).
- net: ena: re-organize code to improve readability (bsc#1198778).
- net: ena: remove extra words from comments (bsc#1198778).
- net: ena: store values in their appropriate variables types (bsc#1198778).
- net: ena: use build_skb() in RX path (bsc#1198778).
- net: ena: use constant value for net_device allocation (bsc#1198778).
- net: ena: use xdp_frame in XDP TX flow (bsc#1198778).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1198778).
- tools headers: Grab copy of linux/const.h, needed by linux/bits.h (bsc#1154353).
ImportantSUSE bug 1154353SUSE bug 1198778SUSE bug 1218644SUSE bug 1220927SUSE bug 1231939SUSE bug 1231940SUSE bug 1231958SUSE bug 1231962SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1232006SUSE bug 1232163SUSE bug 1232172SUSE bug 1232224SUSE bug 1232436SUSE bug 1232860SUSE bug 1232907SUSE bug 1232919SUSE bug 1232928SUSE bug 1233070SUSE bug 1233117SUSE bug 1233293SUSE bug 1233453SUSE bug 1233456SUSE bug 1233468SUSE bug 1233479SUSE bug 1233490SUSE bug 1233491SUSE bug 1233555SUSE bug 1233557CVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDcpe:/o:suse:suse-microos:5.2Security update for socat (Moderate)SUSE Linux Enterprise Micro 5.2
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
ModerateSUSE bug 1225462CVE-2024-54661 at SUSECVE-2024-54661 at NVDcpe:/o:suse:suse-microos:5.2Security update for installation-images (Important)SUSE Linux Enterprise Micro 5.2
This update updates installation-images and tftpboot images to contain the latest shim for secure boot.
ImportantSUSE bug 1233813cpe:/o:suse:suse-microos:5.2Security update for ovmf (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ovmf fixes the following issues:
- CVE-2024-1298: MdeModulePkg: Potential UINT32 overflow in S3 ResumeCount (bsc#1225889)
ModerateSUSE bug 1225889CVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Important)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
Other fixes:
- websocket-test: disconnect error copy after
the test ends (glgo#GNOME/libsoup#391).
- fix an intermittent test failure
(glgo#GNOME/soup#399).
- updated to version 2.68.4.
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:suse:suse-microos:5.2Security update for suse-build-key (Important)SUSE Linux Enterprise Micro 5.2
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ImportantSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
ImportantSUSE bug 1108281SUSE bug 1193285SUSE bug 1216702SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1219053SUSE bug 1219120SUSE bug 1219412SUSE bug 1219434CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
ImportantSUSE bug 1108281SUSE bug 1193285SUSE bug 1215275SUSE bug 1216702SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218713SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1219053SUSE bug 1219120SUSE bug 1219412SUSE bug 1219434CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh (Important)SUSE Linux Enterprise Micro 5.2
This update for libssh fixes the following issues:
Update to version 0.9.8 (jsc#PED-7719):
* Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
* Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
* Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
* Allow @ in usernames when parsing from URI composes
Update to version 0.9.7:
* Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
guessing (bsc#1211188)
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions (bsc#1211190)
* Fix several memory leaks in GSSAPI handling code
Update to version 0.9.6 (bsc#1189608, CVE-2021-3634):
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6
Update to 0.9.5 (bsc#1174713, CVE-2020-16135):
* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite
Update to version 0.9.4
* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
* Fix possible Denial of Service attack when using AES-CTR-ciphers
CVE-2020-1730 (bsc#1168699)
Update to version 0.9.3
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095)
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
Update to version 0.9.2
* Fixed libssh-config.cmake
* Fixed issues with rsa algorithm negotiation (T191)
* Fixed detection of OpenSSL ed25519 support (T197)
Update to version 0.9.1
* Added support for Ed25519 via OpenSSL
* Added support for X25519 via OpenSSL
* Added support for localuser in Match keyword
* Fixed Match keyword to be case sensitive
* Fixed compilation with LibreSSL
* Fixed error report of channel open (T75)
* Fixed sftp documentation (T137)
* Fixed known_hosts parsing (T156)
* Fixed build issue with MinGW (T157)
* Fixed build with gcc 9 (T164)
* Fixed deprecation issues (T165)
* Fixed known_hosts directory creation (T166)
- Split out configuration to separate package to not mess up the
library packaging and coinstallation
Update to verion 0.9.0
* Added support for AES-GCM
* Added improved rekeying support
* Added performance improvements
* Disabled blowfish support by default
* Fixed several ssh config parsing issues
* Added support for DH Group Exchange KEX
* Added support for Encrypt-then-MAC mode
* Added support for parsing server side configuration file
* Added support for ECDSA/Ed25519 certificates
* Added FIPS 140-2 compatibility
* Improved known_hosts parsing
* Improved documentation
* Improved OpenSSL API usage for KEX, DH, and signatures
- Add libssh client and server config files
ImportantSUSE bug 1158095SUSE bug 1168699SUSE bug 1174713SUSE bug 1189608SUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2019-14889 at SUSECVE-2019-14889 at NVDCVE-2020-16135 at SUSECVE-2020-16135 at NVDCVE-2020-1730 at SUSECVE-2020-1730 at NVDCVE-2021-3634 at SUSECVE-2021-3634 at NVDCVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh2_org (Important)SUSE Linux Enterprise Micro 5.2
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Important)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
ModerateSUSE bug 1219213CVE-2023-52356 at SUSECVE-2023-52356 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssh (Important)SUSE Linux Enterprise Micro 5.2
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh2_org (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:suse:suse-microos:5.2Security update for tar (Low)SUSE Linux Enterprise Micro 5.2
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:suse:suse-microos:5.2Security update for wpa_supplicant (Important)SUSE Linux Enterprise Micro 5.2
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:suse:suse-microos:5.2Security update for cpio (Moderate)SUSE Linux Enterprise Micro 5.2
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:suse:suse-microos:5.2Security update for sudo (Important)SUSE Linux Enterprise Micro 5.2
This update for sudo fixes the following issues:
- CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026).
Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389).
ImportantSUSE bug 1219026SUSE bug 1220389CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
The following non-security bugs were fixed:
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1155518SUSE bug 1184436SUSE bug 1185988SUSE bug 1186286SUSE bug 1200599SUSE bug 1207653SUSE bug 1212514SUSE bug 1213456SUSE bug 1216223SUSE bug 1218195SUSE bug 1218689SUSE bug 1218915SUSE bug 1219127SUSE bug 1219128SUSE bug 1219146SUSE bug 1219295SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219915SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220253SUSE bug 1220255SUSE bug 1220328SUSE bug 1220330SUSE bug 1220344SUSE bug 1220398SUSE bug 1220409SUSE bug 1220416SUSE bug 1220418SUSE bug 1220421SUSE bug 1220436SUSE bug 1220444SUSE bug 1220459SUSE bug 1220469SUSE bug 1220482SUSE bug 1220526SUSE bug 1220538SUSE bug 1220570SUSE bug 1220572SUSE bug 1220599SUSE bug 1220627SUSE bug 1220641SUSE bug 1220649SUSE bug 1220660SUSE bug 1220700SUSE bug 1220735SUSE bug 1220736SUSE bug 1220737SUSE bug 1220742SUSE bug 1220745SUSE bug 1220767SUSE bug 1220796SUSE bug 1220825SUSE bug 1220826SUSE bug 1220831SUSE bug 1220845SUSE bug 1220860SUSE bug 1220863SUSE bug 1220870SUSE bug 1220917SUSE bug 1220918SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1221039SUSE bug 1221040CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2020-36777 at SUSECVE-2020-36777 at NVDCVE-2020-36784 at SUSECVE-2020-36784 at NVDCVE-2021-46904 at SUSECVE-2021-46904 at NVDCVE-2021-46905 at SUSECVE-2021-46905 at NVDCVE-2021-46906 at SUSECVE-2021-46906 at NVDCVE-2021-46915 at SUSECVE-2021-46915 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46953 at SUSECVE-2021-46953 at NVDCVE-2021-46964 at SUSECVE-2021-46964 at NVDCVE-2021-46966 at SUSECVE-2021-46966 at NVDCVE-2021-46968 at SUSECVE-2021-46968 at NVDCVE-2021-46974 at SUSECVE-2021-46974 at NVDCVE-2021-46989 at SUSECVE-2021-46989 at NVDCVE-2021-47005 at SUSECVE-2021-47005 at NVDCVE-2021-47012 at SUSECVE-2021-47012 at NVDCVE-2021-47013 at SUSECVE-2021-47013 at NVDCVE-2021-47054 at SUSECVE-2021-47054 at NVDCVE-2021-47060 at SUSECVE-2021-47060 at NVDCVE-2021-47061 at SUSECVE-2021-47061 at NVDCVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2021-47076 at SUSECVE-2021-47076 at NVDCVE-2021-47078 at SUSECVE-2021-47078 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863)
- CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860)
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660).
- CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742).
- CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627).
- CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737).
- CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745).
The following non-security bugs were fixed:
- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330)
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915).
- ibmvfc: make 'max_sectors' a module option (bsc#1216223).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes).
- KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915).
- scsi: Update max_hw_sectors on rescan (bsc#1216223).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk.
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
ImportantSUSE bug 1200599SUSE bug 1207653SUSE bug 1212514SUSE bug 1213456SUSE bug 1216223SUSE bug 1218195SUSE bug 1218689SUSE bug 1218915SUSE bug 1219127SUSE bug 1219128SUSE bug 1219146SUSE bug 1219295SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219915SUSE bug 1220009SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220253SUSE bug 1220255SUSE bug 1220328SUSE bug 1220330SUSE bug 1220344SUSE bug 1220398SUSE bug 1220409SUSE bug 1220416SUSE bug 1220418SUSE bug 1220421SUSE bug 1220436SUSE bug 1220444SUSE bug 1220459SUSE bug 1220469SUSE bug 1220482SUSE bug 1220526SUSE bug 1220538SUSE bug 1220570SUSE bug 1220572SUSE bug 1220599SUSE bug 1220627SUSE bug 1220641SUSE bug 1220649SUSE bug 1220660SUSE bug 1220689SUSE bug 1220700SUSE bug 1220735SUSE bug 1220736SUSE bug 1220737SUSE bug 1220742SUSE bug 1220745SUSE bug 1220767SUSE bug 1220796SUSE bug 1220825SUSE bug 1220826SUSE bug 1220831SUSE bug 1220845SUSE bug 1220860SUSE bug 1220863SUSE bug 1220870SUSE bug 1220917SUSE bug 1220918SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1221039SUSE bug 1221040CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2020-36777 at SUSECVE-2020-36777 at NVDCVE-2020-36784 at SUSECVE-2020-36784 at NVDCVE-2021-46904 at SUSECVE-2021-46904 at NVDCVE-2021-46905 at SUSECVE-2021-46905 at NVDCVE-2021-46906 at SUSECVE-2021-46906 at NVDCVE-2021-46915 at SUSECVE-2021-46915 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46953 at SUSECVE-2021-46953 at NVDCVE-2021-46964 at SUSECVE-2021-46964 at NVDCVE-2021-46966 at SUSECVE-2021-46966 at NVDCVE-2021-46968 at SUSECVE-2021-46968 at NVDCVE-2021-46974 at SUSECVE-2021-46974 at NVDCVE-2021-46989 at SUSECVE-2021-46989 at NVDCVE-2021-47005 at SUSECVE-2021-47005 at NVDCVE-2021-47012 at SUSECVE-2021-47012 at NVDCVE-2021-47013 at SUSECVE-2021-47013 at NVDCVE-2021-47054 at SUSECVE-2021-47054 at NVDCVE-2021-47060 at SUSECVE-2021-47060 at NVDCVE-2021-47061 at SUSECVE-2021-47061 at NVDCVE-2021-47069 at SUSECVE-2021-47069 at NVDCVE-2021-47076 at SUSECVE-2021-47076 at NVDCVE-2021-47078 at SUSECVE-2021-47078 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-20154 at SUSECVE-2022-20154 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-46343 at SUSECVE-2023-46343 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865).
ModerateSUSE bug 1218865CVE-2023-5981 at SUSECVE-2023-5981 at NVDCVE-2024-0553 at SUSECVE-2024-0553 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Moderate)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:suse:suse-microos:5.2Security update for vim (Important)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326).
- CVE-2023-48236: Fixed overflow in get_number (bsc#1217329).
- CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330).
- CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005).
Updated to version 9.1 with patch level 0111:
https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
ImportantSUSE bug 1214691SUSE bug 1219666CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1219885CVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Moderate)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
ModerateSUSE bug 1213590SUSE bug 1214686SUSE bug 1214687SUSE bug 1221187CVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-40745 at SUSECVE-2023-40745 at NVDCVE-2023-41175 at SUSECVE-2023-41175 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.2
This update for libxslt fixes the following issues:
- CVE-2023-40403: Fixed sensitive information disclosure during processing web content (bsc#1238591)
- CVE-2024-55549: Fixed use-after-free in xsltGetInheritedNsList (bsc#1239637)
- CVE-2025-24855: Fixed use-after-free in numbers.c (bsc#1239625)
ImportantSUSE bug 1238591SUSE bug 1239625SUSE bug 1239637CVE-2023-40403 at SUSECVE-2023-40403 at NVDCVE-2024-55549 at SUSECVE-2024-55549 at NVDCVE-2025-24855 at SUSECVE-2025-24855 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-Jinja2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-Jinja2 fixes the following issues:
- CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method (bsc#1238879)
ModerateSUSE bug 1238879CVE-2025-27516 at SUSECVE-2025-27516 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239330).
ImportantSUSE bug 1239330CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Low)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
LowSUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker, docker-stable (Important)SUSE Linux Enterprise Micro 5.2
This update for docker, docker-stable fixes the following issues:
- CVE-2025-22868: Fixed unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239185).
- CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (bsc#1239322).
Other fixes:
- Make container-selinux requirement conditional on selinux-policy (bsc#1237367)
ImportantSUSE bug 1237367SUSE bug 1239185SUSE bug 1239322CVE-2024-23650 at SUSECVE-2024-23650 at NVDCVE-2024-29018 at SUSECVE-2024-29018 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDCVE-2025-22868 at SUSECVE-2025-22868 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDcpe:/o:suse:suse-microos:5.2Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.2
This update for apparmor fixes the following issue:
- Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).
ModerateSUSE bug 1234452cpe:/o:suse:suse-microos:5.2Security update for expat (Important)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2024-8176: Fixed denial of service from chaining a large number of entities caused
by stack overflow by resolving use of recursion (bsc#1239618)
Other fixes:
- version update to 2.7.1 (jsc#PED-12500)
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files 'fuzz/xml_lpm_fuzzer.{cpp,proto}'
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- Version info bumped from 9:3:8 to 9:4:8;
see https://verbump.de/ for what these numbers do
ImportantSUSE bug 1239618CVE-2024-8176 at SUSECVE-2024-8176 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867).
- CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
- CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969).
ImportantSUSE bug 1065729SUSE bug 1179878SUSE bug 1180814SUSE bug 1185762SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197227SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200217SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1203769SUSE bug 1207186SUSE bug 1209547SUSE bug 1210647SUSE bug 1213167SUSE bug 1224867SUSE bug 1225742SUSE bug 1230326SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1235433SUSE bug 1235528SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237723SUSE bug 1237726SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237746SUSE bug 1237748SUSE bug 1237752SUSE bug 1237778SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237788SUSE bug 1237798SUSE bug 1237810SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237823SUSE bug 1237829SUSE bug 1237831SUSE bug 1237839SUSE bug 1237840SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237903SUSE bug 1237916SUSE bug 1237918SUSE bug 1237932SUSE bug 1237940SUSE bug 1237941SUSE bug 1237951SUSE bug 1237954SUSE bug 1237958SUSE bug 1237963SUSE bug 1237983SUSE bug 1237984SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1238000SUSE bug 1238007SUSE bug 1238013SUSE bug 1238022SUSE bug 1238030SUSE bug 1238036SUSE bug 1238046SUSE bug 1238071SUSE bug 1238079SUSE bug 1238096SUSE bug 1238099SUSE bug 1238103SUSE bug 1238108SUSE bug 1238111SUSE bug 1238123SUSE bug 1238126SUSE bug 1238131SUSE bug 1238135SUSE bug 1238139SUSE bug 1238146SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238177SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238235SUSE bug 1238236SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238249SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238269SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238284SUSE bug 1238289SUSE bug 1238293SUSE bug 1238306SUSE bug 1238307SUSE bug 1238313SUSE bug 1238327SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238343SUSE bug 1238372SUSE bug 1238373SUSE bug 1238377SUSE bug 1238382SUSE bug 1238386SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238413SUSE bug 1238416SUSE bug 1238417SUSE bug 1238419SUSE bug 1238420SUSE bug 1238429SUSE bug 1238430SUSE bug 1238435SUSE bug 1238441SUSE bug 1238443SUSE bug 1238454SUSE bug 1238462SUSE bug 1238467SUSE bug 1238469SUSE bug 1238539SUSE bug 1238543SUSE bug 1238546SUSE bug 1238599SUSE bug 1238600SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238633SUSE bug 1238635SUSE bug 1238638SUSE bug 1238639SUSE bug 1238641SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238653SUSE bug 1238655SUSE bug 1238663SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238805SUSE bug 1238809SUSE bug 1238814SUSE bug 1238815SUSE bug 1238819SUSE bug 1238821SUSE bug 1238822SUSE bug 1238823SUSE bug 1238825SUSE bug 1238835SUSE bug 1238838SUSE bug 1238868SUSE bug 1238869SUSE bug 1238871SUSE bug 1238892SUSE bug 1238893SUSE bug 1238911SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238948SUSE bug 1238949SUSE bug 1238952SUSE bug 1239001SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239454SUSE bug 1239969SUSE bug 1240207SUSE bug 1240213SUSE bug 1240218SUSE bug 1240227SUSE bug 1240272SUSE bug 1240276SUSE bug 1240288CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-47248 at SUSECVE-2021-47248 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49446 at SUSECVE-2022-49446 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47248: udp: fix race between close() and udp_abort() (bsc#1224867).
- CVE-2022-49051: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (bsc#1237903).
- CVE-2022-49053: scsi: target: tcmu: Fix possible page UAF (bsc#1237918).
- CVE-2022-49275: can: m_can: m_can_tx_handler(): fix use after free of skb (bsc#1238719).
- CVE-2022-49413: bfq: Update cgroup information before merging bio (bsc#1238710).
- CVE-2022-49465: blk-throttle: Set BIO_THROTTLED when bio has been throttled (bsc#1238919).
- CVE-2022-49545: ALSA: usb-audio: Cancel pending work at closing a MIDI substream (bsc#1238729).
- CVE-2022-49563: crypto: qat - add param check for RSA (bsc#1238787).
- CVE-2022-49564: crypto: qat - add param check for DH (bsc#1238789).
- CVE-2022-49739: gfs2: Always check inode size of inline inodes (bsc#1240207).
- CVE-2023-52935: mm/khugepaged: fix ->anon_vma race (bsc#1240276).
- CVE-2024-56642: tipc: Fix use-after-free of kernel socket in cleanup_bearer() (bsc#1235433).
- CVE-2024-56651: can: hi311x: hi3110_can_ist(): fix potential use-after-free (bsc#1235528).
- CVE-2024-57996: net_sched: sch_sfq: do not allow 1 packet limit (bsc#1239076).
- CVE-2024-58014: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (bsc#1239109).
- CVE-2025-21772: partitions: mac: fix handling of bogus partition table (bsc#1238911).
- CVE-2025-21780: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115).
The following non-security bugs were fixed:
- ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (bsc#1237530).
- btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1239969).
- btrfs: send: fix invalid clone operation for file that got its size decreased (bsc#1239969).
- btrfs: send: use btrfs_file_extent_end() in send_write_or_clone() (bsc#1239969).
ImportantSUSE bug 1065729SUSE bug 1179878SUSE bug 1180814SUSE bug 1185762SUSE bug 1195823SUSE bug 1196444SUSE bug 1197158SUSE bug 1197227SUSE bug 1197302SUSE bug 1197331SUSE bug 1197472SUSE bug 1197661SUSE bug 1197926SUSE bug 1198577SUSE bug 1198660SUSE bug 1199657SUSE bug 1200045SUSE bug 1200217SUSE bug 1200571SUSE bug 1200807SUSE bug 1200809SUSE bug 1200825SUSE bug 1200871SUSE bug 1200872SUSE bug 1201193SUSE bug 1201381SUSE bug 1201610SUSE bug 1202672SUSE bug 1202711SUSE bug 1203769SUSE bug 1207186SUSE bug 1209547SUSE bug 1210647SUSE bug 1213167SUSE bug 1224867SUSE bug 1225742SUSE bug 1230326SUSE bug 1231375SUSE bug 1233479SUSE bug 1233557SUSE bug 1235433SUSE bug 1235528SUSE bug 1237530SUSE bug 1237718SUSE bug 1237721SUSE bug 1237723SUSE bug 1237726SUSE bug 1237734SUSE bug 1237735SUSE bug 1237736SUSE bug 1237738SUSE bug 1237739SUSE bug 1237740SUSE bug 1237742SUSE bug 1237746SUSE bug 1237748SUSE bug 1237752SUSE bug 1237778SUSE bug 1237782SUSE bug 1237783SUSE bug 1237784SUSE bug 1237788SUSE bug 1237798SUSE bug 1237810SUSE bug 1237813SUSE bug 1237814SUSE bug 1237815SUSE bug 1237823SUSE bug 1237829SUSE bug 1237831SUSE bug 1237839SUSE bug 1237840SUSE bug 1237846SUSE bug 1237868SUSE bug 1237872SUSE bug 1237903SUSE bug 1237916SUSE bug 1237918SUSE bug 1237932SUSE bug 1237940SUSE bug 1237941SUSE bug 1237951SUSE bug 1237954SUSE bug 1237958SUSE bug 1237963SUSE bug 1237983SUSE bug 1237984SUSE bug 1237996SUSE bug 1237997SUSE bug 1237998SUSE bug 1238000SUSE bug 1238007SUSE bug 1238013SUSE bug 1238022SUSE bug 1238030SUSE bug 1238036SUSE bug 1238046SUSE bug 1238071SUSE bug 1238079SUSE bug 1238096SUSE bug 1238099SUSE bug 1238103SUSE bug 1238108SUSE bug 1238111SUSE bug 1238123SUSE bug 1238126SUSE bug 1238131SUSE bug 1238135SUSE bug 1238139SUSE bug 1238146SUSE bug 1238149SUSE bug 1238150SUSE bug 1238155SUSE bug 1238156SUSE bug 1238158SUSE bug 1238162SUSE bug 1238166SUSE bug 1238168SUSE bug 1238169SUSE bug 1238170SUSE bug 1238171SUSE bug 1238172SUSE bug 1238175SUSE bug 1238177SUSE bug 1238181SUSE bug 1238183SUSE bug 1238184SUSE bug 1238228SUSE bug 1238229SUSE bug 1238231SUSE bug 1238235SUSE bug 1238236SUSE bug 1238239SUSE bug 1238241SUSE bug 1238242SUSE bug 1238243SUSE bug 1238244SUSE bug 1238249SUSE bug 1238255SUSE bug 1238256SUSE bug 1238257SUSE bug 1238263SUSE bug 1238264SUSE bug 1238266SUSE bug 1238267SUSE bug 1238269SUSE bug 1238271SUSE bug 1238272SUSE bug 1238274SUSE bug 1238275SUSE bug 1238276SUSE bug 1238278SUSE bug 1238279SUSE bug 1238281SUSE bug 1238284SUSE bug 1238289SUSE bug 1238293SUSE bug 1238306SUSE bug 1238307SUSE bug 1238313SUSE bug 1238327SUSE bug 1238331SUSE bug 1238333SUSE bug 1238334SUSE bug 1238336SUSE bug 1238337SUSE bug 1238338SUSE bug 1238343SUSE bug 1238372SUSE bug 1238373SUSE bug 1238377SUSE bug 1238386SUSE bug 1238393SUSE bug 1238394SUSE bug 1238395SUSE bug 1238413SUSE bug 1238416SUSE bug 1238417SUSE bug 1238419SUSE bug 1238420SUSE bug 1238429SUSE bug 1238430SUSE bug 1238435SUSE bug 1238441SUSE bug 1238443SUSE bug 1238454SUSE bug 1238462SUSE bug 1238467SUSE bug 1238469SUSE bug 1238539SUSE bug 1238543SUSE bug 1238546SUSE bug 1238599SUSE bug 1238600SUSE bug 1238612SUSE bug 1238615SUSE bug 1238617SUSE bug 1238618SUSE bug 1238621SUSE bug 1238623SUSE bug 1238625SUSE bug 1238626SUSE bug 1238630SUSE bug 1238631SUSE bug 1238633SUSE bug 1238635SUSE bug 1238638SUSE bug 1238639SUSE bug 1238641SUSE bug 1238643SUSE bug 1238645SUSE bug 1238646SUSE bug 1238653SUSE bug 1238655SUSE bug 1238662SUSE bug 1238663SUSE bug 1238705SUSE bug 1238707SUSE bug 1238710SUSE bug 1238712SUSE bug 1238718SUSE bug 1238719SUSE bug 1238721SUSE bug 1238722SUSE bug 1238727SUSE bug 1238729SUSE bug 1238750SUSE bug 1238787SUSE bug 1238789SUSE bug 1238805SUSE bug 1238809SUSE bug 1238814SUSE bug 1238815SUSE bug 1238819SUSE bug 1238821SUSE bug 1238822SUSE bug 1238823SUSE bug 1238825SUSE bug 1238835SUSE bug 1238838SUSE bug 1238868SUSE bug 1238869SUSE bug 1238871SUSE bug 1238892SUSE bug 1238893SUSE bug 1238911SUSE bug 1238919SUSE bug 1238925SUSE bug 1238930SUSE bug 1238933SUSE bug 1238937SUSE bug 1238938SUSE bug 1238939SUSE bug 1238948SUSE bug 1238949SUSE bug 1238952SUSE bug 1239001SUSE bug 1239035SUSE bug 1239040SUSE bug 1239041SUSE bug 1239060SUSE bug 1239070SUSE bug 1239071SUSE bug 1239076SUSE bug 1239109SUSE bug 1239115SUSE bug 1239454SUSE bug 1239969SUSE bug 1240207SUSE bug 1240213SUSE bug 1240218SUSE bug 1240227SUSE bug 1240272SUSE bug 1240276SUSE bug 1240288CVE-2017-5753 at SUSECVE-2017-5753 at NVDCVE-2020-27835 at SUSECVE-2020-27835 at NVDCVE-2021-47248 at SUSECVE-2021-47248 at NVDCVE-2021-47631 at SUSECVE-2021-47631 at NVDCVE-2021-47641 at SUSECVE-2021-47641 at NVDCVE-2021-47642 at SUSECVE-2021-47642 at NVDCVE-2021-47650 at SUSECVE-2021-47650 at NVDCVE-2021-47651 at SUSECVE-2021-47651 at NVDCVE-2021-47652 at SUSECVE-2021-47652 at NVDCVE-2021-47653 at SUSECVE-2021-47653 at NVDCVE-2021-47659 at SUSECVE-2021-47659 at NVDCVE-2022-0168 at SUSECVE-2022-0168 at NVDCVE-2022-1016 at SUSECVE-2022-1016 at NVDCVE-2022-1048 at SUSECVE-2022-1048 at NVDCVE-2022-1184 at SUSECVE-2022-1184 at NVDCVE-2022-2977 at SUSECVE-2022-2977 at NVDCVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-3303 at SUSECVE-2022-3303 at NVDCVE-2022-49044 at SUSECVE-2022-49044 at NVDCVE-2022-49051 at SUSECVE-2022-49051 at NVDCVE-2022-49053 at SUSECVE-2022-49053 at NVDCVE-2022-49055 at SUSECVE-2022-49055 at NVDCVE-2022-49058 at SUSECVE-2022-49058 at NVDCVE-2022-49059 at SUSECVE-2022-49059 at NVDCVE-2022-49063 at SUSECVE-2022-49063 at NVDCVE-2022-49065 at SUSECVE-2022-49065 at NVDCVE-2022-49073 at SUSECVE-2022-49073 at NVDCVE-2022-49076 at SUSECVE-2022-49076 at NVDCVE-2022-49078 at SUSECVE-2022-49078 at NVDCVE-2022-49082 at SUSECVE-2022-49082 at NVDCVE-2022-49083 at SUSECVE-2022-49083 at NVDCVE-2022-49085 at SUSECVE-2022-49085 at NVDCVE-2022-49091 at SUSECVE-2022-49091 at NVDCVE-2022-49095 at SUSECVE-2022-49095 at NVDCVE-2022-49098 at SUSECVE-2022-49098 at NVDCVE-2022-49100 at SUSECVE-2022-49100 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2022-49114 at SUSECVE-2022-49114 at NVDCVE-2022-49122 at SUSECVE-2022-49122 at NVDCVE-2022-49137 at SUSECVE-2022-49137 at NVDCVE-2022-49145 at SUSECVE-2022-49145 at NVDCVE-2022-49151 at SUSECVE-2022-49151 at NVDCVE-2022-49153 at SUSECVE-2022-49153 at NVDCVE-2022-49155 at SUSECVE-2022-49155 at NVDCVE-2022-49156 at SUSECVE-2022-49156 at NVDCVE-2022-49157 at SUSECVE-2022-49157 at NVDCVE-2022-49158 at SUSECVE-2022-49158 at NVDCVE-2022-49159 at SUSECVE-2022-49159 at NVDCVE-2022-49160 at SUSECVE-2022-49160 at NVDCVE-2022-49162 at SUSECVE-2022-49162 at NVDCVE-2022-49164 at SUSECVE-2022-49164 at NVDCVE-2022-49175 at SUSECVE-2022-49175 at NVDCVE-2022-49185 at SUSECVE-2022-49185 at NVDCVE-2022-49189 at SUSECVE-2022-49189 at NVDCVE-2022-49196 at SUSECVE-2022-49196 at NVDCVE-2022-49200 at SUSECVE-2022-49200 at NVDCVE-2022-49201 at SUSECVE-2022-49201 at NVDCVE-2022-49206 at SUSECVE-2022-49206 at NVDCVE-2022-49212 at SUSECVE-2022-49212 at NVDCVE-2022-49213 at SUSECVE-2022-49213 at NVDCVE-2022-49216 at SUSECVE-2022-49216 at NVDCVE-2022-49217 at SUSECVE-2022-49217 at NVDCVE-2022-49224 at SUSECVE-2022-49224 at NVDCVE-2022-49226 at SUSECVE-2022-49226 at NVDCVE-2022-49232 at SUSECVE-2022-49232 at NVDCVE-2022-49235 at SUSECVE-2022-49235 at NVDCVE-2022-49239 at SUSECVE-2022-49239 at NVDCVE-2022-49242 at SUSECVE-2022-49242 at NVDCVE-2022-49243 at SUSECVE-2022-49243 at NVDCVE-2022-49247 at SUSECVE-2022-49247 at NVDCVE-2022-49248 at SUSECVE-2022-49248 at NVDCVE-2022-49253 at SUSECVE-2022-49253 at NVDCVE-2022-49259 at SUSECVE-2022-49259 at NVDCVE-2022-49261 at SUSECVE-2022-49261 at NVDCVE-2022-49263 at SUSECVE-2022-49263 at NVDCVE-2022-49264 at SUSECVE-2022-49264 at NVDCVE-2022-49271 at SUSECVE-2022-49271 at NVDCVE-2022-49272 at SUSECVE-2022-49272 at NVDCVE-2022-49275 at SUSECVE-2022-49275 at NVDCVE-2022-49279 at SUSECVE-2022-49279 at NVDCVE-2022-49280 at SUSECVE-2022-49280 at NVDCVE-2022-49281 at SUSECVE-2022-49281 at NVDCVE-2022-49285 at SUSECVE-2022-49285 at NVDCVE-2022-49287 at SUSECVE-2022-49287 at NVDCVE-2022-49288 at SUSECVE-2022-49288 at NVDCVE-2022-49290 at SUSECVE-2022-49290 at NVDCVE-2022-49291 at SUSECVE-2022-49291 at NVDCVE-2022-49292 at SUSECVE-2022-49292 at NVDCVE-2022-49293 at SUSECVE-2022-49293 at NVDCVE-2022-49295 at SUSECVE-2022-49295 at NVDCVE-2022-49297 at SUSECVE-2022-49297 at NVDCVE-2022-49298 at SUSECVE-2022-49298 at NVDCVE-2022-49299 at SUSECVE-2022-49299 at NVDCVE-2022-49300 at SUSECVE-2022-49300 at NVDCVE-2022-49301 at SUSECVE-2022-49301 at NVDCVE-2022-49302 at SUSECVE-2022-49302 at NVDCVE-2022-49304 at SUSECVE-2022-49304 at NVDCVE-2022-49305 at SUSECVE-2022-49305 at NVDCVE-2022-49307 at SUSECVE-2022-49307 at NVDCVE-2022-49313 at SUSECVE-2022-49313 at NVDCVE-2022-49314 at SUSECVE-2022-49314 at NVDCVE-2022-49315 at SUSECVE-2022-49315 at NVDCVE-2022-49316 at SUSECVE-2022-49316 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49321 at SUSECVE-2022-49321 at NVDCVE-2022-49326 at SUSECVE-2022-49326 at NVDCVE-2022-49327 at SUSECVE-2022-49327 at NVDCVE-2022-49331 at SUSECVE-2022-49331 at NVDCVE-2022-49332 at SUSECVE-2022-49332 at NVDCVE-2022-49335 at SUSECVE-2022-49335 at NVDCVE-2022-49343 at SUSECVE-2022-49343 at NVDCVE-2022-49347 at SUSECVE-2022-49347 at NVDCVE-2022-49349 at SUSECVE-2022-49349 at NVDCVE-2022-49352 at SUSECVE-2022-49352 at NVDCVE-2022-49357 at SUSECVE-2022-49357 at NVDCVE-2022-49370 at SUSECVE-2022-49370 at NVDCVE-2022-49371 at SUSECVE-2022-49371 at NVDCVE-2022-49373 at SUSECVE-2022-49373 at NVDCVE-2022-49375 at SUSECVE-2022-49375 at NVDCVE-2022-49376 at SUSECVE-2022-49376 at NVDCVE-2022-49382 at SUSECVE-2022-49382 at NVDCVE-2022-49385 at SUSECVE-2022-49385 at NVDCVE-2022-49389 at SUSECVE-2022-49389 at NVDCVE-2022-49394 at SUSECVE-2022-49394 at NVDCVE-2022-49396 at SUSECVE-2022-49396 at NVDCVE-2022-49397 at SUSECVE-2022-49397 at NVDCVE-2022-49398 at SUSECVE-2022-49398 at NVDCVE-2022-49399 at SUSECVE-2022-49399 at NVDCVE-2022-49402 at SUSECVE-2022-49402 at NVDCVE-2022-49404 at SUSECVE-2022-49404 at NVDCVE-2022-49409 at SUSECVE-2022-49409 at NVDCVE-2022-49410 at SUSECVE-2022-49410 at NVDCVE-2022-49411 at SUSECVE-2022-49411 at NVDCVE-2022-49413 at SUSECVE-2022-49413 at NVDCVE-2022-49414 at SUSECVE-2022-49414 at NVDCVE-2022-49416 at SUSECVE-2022-49416 at NVDCVE-2022-49421 at SUSECVE-2022-49421 at NVDCVE-2022-49422 at SUSECVE-2022-49422 at NVDCVE-2022-49437 at SUSECVE-2022-49437 at NVDCVE-2022-49438 at SUSECVE-2022-49438 at NVDCVE-2022-49441 at SUSECVE-2022-49441 at NVDCVE-2022-49442 at SUSECVE-2022-49442 at NVDCVE-2022-49446 at SUSECVE-2022-49446 at NVDCVE-2022-49451 at SUSECVE-2022-49451 at NVDCVE-2022-49455 at SUSECVE-2022-49455 at NVDCVE-2022-49459 at SUSECVE-2022-49459 at NVDCVE-2022-49460 at SUSECVE-2022-49460 at NVDCVE-2022-49462 at SUSECVE-2022-49462 at NVDCVE-2022-49465 at SUSECVE-2022-49465 at NVDCVE-2022-49467 at SUSECVE-2022-49467 at NVDCVE-2022-49473 at SUSECVE-2022-49473 at NVDCVE-2022-49474 at SUSECVE-2022-49474 at NVDCVE-2022-49475 at SUSECVE-2022-49475 at NVDCVE-2022-49478 at SUSECVE-2022-49478 at NVDCVE-2022-49481 at SUSECVE-2022-49481 at NVDCVE-2022-49482 at SUSECVE-2022-49482 at NVDCVE-2022-49488 at SUSECVE-2022-49488 at NVDCVE-2022-49489 at SUSECVE-2022-49489 at NVDCVE-2022-49490 at SUSECVE-2022-49490 at NVDCVE-2022-49491 at SUSECVE-2022-49491 at NVDCVE-2022-49493 at SUSECVE-2022-49493 at NVDCVE-2022-49495 at SUSECVE-2022-49495 at NVDCVE-2022-49498 at SUSECVE-2022-49498 at NVDCVE-2022-49503 at SUSECVE-2022-49503 at NVDCVE-2022-49504 at SUSECVE-2022-49504 at NVDCVE-2022-49505 at SUSECVE-2022-49505 at NVDCVE-2022-49508 at SUSECVE-2022-49508 at NVDCVE-2022-49514 at SUSECVE-2022-49514 at NVDCVE-2022-49517 at SUSECVE-2022-49517 at NVDCVE-2022-49521 at SUSECVE-2022-49521 at NVDCVE-2022-49522 at SUSECVE-2022-49522 at NVDCVE-2022-49524 at SUSECVE-2022-49524 at NVDCVE-2022-49525 at SUSECVE-2022-49525 at NVDCVE-2022-49526 at SUSECVE-2022-49526 at NVDCVE-2022-49527 at SUSECVE-2022-49527 at NVDCVE-2022-49532 at SUSECVE-2022-49532 at NVDCVE-2022-49534 at SUSECVE-2022-49534 at NVDCVE-2022-49535 at SUSECVE-2022-49535 at NVDCVE-2022-49536 at SUSECVE-2022-49536 at NVDCVE-2022-49537 at SUSECVE-2022-49537 at NVDCVE-2022-49541 at SUSECVE-2022-49541 at NVDCVE-2022-49542 at SUSECVE-2022-49542 at NVDCVE-2022-49544 at SUSECVE-2022-49544 at NVDCVE-2022-49545 at SUSECVE-2022-49545 at NVDCVE-2022-49546 at SUSECVE-2022-49546 at NVDCVE-2022-49555 at SUSECVE-2022-49555 at NVDCVE-2022-49563 at SUSECVE-2022-49563 at NVDCVE-2022-49564 at SUSECVE-2022-49564 at NVDCVE-2022-49566 at SUSECVE-2022-49566 at NVDCVE-2022-49609 at SUSECVE-2022-49609 at NVDCVE-2022-49610 at SUSECVE-2022-49610 at NVDCVE-2022-49611 at SUSECVE-2022-49611 at NVDCVE-2022-49623 at SUSECVE-2022-49623 at NVDCVE-2022-49627 at SUSECVE-2022-49627 at NVDCVE-2022-49631 at SUSECVE-2022-49631 at NVDCVE-2022-49640 at SUSECVE-2022-49640 at NVDCVE-2022-49641 at SUSECVE-2022-49641 at NVDCVE-2022-49643 at SUSECVE-2022-49643 at NVDCVE-2022-49644 at SUSECVE-2022-49644 at NVDCVE-2022-49645 at SUSECVE-2022-49645 at NVDCVE-2022-49646 at SUSECVE-2022-49646 at NVDCVE-2022-49647 at SUSECVE-2022-49647 at NVDCVE-2022-49648 at SUSECVE-2022-49648 at NVDCVE-2022-49649 at SUSECVE-2022-49649 at NVDCVE-2022-49652 at SUSECVE-2022-49652 at NVDCVE-2022-49657 at SUSECVE-2022-49657 at NVDCVE-2022-49661 at SUSECVE-2022-49661 at NVDCVE-2022-49670 at SUSECVE-2022-49670 at NVDCVE-2022-49671 at SUSECVE-2022-49671 at NVDCVE-2022-49673 at SUSECVE-2022-49673 at NVDCVE-2022-49674 at SUSECVE-2022-49674 at NVDCVE-2022-49678 at SUSECVE-2022-49678 at NVDCVE-2022-49685 at SUSECVE-2022-49685 at NVDCVE-2022-49687 at SUSECVE-2022-49687 at NVDCVE-2022-49693 at SUSECVE-2022-49693 at NVDCVE-2022-49700 at SUSECVE-2022-49700 at NVDCVE-2022-49701 at SUSECVE-2022-49701 at NVDCVE-2022-49703 at SUSECVE-2022-49703 at NVDCVE-2022-49707 at SUSECVE-2022-49707 at NVDCVE-2022-49708 at SUSECVE-2022-49708 at NVDCVE-2022-49710 at SUSECVE-2022-49710 at NVDCVE-2022-49711 at SUSECVE-2022-49711 at NVDCVE-2022-49712 at SUSECVE-2022-49712 at NVDCVE-2022-49713 at SUSECVE-2022-49713 at NVDCVE-2022-49720 at SUSECVE-2022-49720 at NVDCVE-2022-49723 at SUSECVE-2022-49723 at NVDCVE-2022-49724 at SUSECVE-2022-49724 at NVDCVE-2022-49729 at SUSECVE-2022-49729 at NVDCVE-2022-49730 at SUSECVE-2022-49730 at NVDCVE-2022-49731 at SUSECVE-2022-49731 at NVDCVE-2022-49733 at SUSECVE-2022-49733 at NVDCVE-2022-49739 at SUSECVE-2022-49739 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-52935 at SUSECVE-2023-52935 at NVDCVE-2023-52973 at SUSECVE-2023-52973 at NVDCVE-2023-52974 at SUSECVE-2023-52974 at NVDCVE-2023-53000 at SUSECVE-2023-53000 at NVDCVE-2023-53015 at SUSECVE-2023-53015 at NVDCVE-2023-53024 at SUSECVE-2023-53024 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56651 at SUSECVE-2024-56651 at NVDCVE-2024-57996 at SUSECVE-2024-57996 at NVDCVE-2024-58014 at SUSECVE-2024-58014 at NVDCVE-2025-21772 at SUSECVE-2025-21772 at NVDCVE-2025-21780 at SUSECVE-2025-21780 at NVDcpe:/o:suse:suse-microos:5.2Security update for dnsmasq (Important)SUSE Linux Enterprise Micro 5.2
This update for dnsmasq fixes the following issues:
- Version update to 2.90:
- CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219823)
- CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially crafted DNSSEC responses. (bsc#1219826)
ImportantSUSE bug 1200344SUSE bug 1207174SUSE bug 1214884SUSE bug 1219823SUSE bug 1219826SUSE bug 1235517CVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.2
This update for pam fixes the following issues:
- CVE-2024-10041: sensitive data exposure while performing authentications. (bsc#1232234)
ModerateSUSE bug 1232234CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Moderate)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
- CVE-2024-40635: Fixed integer overflow in User ID handling (bsc#1239749)
Other fixes:
- Update to containerd v1.7.27.
ModerateSUSE bug 1239749CVE-2024-40635 at SUSECVE-2024-40635 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for mozjs60 fixes the following issues:
- CVE-2024-56431: Fixed a negative shift in huffdec.c (bsc#1234837).
ModerateSUSE bug 1234837CVE-2024-56431 at SUSECVE-2024-56431 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2025-32414: Fixed an out-of-bounds read when parsing text via the Python API. (bsc#1241551)
- CVE-2025-32415: Fixed a crafted XML document may lead to a heap-based buffer under-read. (bsc#1241453)
ModerateSUSE bug 1241453SUSE bug 1241551CVE-2025-32414 at SUSECVE-2025-32414 at NVDCVE-2025-32415 at SUSECVE-2025-32415 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
- CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020)
- CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078)
Other fixes:
- Updated to version 3.49.1 from Factory (jsc#SLE-16032)
ModerateSUSE bug 1241020SUSE bug 1241078SUSE bug 1241189CVE-2025-29087 at SUSECVE-2025-29087 at NVDCVE-2025-29088 at SUSECVE-2025-29088 at NVDCVE-2025-3277 at SUSECVE-2025-3277 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long
and invalid ISO 8601 timestamp with g_date_time_new_from_iso8601() (bsc#1240897)
ModerateSUSE bug 1240897CVE-2025-3360 at SUSECVE-2025-3360 at NVDcpe:/o:suse:suse-microos:5.2Security update for apparmor (Moderate)SUSE Linux Enterprise Micro 5.2
This update for apparmor fixes the following issues:
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM. (bsc#1241678)
ModerateSUSE bug 1241678CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2025-2784: Fixed heap buffer over-read in `skip_insignificant_space` when sniffing content (bsc#1240750)
- CVE-2025-32050: Fixed Integer overflow in append_param_quoted (bsc#1240752)
- CVE-2025-32052: Fixed heap buffer overflow in sniff_unknown() (bsc#1240756)
- CVE-2025-32053: Fixed heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space() (bsc#1240757)
- CVE-2025-32907: Fixed excessive memory consumption in server when client requests a large amount of overlapping ranges in a single HTTP request (bsc#1241222)
- CVE-2025-32914: Fixed out of bounds read in `soup_multipart_new_from_message()` (bsc#1241164)
- CVE-2025-46420: Fixed memory leak on soup_header_parse_quality_list() via soup-headers.c (bsc#1241686)
- CVE-2025-46421: Fixed HTTP Authorization Header leak via an HTTP redirect (bsc#1241688)
ImportantSUSE bug 1240750SUSE bug 1240752SUSE bug 1240756SUSE bug 1240757SUSE bug 1241164SUSE bug 1241222SUSE bug 1241686SUSE bug 1241688CVE-2025-2784 at SUSECVE-2025-2784 at NVDCVE-2025-32050 at SUSECVE-2025-32050 at NVDCVE-2025-32052 at SUSECVE-2025-32052 at NVDCVE-2025-32053 at SUSECVE-2025-32053 at NVDCVE-2025-32907 at SUSECVE-2025-32907 at NVDCVE-2025-32914 at SUSECVE-2025-32914 at NVDCVE-2025-46420 at SUSECVE-2025-46420 at NVDCVE-2025-46421 at SUSECVE-2025-46421 at NVDcpe:/o:suse:suse-microos:5.2Security update for rsync (Important)SUSE Linux Enterprise Micro 5.2
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
ImportantSUSE bug 1234101SUSE bug 1234102SUSE bug 1234103SUSE bug 1234104SUSE bug 1235475SUSE bug 1235895CVE-2024-12085 at SUSECVE-2024-12085 at NVDCVE-2024-12086 at SUSECVE-2024-12086 at NVDCVE-2024-12087 at SUSECVE-2024-12087 at NVDCVE-2024-12088 at SUSECVE-2024-12088 at NVDCVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
ImportantSUSE bug 1207034SUSE bug 1207878SUSE bug 1221980SUSE bug 1234931SUSE bug 1235433SUSE bug 1237984SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1240210SUSE bug 1240308SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241404SUSE bug 1241405SUSE bug 1241407SUSE bug 1241408CVE-2020-36789 at SUSECVE-2020-36789 at NVDCVE-2021-47163 at SUSECVE-2021-47163 at NVDCVE-2021-47668 at SUSECVE-2021-47668 at NVDCVE-2021-47669 at SUSECVE-2021-47669 at NVDCVE-2021-47670 at SUSECVE-2021-47670 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssh fixes the following issues:
- Security issues fixed:
* CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012)
- Other bugs fixed:
* Allow KEX hashes greater than 256 bits (bsc#1241045)
* Fixed hostname being left out of the audit output (bsc#1228634)
* Fixed failures with very large MOTDs (bsc#1232533)
ModerateSUSE bug 1228634SUSE bug 1232533SUSE bug 1241012SUSE bug 1241045CVE-2025-32728 at SUSECVE-2025-32728 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49111: Bluetooth: Fix use after free in hci_send_acl (bsc#1237984).
- CVE-2025-21726: padata: avoid UAF for reorder_work (bsc#1238865).
- CVE-2025-21785: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (bsc#1238747).
- CVE-2025-21791: vrf: use RCU protection in l3mdev_l3_out() (bsc#1238512).
- CVE-2025-22004: net: atm: fix use after free in lec_send() (bsc#1240835).
- CVE-2025-22020: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (bsc#1241280).
- CVE-2025-22055: net: fix geneve_opt length integer overflow (bsc#1241371).
ImportantSUSE bug 1207034SUSE bug 1207878SUSE bug 1221980SUSE bug 1234931SUSE bug 1235433SUSE bug 1237984SUSE bug 1238512SUSE bug 1238747SUSE bug 1238865SUSE bug 1240210SUSE bug 1240308SUSE bug 1240835SUSE bug 1241280SUSE bug 1241371SUSE bug 1241404SUSE bug 1241405SUSE bug 1241407SUSE bug 1241408CVE-2020-36789 at SUSECVE-2020-36789 at NVDCVE-2021-47163 at SUSECVE-2021-47163 at NVDCVE-2021-47668 at SUSECVE-2021-47668 at NVDCVE-2021-47669 at SUSECVE-2021-47669 at NVDCVE-2021-47670 at SUSECVE-2021-47670 at NVDCVE-2022-49111 at SUSECVE-2022-49111 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-53026 at SUSECVE-2023-53026 at NVDCVE-2023-53033 at SUSECVE-2023-53033 at NVDCVE-2024-56642 at SUSECVE-2024-56642 at NVDCVE-2024-56661 at SUSECVE-2024-56661 at NVDCVE-2025-21726 at SUSECVE-2025-21726 at NVDCVE-2025-21785 at SUSECVE-2025-21785 at NVDCVE-2025-21791 at SUSECVE-2025-21791 at NVDCVE-2025-22004 at SUSECVE-2025-22004 at NVDCVE-2025-22020 at SUSECVE-2025-22020 at NVDCVE-2025-22055 at SUSECVE-2025-22055 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20250512 release (bsc#1243123)
- CVE-2024-28956: Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20103: Insufficient resource pool in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2025-20054: Uncaught exception in the core management mechanism for some Intel Processors may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2024-43420: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20623: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Core processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2024-45332: Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-24495: Incorrect initialization of resource in the branch prediction unit for some Intel Core Ultra Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2025-20012: Incorrect behavior order for some Intel Core Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access.
- Updates for functional issues.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-U | A1 | 06-b5-00/80 | | 0000000a | Core Ultra Processor (Series2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | | 00000118 | Core Ultra Processor (Series2)
| ARL-H | A1 | 06-c5-02/82 | | 00000118 | Core Ultra Processor (Series2)
| GNR-AP/SP | B0 | 06-ad-01/95 | | 010003a2 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | | 0a0000d1 | Xeon Scalable Gen6
| LNL | B0 | 06-bd-01/80 | | 0000011f | Core Ultra 200 V Series Processor
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000038 | 0000003a | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000038 | 0000003a | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000436 | 00000437 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000436 | 00000437 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| AZB | A0/R0 | 06-9a-04/40 | 00000009 | 0000000a | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000102 | 00000104 | Core Gen9 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003707 | 05003901 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fc | 00000100 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fc | 00000100 | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fe | 00000102 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fc | 00000100 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002904 | 07002b01 | Xeon Scalable Gen3
| EMR-SP | A1 | 06-cf-02/87 | 21000291 | 210002a9 | Xeon Scalable Gen5
| GLK-R | R0 | 06-7a-08/01 | 00000024 | 00000026 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
| ICL-D | B0 | 06-6c-01/10 | 010002c0 | 010002d0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c6 | 000000ca | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003f5 | 0d000404 | Xeon Scalable Gen3
| MTL | C0 | 06-aa-04/e6 | 00000020 | 00000024 | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 00000063 | 00000064 | Core Gen11
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012c | 0000012f | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004124 | 00004128 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000038 | 0000003a | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004124 | 00004128 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003e0 | 2c0003f7 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000620 | 2b000639 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000330 | 03000341 | Xeon 6700-Series Processors with E-Cores
| TGL | B0/B1 | 06-8c-01/80 | 000000b8 | 000000bc | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000052 | 00000056 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000038 | 0000003c | Core Gen11 Mobile
| TWL | N0 | 06-be-00/19 | 0000001c | 0000001d | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| WHL-U | V0 | 06-8e-0c/94 | 000000fc | 00000100 | Core Gen8 Mobile
ModerateSUSE bug 1243123CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-43420 at SUSECVE-2024-43420 at NVDCVE-2024-45332 at SUSECVE-2024-45332 at NVDCVE-2025-20012 at SUSECVE-2025-20012 at NVDCVE-2025-20054 at SUSECVE-2025-20054 at NVDCVE-2025-20103 at SUSECVE-2025-20103 at NVDCVE-2025-20623 at SUSECVE-2025-20623 at NVDCVE-2025-24495 at SUSECVE-2025-24495 at NVDcpe:/o:suse:suse-microos:5.2Security update for open-vm-tools (Moderate)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
Update to 12.5.2:
Security fixes:
- CVE-2025-22247: Fixed Insecure file handling (bsc#1243106)
Other fixes:
- Fixed GCC 15 compile time error (bsc#1241938)
- Fixed building with containerd 1.7.25+ (bsc#1237147)
- Ensure vmtoolsd.service and vgauthd.service are set to enabled by default (bsc#1237180)
Full changelog:
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/ReleaseNotes.md
https://github.com/vmware/open-vm-tools/blob/stable-12.5.2/open-vm-tools/ChangeLog
ModerateSUSE bug 1237147SUSE bug 1237180SUSE bug 1241938SUSE bug 1243106CVE-2025-22247 at SUSECVE-2025-22247 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-setuptools (Important)SUSE Linux Enterprise Micro 5.2
This update for python-setuptools fixes the following issues:
- CVE-2025-47273: path traversal in PackageIndex.download may lead to an arbitrary file write (bsc#1243313).
ImportantSUSE bug 1243313CVE-2025-47273 at SUSECVE-2025-47273 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.2
This update for python-tornado fixes the following issues:
- CVE-2025-47287: excessive logging when parsing malformed `multipart/form-data` can lead to a denial-of-service
(bsc#1243268).
ImportantSUSE bug 1243268CVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:suse-microos:5.2Security update for augeas (Low)SUSE Linux Enterprise Micro 5.2
This update for augeas fixes the following issues:
- CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)
LowSUSE bug 1239909CVE-2025-2588 at SUSECVE-2025-2588 at NVDcpe:/o:suse:suse-microos:5.2Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for iputils fixes the following issues:
Security fixes:
- CVE-2025-47268: Fixed integer overflow in RTT calculation can lead to undefined behavior (bsc#1242300).
Other bug fixes:
- Fixed incorrect IPV4 TTL value when using SOCK_DGRAM on big endian systems (bsc#1243284).
ModerateSUSE bug 1242300SUSE bug 1243284CVE-2025-47268 at SUSECVE-2025-47268 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Important)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
Security issues fixed:
- CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen
search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).
Other issues fixed:
- Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait`
as a consequence of a bug related to stealing of signals (bsc#1234128).
ImportantSUSE bug 1234128SUSE bug 1243317CVE-2025-4802 at SUSECVE-2025-4802 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2025-4948: Fixed integer underflow in soup_multipart_new_from_message() leading to denial of service (bsc#1243332)
- CVE-2025-4969: Fixed off-by-one out-of-bounds read may lead to infoleak (bsc#1243423)
- CVE-2025-32906: Fixed out of bounds reads in soup_headers_parse_request() (bsc#1241263)
- CVE-2025-32909: Fixed NULL pointer dereference in the sniff_mp4 function in soup-content-sniffer.c (bsc#1241226)
- CVE-2025-32910: Fixed null pointer deference on client when server omits the realm parameter in an Unauthorized response with Digest authentication (bsc#1241252)
- CVE-2025-32911: Fixed double free on soup_message_headers_get_content_disposition() via 'params'. (bsc#1241238)
- CVE-2025-32912: Fixed NULL pointer dereference in SoupAuthDigest (bsc#1241214)
- CVE-2025-32913: Fixed NULL pointer dereference in soup_message_headers_get_content_disposition (bsc#1241162)
ImportantSUSE bug 1241162SUSE bug 1241214SUSE bug 1241226SUSE bug 1241238SUSE bug 1241252SUSE bug 1241263SUSE bug 1243332SUSE bug 1243423CVE-2025-32906 at SUSECVE-2025-32906 at NVDCVE-2025-32909 at SUSECVE-2025-32909 at NVDCVE-2025-32910 at SUSECVE-2025-32910 at NVDCVE-2025-32911 at SUSECVE-2025-32911 at NVDCVE-2025-32912 at SUSECVE-2025-32912 at NVDCVE-2025-32913 at SUSECVE-2025-32913 at NVDCVE-2025-4948 at SUSECVE-2025-4948 at NVDCVE-2025-4969 at SUSECVE-2025-4969 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117)
- CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282)
- CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043)
ModerateSUSE bug 1234282SUSE bug 1238043SUSE bug 1243117CVE-2024-28956 at SUSECVE-2024-28956 at NVDCVE-2024-53241 at SUSECVE-2024-53241 at NVDCVE-2025-1713 at SUSECVE-2025-1713 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2025-4373: integer overflow in the `g_string_insert_unichar()` function can lead to buffer underwrite and memory
corruption (bsc#1242844).
ModerateSUSE bug 1242844CVE-2025-4373 at SUSECVE-2025-4373 at NVDcpe:/o:suse:suse-microos:5.2Security update for sysstat (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
ModerateSUSE bug 1202473SUSE bug 1205224SUSE bug 1211507CVE-2022-39377 at SUSECVE-2022-39377 at NVDCVE-2023-33204 at SUSECVE-2023-33204 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-32399: Fixed a race condition when removing the HCI controller (bsc#1184611).
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49320: dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (bsc#1238394).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
- CVE-2024-53168: net: make sock_inuse_add() available (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2024-56705: media: atomisp: add check for rgby_data memory allocation failure (bsc#1235568).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-22028: media: vimc: skip .s_stream() for stopped entities (bsc#1241362).
- CVE-2025-22121: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (bsc#1241593).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
- CVE-2025-37846: arm64: mops: Do not dereference src reg for a set operation (bsc#1242963).
- CVE-2025-40364: io_uring: fix io_req_prep_async with provided buffers (bsc#1241637).
The following non-security bugs were fixed:
- blk: Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139).
- x86/entry: Remove skip_r11rcx (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745)
- kernel: Remove debug flavor (bsc#1243919).
- devm-helpers: Add resource managed version of work init (bsc#1242745).
- rpm: fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- workqueue: Add resource managed version of delayed work init (bsc#1242745)
ImportantSUSE bug 1154353SUSE bug 1170891SUSE bug 1173139SUSE bug 1184350SUSE bug 1184611SUSE bug 1185010SUSE bug 1190358SUSE bug 1190428SUSE bug 1201644SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1207198SUSE bug 1210337SUSE bug 1213476SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1235568SUSE bug 1237981SUSE bug 1238032SUSE bug 1238394SUSE bug 1238471SUSE bug 1240802SUSE bug 1241362SUSE bug 1241593SUSE bug 1241637SUSE bug 1242145SUSE bug 1242147SUSE bug 1242150SUSE bug 1242154SUSE bug 1242215SUSE bug 1242232SUSE bug 1242245SUSE bug 1242264SUSE bug 1242270SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242366SUSE bug 1242378SUSE bug 1242385SUSE bug 1242387SUSE bug 1242391SUSE bug 1242392SUSE bug 1242402SUSE bug 1242409SUSE bug 1242416SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242455SUSE bug 1242464SUSE bug 1242473SUSE bug 1242481SUSE bug 1242484SUSE bug 1242493SUSE bug 1242527SUSE bug 1242542SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242551SUSE bug 1242580SUSE bug 1242597SUSE bug 1242686SUSE bug 1242689SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242736SUSE bug 1242745SUSE bug 1242749SUSE bug 1242762SUSE bug 1242835SUSE bug 1242963SUSE bug 1243919CVE-2020-36790 at SUSECVE-2020-36790 at NVDCVE-2020-36791 at SUSECVE-2020-36791 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49320 at SUSECVE-2022-49320 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2024-56705 at SUSECVE-2024-56705 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-22028 at SUSECVE-2025-22028 at NVDCVE-2025-22121 at SUSECVE-2025-22121 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDCVE-2025-37846 at SUSECVE-2025-37846 at NVDCVE-2025-40364 at SUSECVE-2025-40364 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49110: netfilter: conntrack: revisit gc autotuning (bsc#1237981).
- CVE-2022-49139: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (bsc#1238032).
- CVE-2022-49767: 9p/trans_fd: always use O_NONBLOCK read/write (bsc#1242493).
- CVE-2022-49769: gfs2: Check sb_bsize_shift after reading superblock (bsc#1242440).
- CVE-2022-49770: ceph: avoid putting the realm twice when decoding snaps fails (bsc#1242597).
- CVE-2022-49775: tcp: cdg: allow tcp_cdg_release() to be called multiple times (bsc#1242245).
- CVE-2022-49789: scsi: zfcp: Fix double free of FSF request when qdio send fails (bsc#1242366).
- CVE-2023-53039: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (bsc#1242745).
- CVE-2024-53168: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (bsc#1234887).
- CVE-2024-56558: nfsd: make sure exp active before svc_export_show (bsc#1235100).
- CVE-2025-21812: ax25: rcu protect dev->ax25_ptr (bsc#1238471).
- CVE-2025-21999: proc: fix UAF in proc_get_inode() (bsc#1240802).
- CVE-2025-37789: net: openvswitch: fix nested key length validation in the set() action (bsc#1242762).
The following non-security bugs were fixed:
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745).
- devm-helpers: Add resource managed version of work init (bsc#1242745).
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- ocfs2: fix the issue with discontiguous allocation in the global_bitmap (git-fixes).
- workqueue: Add resource managed version of delayed work init (bsc#1242745).
- Remove debug flavor (bsc#1243919).
ImportantSUSE bug 1154353SUSE bug 1156395SUSE bug 1170891SUSE bug 1173139SUSE bug 1184350SUSE bug 1184611SUSE bug 1185010SUSE bug 1188772SUSE bug 1189883SUSE bug 1190358SUSE bug 1190428SUSE bug 1201644SUSE bug 1201664SUSE bug 1201672SUSE bug 1201673SUSE bug 1201676SUSE bug 1206073SUSE bug 1206649SUSE bug 1206886SUSE bug 1206887SUSE bug 1207198SUSE bug 1209657SUSE bug 1210337SUSE bug 1213476SUSE bug 1214842SUSE bug 1216702SUSE bug 1220754SUSE bug 1220985SUSE bug 1221015SUSE bug 1221044SUSE bug 1223932SUSE bug 1224099SUSE bug 1224482SUSE bug 1224511SUSE bug 1224592SUSE bug 1224831SUSE bug 1224832SUSE bug 1224834SUSE bug 1224841SUSE bug 1224843SUSE bug 1224846SUSE bug 1224849SUSE bug 1224854SUSE bug 1224859SUSE bug 1224882SUSE bug 1224889SUSE bug 1224891SUSE bug 1224892SUSE bug 1224893SUSE bug 1224904SUSE bug 1225360SUSE bug 1225411SUSE bug 1231193SUSE bug 1232649SUSE bug 1234887SUSE bug 1235100SUSE bug 1237981SUSE bug 1238032SUSE bug 1238471SUSE bug 1240802SUSE bug 1242145SUSE bug 1242147SUSE bug 1242150SUSE bug 1242154SUSE bug 1242215SUSE bug 1242232SUSE bug 1242245SUSE bug 1242264SUSE bug 1242270SUSE bug 1242352SUSE bug 1242353SUSE bug 1242355SUSE bug 1242366SUSE bug 1242378SUSE bug 1242385SUSE bug 1242387SUSE bug 1242391SUSE bug 1242392SUSE bug 1242402SUSE bug 1242409SUSE bug 1242416SUSE bug 1242440SUSE bug 1242443SUSE bug 1242449SUSE bug 1242452SUSE bug 1242455SUSE bug 1242464SUSE bug 1242473SUSE bug 1242481SUSE bug 1242484SUSE bug 1242493SUSE bug 1242527SUSE bug 1242542SUSE bug 1242545SUSE bug 1242547SUSE bug 1242548SUSE bug 1242549SUSE bug 1242551SUSE bug 1242580SUSE bug 1242597SUSE bug 1242686SUSE bug 1242689SUSE bug 1242716SUSE bug 1242733SUSE bug 1242734SUSE bug 1242736SUSE bug 1242745SUSE bug 1242749SUSE bug 1242762SUSE bug 1242835SUSE bug 1243919CVE-2020-36790 at SUSECVE-2020-36790 at NVDCVE-2020-36791 at SUSECVE-2020-36791 at NVDCVE-2021-32399 at SUSECVE-2021-32399 at NVDCVE-2021-3743 at SUSECVE-2021-3743 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47220 at SUSECVE-2021-47220 at NVDCVE-2021-47229 at SUSECVE-2021-47229 at NVDCVE-2021-47231 at SUSECVE-2021-47231 at NVDCVE-2021-47236 at SUSECVE-2021-47236 at NVDCVE-2021-47239 at SUSECVE-2021-47239 at NVDCVE-2021-47240 at SUSECVE-2021-47240 at NVDCVE-2021-47246 at SUSECVE-2021-47246 at NVDCVE-2021-47252 at SUSECVE-2021-47252 at NVDCVE-2021-47255 at SUSECVE-2021-47255 at NVDCVE-2021-47260 at SUSECVE-2021-47260 at NVDCVE-2021-47288 at SUSECVE-2021-47288 at NVDCVE-2021-47296 at SUSECVE-2021-47296 at NVDCVE-2021-47314 at SUSECVE-2021-47314 at NVDCVE-2021-47315 at SUSECVE-2021-47315 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2022-3564 at SUSECVE-2022-3564 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2022-49110 at SUSECVE-2022-49110 at NVDCVE-2022-49139 at SUSECVE-2022-49139 at NVDCVE-2022-49767 at SUSECVE-2022-49767 at NVDCVE-2022-49769 at SUSECVE-2022-49769 at NVDCVE-2022-49770 at SUSECVE-2022-49770 at NVDCVE-2022-49771 at SUSECVE-2022-49771 at NVDCVE-2022-49772 at SUSECVE-2022-49772 at NVDCVE-2022-49775 at SUSECVE-2022-49775 at NVDCVE-2022-49777 at SUSECVE-2022-49777 at NVDCVE-2022-49787 at SUSECVE-2022-49787 at NVDCVE-2022-49788 at SUSECVE-2022-49788 at NVDCVE-2022-49789 at SUSECVE-2022-49789 at NVDCVE-2022-49790 at SUSECVE-2022-49790 at NVDCVE-2022-49793 at SUSECVE-2022-49793 at NVDCVE-2022-49794 at SUSECVE-2022-49794 at NVDCVE-2022-49799 at SUSECVE-2022-49799 at NVDCVE-2022-49802 at SUSECVE-2022-49802 at NVDCVE-2022-49809 at SUSECVE-2022-49809 at NVDCVE-2022-49818 at SUSECVE-2022-49818 at NVDCVE-2022-49821 at SUSECVE-2022-49821 at NVDCVE-2022-49823 at SUSECVE-2022-49823 at NVDCVE-2022-49824 at SUSECVE-2022-49824 at NVDCVE-2022-49825 at SUSECVE-2022-49825 at NVDCVE-2022-49826 at SUSECVE-2022-49826 at NVDCVE-2022-49827 at SUSECVE-2022-49827 at NVDCVE-2022-49830 at SUSECVE-2022-49830 at NVDCVE-2022-49832 at SUSECVE-2022-49832 at NVDCVE-2022-49835 at SUSECVE-2022-49835 at NVDCVE-2022-49836 at SUSECVE-2022-49836 at NVDCVE-2022-49839 at SUSECVE-2022-49839 at NVDCVE-2022-49841 at SUSECVE-2022-49841 at NVDCVE-2022-49842 at SUSECVE-2022-49842 at NVDCVE-2022-49846 at SUSECVE-2022-49846 at NVDCVE-2022-49861 at SUSECVE-2022-49861 at NVDCVE-2022-49870 at SUSECVE-2022-49870 at NVDCVE-2022-49879 at SUSECVE-2022-49879 at NVDCVE-2022-49880 at SUSECVE-2022-49880 at NVDCVE-2022-49881 at SUSECVE-2022-49881 at NVDCVE-2022-49887 at SUSECVE-2022-49887 at NVDCVE-2022-49889 at SUSECVE-2022-49889 at NVDCVE-2022-49892 at SUSECVE-2022-49892 at NVDCVE-2022-49906 at SUSECVE-2022-49906 at NVDCVE-2022-49910 at SUSECVE-2022-49910 at NVDCVE-2022-49915 at SUSECVE-2022-49915 at NVDCVE-2022-49922 at SUSECVE-2022-49922 at NVDCVE-2022-49927 at SUSECVE-2022-49927 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1990 at SUSECVE-2023-1990 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-53039 at SUSECVE-2023-53039 at NVDCVE-2023-53052 at SUSECVE-2023-53052 at NVDCVE-2023-53106 at SUSECVE-2023-53106 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-53168 at SUSECVE-2024-53168 at NVDCVE-2024-56558 at SUSECVE-2024-56558 at NVDCVE-2025-21812 at SUSECVE-2025-21812 at NVDCVE-2025-21999 at SUSECVE-2025-21999 at NVDCVE-2025-37789 at SUSECVE-2025-37789 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-requests (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-requests fixes the following issues:
- CVE-2024-47081: fixed netrc credential leak (bsc#1244039).
ModerateSUSE bug 1244039CVE-2024-47081 at SUSECVE-2024-47081 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam (Important)SUSE Linux Enterprise Micro 5.2
This update for pam fixes the following issues:
- CVE-2025-6018: pam_env: Change the default to not read the user .pam_environment file (bsc#1243226).
- CVE-2025-6020: pam_namespace: convert functions that may operate on a user-controlled path to operate on file descriptors instead of absolute path (bsc#1244509).
ImportantSUSE bug 1243226SUSE bug 1244509CVE-2025-6018 at SUSECVE-2025-6018 at NVDCVE-2025-6020 at SUSECVE-2025-6020 at NVDcpe:/o:suse:suse-microos:5.2Security update for systemd (Important)SUSE Linux Enterprise Micro 5.2
This update for systemd fixes the following issues:
- CVE-2025-4598: Race condition that allows a local attacker to crash a SUID program and gain read access to the resulting core dump (bsc#1243935).
- CVE-2023-26604: Privilege escalation via the less pager (bsc#1208958).
- CVE-2022-4415: systemd-coredump was not respecting fs.suid_dumpable kernel setting (bsc#1205000).
Other bugfixes:
- clarify passno and noauto combination in /etc/fstab (bsc#1211725)
- handle -EINTR return from bus_poll() (bsc#1215241)
- /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
ImportantSUSE bug 1205000SUSE bug 1208958SUSE bug 1211576SUSE bug 1211725SUSE bug 1215241SUSE bug 1243935CVE-2022-4415 at SUSECVE-2022-4415 at NVDCVE-2023-26604 at SUSECVE-2023-26604 at NVDCVE-2025-4598 at SUSECVE-2025-4598 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
The following non-security bugs were fixed:
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
ImportantSUSE bug 1215304SUSE bug 1220927SUSE bug 1220937SUSE bug 1230697SUSE bug 1232436SUSE bug 1234281SUSE bug 1234690SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234963SUSE bug 1235004SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235246SUSE bug 1235480SUSE bug 1235584CVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:suse-microos:5.2Security update for gstreamer-plugins-base (Important)SUSE Linux Enterprise Micro 5.2
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-47538: Fixed stack-buffer overflow in vorbis_handle_identification_packet (bnc#1234415)
- CVE-2024-47600: Fixed out-of-bounds read in gst-discoverer-1.0 commandline tool (bnc#1234453)
- CVE-2024-47615: Fixed out-of-bounds write in Ogg demuxer (bnc#1234456)
- CVE-2024-47542: Fixed ID3v2 parser out-of-bounds read and NULL-pointer dereference (bnc#1234460)
- CVE-2024-47607: Fixed stack buffer-overflow in Opus decoder (bnc#1234455)
- CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser (bnc#1234450)
- CVE-2024-47541: Fixed out-of-bounds write in SSA subtitle parser (bnc#1234459)
- CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer subtitle parser (boo#1244404)
- CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser (boo#1244403)
- CVE-2025-47806: Fixed Stack buffer overflow in SubRip subtitle parser (boo#1244407)
ImportantSUSE bug 1234415SUSE bug 1234450SUSE bug 1234453SUSE bug 1234455SUSE bug 1234456SUSE bug 1234459SUSE bug 1234460SUSE bug 1244403SUSE bug 1244404SUSE bug 1244407CVE-2024-47538 at SUSECVE-2024-47538 at NVDCVE-2024-47541 at SUSECVE-2024-47541 at NVDCVE-2024-47542 at SUSECVE-2024-47542 at NVDCVE-2024-47600 at SUSECVE-2024-47600 at NVDCVE-2024-47607 at SUSECVE-2024-47607 at NVDCVE-2024-47615 at SUSECVE-2024-47615 at NVDCVE-2024-47835 at SUSECVE-2024-47835 at NVDCVE-2025-47806 at SUSECVE-2025-47806 at NVDCVE-2025-47807 at SUSECVE-2025-47807 at NVDCVE-2025-47808 at SUSECVE-2025-47808 at NVDcpe:/o:suse:suse-microos:5.2Security update for perl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for perl fixes the following issues:
- CVE-2025-40909: Do not change the current directory when cloning an open directory handle (bsc#1244079).
ModerateSUSE bug 1244079CVE-2025-40909 at SUSECVE-2025-40909 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam_pkcs11 (Important)SUSE Linux Enterprise Micro 5.2
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-6018: Removes pam_env from auth stack for security reason (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:suse-microos:5.2Security update for gstreamer (Important)SUSE Linux Enterprise Micro 5.2
This update for gstreamer fixes the following issues:
- CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (bsc#1234449)
ImportantSUSE bug 1234449CVE-2024-47606 at SUSECVE-2024-47606 at NVDcpe:/o:suse:suse-microos:5.2Security update for ignition (Important)SUSE Linux Enterprise Micro 5.2
This update for ignition fixes the following issues:
- CVE-2025-22868: golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2 (bsc#1239192).
ImportantSUSE bug 1239192CVE-2025-22868 at SUSECVE-2025-22868 at NVDcpe:/o:suse:suse-microos:5.2Security update for icu (Important)SUSE Linux Enterprise Micro 5.2
This update for icu fixes the following issues:
- CVE-2025-5222: Stack buffer overflow in the SRBRoot:addTag function (bsc#1243721).
ImportantSUSE bug 1161007SUSE bug 1167603SUSE bug 1193951SUSE bug 1243721CVE-2020-21913 at SUSECVE-2020-21913 at NVDCVE-2025-5222 at SUSECVE-2025-5222 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam-config (Important)SUSE Linux Enterprise Micro 5.2
This update for pam-config fixes the following issues:
- CVE-2025-6018: Stop adding pam_env in AUTH stack, and be sure to put this module at the really end of the SESSION stack (bsc#1243226).
ImportantSUSE bug 1243226CVE-2025-6018 at SUSECVE-2025-6018 at NVDcpe:/o:suse:suse-microos:5.2Recommended update for podman (Moderate)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- Added patch to remove using rw as a default mount option (bsc#1239776)
ModerateSUSE bug 1239776CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2025-22869 at SUSECVE-2025-22869 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:suse-microos:5.2Security update for sudo (Important)SUSE Linux Enterprise Micro 5.2
This update for sudo fixes the following issues:
- CVE-2025-32462: Fixed a possible local privilege escalation via the --host option (bsc#1245274).
ImportantSUSE bug 1245274CVE-2025-32462 at SUSECVE-2025-32462 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Low)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
- CVE-2024-45310: Fixed unintentional creation of empty files/directories on host (bsc#1230092)
Other fixes:
- Update to runc v1.2.6.
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Low)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2025-4945: Add value checks for date/time parsing (bsc#1243314).
LowSUSE bug 1243314CVE-2025-4945 at SUSECVE-2025-4945 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
- CVE-2024-41965: Fixed improper neutralization of argument delimiters in zip.vim that could have led to data loss (bsc#1228776).
- CVE-2025-29768: Fixed double-free in dialog_changed() (bsc#1239602).
ModerateSUSE bug 1228776SUSE bug 1239602CVE-2024-41965 at SUSECVE-2024-41965 at NVDCVE-2025-29768 at SUSECVE-2025-29768 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2025-49794: Fixed a heap use after free which could lead to denial of service. (bsc#1244554)
- CVE-2025-49796: Fixed type confusion which could lead to denial of service. (bsc#1244557)
- CVE-2025-6170: Fixed a stack buffer overflow which could lead to a crash. (bsc#1244700)
- CVE-2025-6021: Fixed an integer overflow in xmlBuildQName() which could lead to stack buffer overflow. (bsc#1244590)
ImportantSUSE bug 1244554SUSE bug 1244557SUSE bug 1244590SUSE bug 1244700CVE-2025-49794 at SUSECVE-2025-49794 at NVDCVE-2025-49796 at SUSECVE-2025-49796 at NVDCVE-2025-6021 at SUSECVE-2025-6021 at NVDCVE-2025-6170 at SUSECVE-2025-6170 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh (Important)SUSE Linux Enterprise Micro 5.2
This update for libssh fixes the following issues:
- CVE-2025-4877: Fixed write beyond bounds in binary to base64 conversion functions (bsc#1245309).
- CVE-2025-4878: Fixed use of uninitialized variable in privatekey_from_file() (bsc#1245310).
- CVE-2025-5318: Fixed likely read beyond bounds in sftp server handle management (bsc#1245311).
- CVE-2025-5372: Fixed ssh_kdf() returns a success code on certain failures (bsc#1245314).
ImportantSUSE bug 1245309SUSE bug 1245310SUSE bug 1245311SUSE bug 1245314CVE-2025-4877 at SUSECVE-2025-4877 at NVDCVE-2025-4878 at SUSECVE-2025-4878 at NVDCVE-2025-5318 at SUSECVE-2025-5318 at NVDCVE-2025-5372 at SUSECVE-2025-5372 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
Update to Docker 28.2.2-ce (bsc#1243833, bsc#1242114):
- CVE-2025-0495: Fixed credential leakage to telemetry endpoints when credentials
allowed to be set as attribute values in cache-to/cache-from configuration.(bsc#1239765)
- CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction (bsc#1241830).
Other fixes:
- Update to docker-buildx v0.22.0.
- Always clear SUSEConnect suse_* secrets when starting containers (bsc#1244035).
- Disable transparent SUSEConnect support for SLE-16. (jsc#PED-12534)
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. (jsc#PED-8905)
- SUSEConnect secrets fails in SLES rootless docker containers (bsc#1240150).
ModerateSUSE bug 1239765SUSE bug 1240150SUSE bug 1241830SUSE bug 1242114SUSE bug 1243833SUSE bug 1244035CVE-2025-0495 at SUSECVE-2025-0495 at NVDCVE-2025-22872 at SUSECVE-2025-22872 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49035: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (bsc#1215304).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56631: scsi: sg: Fix slab-use-after-free read in sg_release() (bsc#1235480).
- CVE-2024-56704: 9p/xen: fix release of IRQ (bsc#1235584).
The following non-security bugs were fixed:
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
ImportantSUSE bug 1215304SUSE bug 1220927SUSE bug 1220937SUSE bug 1230697SUSE bug 1232436SUSE bug 1234281SUSE bug 1234690SUSE bug 1234846SUSE bug 1234853SUSE bug 1234891SUSE bug 1234921SUSE bug 1234963SUSE bug 1235004SUSE bug 1235054SUSE bug 1235056SUSE bug 1235061SUSE bug 1235073SUSE bug 1235246SUSE bug 1235480SUSE bug 1235584CVE-2022-49035 at SUSECVE-2022-49035 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2024-53142 at SUSECVE-2024-53142 at NVDCVE-2024-53144 at SUSECVE-2024-53144 at NVDCVE-2024-53146 at SUSECVE-2024-53146 at NVDCVE-2024-53156 at SUSECVE-2024-53156 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53179 at SUSECVE-2024-53179 at NVDCVE-2024-53214 at SUSECVE-2024-53214 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-53240 at SUSECVE-2024-53240 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56604 at SUSECVE-2024-56604 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56631 at SUSECVE-2024-56631 at NVDCVE-2024-56704 at SUSECVE-2024-56704 at NVDCVE-2024-8805 at SUSECVE-2024-8805 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- Fix conditional for selecting gcc-13 Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- MyBS: Correctly generate build flags for non-multibuild package limit (bsc# 1244241) Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build')
- MyBS: Do not build kernel-obs-qa with limit_packages Fixes: 58e3f8c34b2b ('bs-upload-kernel: Pass limit_packages also on multibuild')
- MyBS: Simplify qa_expr generation Start with a 0 which makes the expression valid even if there are no QA repositories (currently does not happen). Then separator is always needed.
- Require zstd in kernel-default-devel when module compression is zstd To use ksym-provides tool modules need to be uncompressed. Without zstd at least kernel-default-base does not have provides. Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- Test the correct macro to detect RT kernel build Fixes: 470cd1a41502 ('kernel-binary: Support livepatch_rt with merged RT branch')
- Use gcc-13 for build on SLE16 (jsc#PED-10028).
- add nf_tables for iptables non-legacy network handling This is needed for example by docker on the Alpine Linux distribution, but can also be used on openSUSE.
- bs-upload-kernel: Pass limit_packages also on multibuild Fixes: 0999112774fc ('MyBS: Use buildflags to set which package to build') Fixes: 747f601d4156 ('bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)')
- check-for-config-changes: Fix flag name typo
- drop ax25 drivers (bsc#1238471).
- drop hamradio drivers (bsc#1238471).
- drop netrom drivers (bsc#1238471).
- drop rose drivers (bsc#1238471).
- kabi/severities: workaround kABI checker complains after AX25 and HAMRADIO removals KABI: symbol asc2ax(mod:net/ax25/ax25) lost KABI: symbol ax25_bcast(mod:net/ax25/ax25) lost KABI: symbol ax25_defaddr(mod:net/ax25/ax25) lost KABI: symbol ax25_display_timer(mod:net/ax25/ax25) lost KABI: symbol ax25_find_cb(mod:net/ax25/ax25) lost KABI: symbol ax25_findbyuid(mod:net/ax25/ax25) lost KABI: symbol ax25_header_ops(mod:net/ax25/ax25) lost KABI: symbol ax25_ip_xmit(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_register(mod:net/ax25/ax25) lost KABI: symbol ax25_linkfail_release(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_register(mod:net/ax25/ax25) lost KABI: symbol ax25_listen_release(mod:net/ax25/ax25) lost KABI: symbol ax25_protocol_release(mod:net/ax25/ax25) lost KABI: symbol ax25_register_pid(mod:net/ax25/ax25) lost KABI: symbol ax25_send_frame(mod:net/ax25/ax25) lost KABI: symbol ax25_uid_policy(mod:net/ax25/ax25) lost KABI: symbol ax25cmp(mod:net/ax25/ax25) lost KABI: symbol ax2asc(mod:net/ax25/ax25) lost KABI: symbol hdlcdrv_arbitrate(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_receiver(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_register(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_transmitter(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol hdlcdrv_unregister(mod:drivers/net/hamradio/hdlcdrv) lost KABI: symbol null_ax25_address(mod:net/ax25/ax25) lost
- kernel-binary: Support livepatch_rt with merged RT branch
- kernel-obs-qa: Use srchash for dependency as well
- kernel-source: Also replace bin/env
- kernel-source: Do not use multiple -r in sed parameters
- kernel-source: Remove log.sh from sources
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251). When compiler different from the one which was used to configure the kernel is used to build modules a warning is issued and the build continues. This could be turned into an error but that would be too restrictive. The generated kernel-devel makefile could set the compiler but then the main Makefile as to be patched to assign CC with ?= This causes run_oldconfig failure on SUSE-2024 and kbuild config check failure on SUSE-2025. This cannot be hardcoded to one version in a regular patch because the value is expected to be configurable at mkspec time. Patch the Makefile after aplyin patches in rpm prep step instead. A check is added to verify that the sed command did indeed apply the change.
- packaging: Turn gcc version into config.sh variable Fixes: 51dacec21eb1 ('Use gcc-13 for build on SLE16 (jsc#PED-10028).')
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN Both spellings are actually used
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE Useful when someone tries (needs) to build the kernel with clang.
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML This option is dynamically enabled to build-test different configurations. This makes run_oldconfig.sh complain sporadically for arm64.
- rpm/kernel-binary.spec.in: Also order against update-bootloader (boo#1228659, boo#1240785, boo#1241038).
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986) sle_version was obsoleted for SLE16. It has to be combined with suse_version check.
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038). OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow a package to inform the order of installation of other package without hard requiring that package. This means our kernel-binary packages no longer need to hard require perl-Bootloader or dracut, resolving the long-commented issue there. This is also needed for udev & systemd-boot to ensure those packages are installed before being called by dracut (boo#1228659)
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- rpm/package-descriptions: Add rt and rt_debug descriptions
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- rpm: Stop using is_kotd_qa macro This macro is set by bs-upload-kernel, and a conditional in each spec file is used to determine when to build the spec file. This logic should not really be in the spec file. Previously this was done with package links and package meta for the individula links. However, the use of package links is rejected for packages in git based release projects (nothing to do with git actually, new policy). An alternative to package links is multibuild. However, for multibuild packages package meta cannot be used to set which spec file gets built. Use prjcon buildflags instead, and remove this conditional. Depends on bs-upload-kernel adding the build flag.
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202810SUSE bug 1202860SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1211226SUSE bug 1212051SUSE bug 1218184SUSE bug 1224095SUSE bug 1225820SUSE bug 1226514SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238471SUSE bug 1238570SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242414SUSE bug 1242504SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244337SUSE bug 1244764SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244782SUSE bug 1244783SUSE bug 1244786SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244804SUSE bug 1244813SUSE bug 1244815SUSE bug 1244816SUSE bug 1244825SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244841SUSE bug 1244842SUSE bug 1244845SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244856SUSE bug 1244861SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244885SUSE bug 1244886SUSE bug 1244887SUSE bug 1244899SUSE bug 1244901SUSE bug 1244902SUSE bug 1244908SUSE bug 1244936SUSE bug 1244941SUSE bug 1244943SUSE bug 1244945SUSE bug 1244948SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244976SUSE bug 1244979SUSE bug 1244984SUSE bug 1244986SUSE bug 1244992SUSE bug 1245006SUSE bug 1245007SUSE bug 1245024SUSE bug 1245031SUSE bug 1245033SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245072SUSE bug 1245073SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245183SUSE bug 1245195SUSE bug 1245265SUSE bug 1245348SUSE bug 1245455CVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50091 at SUSECVE-2022-50091 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Important)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
- CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471)
- CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470)
ImportantSUSE bug 1238896SUSE bug 1244644SUSE bug 1246112CVE-2024-36350 at SUSECVE-2024-36350 at NVDCVE-2024-36357 at SUSECVE-2024-36357 at NVDCVE-2025-27465 at SUSECVE-2025-27465 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50085: dm raid: fix address sanitizer warning in raid_resume (bsc#1245147).
- CVE-2022-50087: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (bsc#1245119).
- CVE-2022-50200: selinux: Add boundary check in put_entry() (bsc#1245149).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: kabi: place tstamp needed for nftables set in a hole (bsc#1224095).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-56770: sch/netem: fix use after free in netem_dequeue (bsc#1235637).
- CVE-2025-21700: net: sched: Disallow replacing of child qdisc from one parent to another (bsc#1237159).
- CVE-2025-21702: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (bsc#1237312).
- CVE-2025-21703: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (bsc#1237313).
- CVE-2025-37752: net_sched: sch_sfq: move the limit validation (bsc#1242504).
- CVE-2025-37823: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (bsc#1242924).
- CVE-2025-37890: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (bsc#1243330).
- CVE-2025-37997: netfilter: ipset: fix region locking in hash types (bsc#1243832).
- CVE-2025-38000: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (bsc#1244277).
- CVE-2025-38001: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (bsc#1244234).
- CVE-2025-38083: net_sched: prio: fix a race in prio_tune() (bsc#1245183).
The following non-security bugs were fixed:
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- scsi: storvsc: Do not report the host packet status as the hv status (git-fixes).
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- wifi: cfg80211: Add my certificate (bsc#1243001).
- wifi: cfg80211: fix certs build to not depend on file order (bsc#1243001).
ImportantSUSE bug 1065729SUSE bug 1156395SUSE bug 1199487SUSE bug 1201160SUSE bug 1201956SUSE bug 1202095SUSE bug 1202564SUSE bug 1202716SUSE bug 1202810SUSE bug 1202860SUSE bug 1205220SUSE bug 1205514SUSE bug 1206664SUSE bug 1206878SUSE bug 1206880SUSE bug 1211226SUSE bug 1212051SUSE bug 1218184SUSE bug 1224095SUSE bug 1225820SUSE bug 1226514SUSE bug 1228659SUSE bug 1230827SUSE bug 1231293SUSE bug 1232504SUSE bug 1234381SUSE bug 1234454SUSE bug 1235637SUSE bug 1237159SUSE bug 1237312SUSE bug 1237313SUSE bug 1238303SUSE bug 1238471SUSE bug 1238570SUSE bug 1239986SUSE bug 1240785SUSE bug 1241038SUSE bug 1242414SUSE bug 1242504SUSE bug 1242924SUSE bug 1243001SUSE bug 1243330SUSE bug 1243543SUSE bug 1243627SUSE bug 1243832SUSE bug 1244234SUSE bug 1244241SUSE bug 1244277SUSE bug 1244337SUSE bug 1244764SUSE bug 1244767SUSE bug 1244770SUSE bug 1244771SUSE bug 1244773SUSE bug 1244774SUSE bug 1244776SUSE bug 1244779SUSE bug 1244782SUSE bug 1244783SUSE bug 1244786SUSE bug 1244788SUSE bug 1244790SUSE bug 1244793SUSE bug 1244794SUSE bug 1244796SUSE bug 1244797SUSE bug 1244804SUSE bug 1244813SUSE bug 1244815SUSE bug 1244816SUSE bug 1244825SUSE bug 1244834SUSE bug 1244836SUSE bug 1244838SUSE bug 1244839SUSE bug 1244841SUSE bug 1244842SUSE bug 1244845SUSE bug 1244848SUSE bug 1244849SUSE bug 1244851SUSE bug 1244853SUSE bug 1244856SUSE bug 1244861SUSE bug 1244867SUSE bug 1244868SUSE bug 1244869SUSE bug 1244881SUSE bug 1244883SUSE bug 1244884SUSE bug 1244885SUSE bug 1244886SUSE bug 1244887SUSE bug 1244899SUSE bug 1244901SUSE bug 1244902SUSE bug 1244908SUSE bug 1244936SUSE bug 1244941SUSE bug 1244943SUSE bug 1244945SUSE bug 1244948SUSE bug 1244950SUSE bug 1244956SUSE bug 1244958SUSE bug 1244959SUSE bug 1244967SUSE bug 1244968SUSE bug 1244969SUSE bug 1244976SUSE bug 1244979SUSE bug 1244984SUSE bug 1244986SUSE bug 1244992SUSE bug 1245006SUSE bug 1245007SUSE bug 1245024SUSE bug 1245031SUSE bug 1245033SUSE bug 1245041SUSE bug 1245047SUSE bug 1245051SUSE bug 1245057SUSE bug 1245058SUSE bug 1245072SUSE bug 1245073SUSE bug 1245098SUSE bug 1245103SUSE bug 1245117SUSE bug 1245119SUSE bug 1245121SUSE bug 1245122SUSE bug 1245125SUSE bug 1245129SUSE bug 1245131SUSE bug 1245135SUSE bug 1245136SUSE bug 1245138SUSE bug 1245139SUSE bug 1245140SUSE bug 1245146SUSE bug 1245147SUSE bug 1245149SUSE bug 1245183SUSE bug 1245195SUSE bug 1245265SUSE bug 1245348SUSE bug 1245455CVE-2022-1679 at SUSECVE-2022-1679 at NVDCVE-2022-2586 at SUSECVE-2022-2586 at NVDCVE-2022-2905 at SUSECVE-2022-2905 at NVDCVE-2022-3903 at SUSECVE-2022-3903 at NVDCVE-2022-4095 at SUSECVE-2022-4095 at NVDCVE-2022-4662 at SUSECVE-2022-4662 at NVDCVE-2022-49934 at SUSECVE-2022-49934 at NVDCVE-2022-49936 at SUSECVE-2022-49936 at NVDCVE-2022-49937 at SUSECVE-2022-49937 at NVDCVE-2022-49942 at SUSECVE-2022-49942 at NVDCVE-2022-49945 at SUSECVE-2022-49945 at NVDCVE-2022-49948 at SUSECVE-2022-49948 at NVDCVE-2022-49950 at SUSECVE-2022-49950 at NVDCVE-2022-49952 at SUSECVE-2022-49952 at NVDCVE-2022-49954 at SUSECVE-2022-49954 at NVDCVE-2022-49956 at SUSECVE-2022-49956 at NVDCVE-2022-49968 at SUSECVE-2022-49968 at NVDCVE-2022-49977 at SUSECVE-2022-49977 at NVDCVE-2022-49978 at SUSECVE-2022-49978 at NVDCVE-2022-49981 at SUSECVE-2022-49981 at NVDCVE-2022-49984 at SUSECVE-2022-49984 at NVDCVE-2022-49985 at SUSECVE-2022-49985 at NVDCVE-2022-49986 at SUSECVE-2022-49986 at NVDCVE-2022-49987 at SUSECVE-2022-49987 at NVDCVE-2022-49989 at SUSECVE-2022-49989 at NVDCVE-2022-49990 at SUSECVE-2022-49990 at NVDCVE-2022-49993 at SUSECVE-2022-49993 at NVDCVE-2022-50010 at SUSECVE-2022-50010 at NVDCVE-2022-50012 at SUSECVE-2022-50012 at NVDCVE-2022-50019 at SUSECVE-2022-50019 at NVDCVE-2022-50020 at SUSECVE-2022-50020 at NVDCVE-2022-50022 at SUSECVE-2022-50022 at NVDCVE-2022-50027 at SUSECVE-2022-50027 at NVDCVE-2022-50028 at SUSECVE-2022-50028 at NVDCVE-2022-50029 at SUSECVE-2022-50029 at NVDCVE-2022-50030 at SUSECVE-2022-50030 at NVDCVE-2022-50032 at SUSECVE-2022-50032 at NVDCVE-2022-50033 at SUSECVE-2022-50033 at NVDCVE-2022-50036 at SUSECVE-2022-50036 at NVDCVE-2022-50038 at SUSECVE-2022-50038 at NVDCVE-2022-50045 at SUSECVE-2022-50045 at NVDCVE-2022-50051 at SUSECVE-2022-50051 at NVDCVE-2022-50059 at SUSECVE-2022-50059 at NVDCVE-2022-50061 at SUSECVE-2022-50061 at NVDCVE-2022-50065 at SUSECVE-2022-50065 at NVDCVE-2022-50067 at SUSECVE-2022-50067 at NVDCVE-2022-50072 at SUSECVE-2022-50072 at NVDCVE-2022-50083 at SUSECVE-2022-50083 at NVDCVE-2022-50084 at SUSECVE-2022-50084 at NVDCVE-2022-50085 at SUSECVE-2022-50085 at NVDCVE-2022-50087 at SUSECVE-2022-50087 at NVDCVE-2022-50091 at SUSECVE-2022-50091 at NVDCVE-2022-50092 at SUSECVE-2022-50092 at NVDCVE-2022-50093 at SUSECVE-2022-50093 at NVDCVE-2022-50094 at SUSECVE-2022-50094 at NVDCVE-2022-50097 at SUSECVE-2022-50097 at NVDCVE-2022-50098 at SUSECVE-2022-50098 at NVDCVE-2022-50099 at SUSECVE-2022-50099 at NVDCVE-2022-50101 at SUSECVE-2022-50101 at NVDCVE-2022-50102 at SUSECVE-2022-50102 at NVDCVE-2022-50104 at SUSECVE-2022-50104 at NVDCVE-2022-50108 at SUSECVE-2022-50108 at NVDCVE-2022-50109 at SUSECVE-2022-50109 at NVDCVE-2022-50118 at SUSECVE-2022-50118 at NVDCVE-2022-50124 at SUSECVE-2022-50124 at NVDCVE-2022-50126 at SUSECVE-2022-50126 at NVDCVE-2022-50127 at SUSECVE-2022-50127 at NVDCVE-2022-50136 at SUSECVE-2022-50136 at NVDCVE-2022-50138 at SUSECVE-2022-50138 at NVDCVE-2022-50140 at SUSECVE-2022-50140 at NVDCVE-2022-50141 at SUSECVE-2022-50141 at NVDCVE-2022-50142 at SUSECVE-2022-50142 at NVDCVE-2022-50143 at SUSECVE-2022-50143 at NVDCVE-2022-50146 at SUSECVE-2022-50146 at NVDCVE-2022-50149 at SUSECVE-2022-50149 at NVDCVE-2022-50152 at SUSECVE-2022-50152 at NVDCVE-2022-50153 at SUSECVE-2022-50153 at NVDCVE-2022-50156 at SUSECVE-2022-50156 at NVDCVE-2022-50158 at SUSECVE-2022-50158 at NVDCVE-2022-50160 at SUSECVE-2022-50160 at NVDCVE-2022-50161 at SUSECVE-2022-50161 at NVDCVE-2022-50162 at SUSECVE-2022-50162 at NVDCVE-2022-50164 at SUSECVE-2022-50164 at NVDCVE-2022-50165 at SUSECVE-2022-50165 at NVDCVE-2022-50169 at SUSECVE-2022-50169 at NVDCVE-2022-50172 at SUSECVE-2022-50172 at NVDCVE-2022-50173 at SUSECVE-2022-50173 at NVDCVE-2022-50176 at SUSECVE-2022-50176 at NVDCVE-2022-50179 at SUSECVE-2022-50179 at NVDCVE-2022-50181 at SUSECVE-2022-50181 at NVDCVE-2022-50185 at SUSECVE-2022-50185 at NVDCVE-2022-50191 at SUSECVE-2022-50191 at NVDCVE-2022-50200 at SUSECVE-2022-50200 at NVDCVE-2022-50209 at SUSECVE-2022-50209 at NVDCVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2022-50212 at SUSECVE-2022-50212 at NVDCVE-2022-50213 at SUSECVE-2022-50213 at NVDCVE-2022-50215 at SUSECVE-2022-50215 at NVDCVE-2022-50218 at SUSECVE-2022-50218 at NVDCVE-2022-50220 at SUSECVE-2022-50220 at NVDCVE-2022-50222 at SUSECVE-2022-50222 at NVDCVE-2022-50229 at SUSECVE-2022-50229 at NVDCVE-2022-50231 at SUSECVE-2022-50231 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2024-26924 at SUSECVE-2024-26924 at NVDCVE-2024-27397 at SUSECVE-2024-27397 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-53141 at SUSECVE-2024-53141 at NVDCVE-2024-56770 at SUSECVE-2024-56770 at NVDCVE-2025-21700 at SUSECVE-2025-21700 at NVDCVE-2025-21702 at SUSECVE-2025-21702 at NVDCVE-2025-21703 at SUSECVE-2025-21703 at NVDCVE-2025-37752 at SUSECVE-2025-37752 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-37823 at SUSECVE-2025-37823 at NVDCVE-2025-37890 at SUSECVE-2025-37890 at NVDCVE-2025-37932 at SUSECVE-2025-37932 at NVDCVE-2025-37953 at SUSECVE-2025-37953 at NVDCVE-2025-37997 at SUSECVE-2025-37997 at NVDCVE-2025-38000 at SUSECVE-2025-38000 at NVDCVE-2025-38001 at SUSECVE-2025-38001 at NVDCVE-2025-38083 at SUSECVE-2025-38083 at NVDcpe:/o:suse:suse-microos:5.2Security update for coreutils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for coreutils fixes the following issues:
Security fixes:
- CVE-2025-5278: Fixed heap buffer under-read may lead to a crash or leak sensitive data (bsc#1243767)
Other fixes:
- ls: avoid triggering automounts (bsc#1221632)
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
ModerateSUSE bug 1219321SUSE bug 1221632SUSE bug 1243767CVE-2025-5278 at SUSECVE-2025-5278 at NVDcpe:/o:suse:suse-microos:5.2Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.2
This update for jq fixes the following issues:
- CVE-2024-23337: Fixed signed integer overflow in jv.c:jvp_array_write (bsc#1243450).
ModerateSUSE bug 1243450CVE-2024-23337 at SUSECVE-2024-23337 at NVDcpe:/o:suse:suse-microos:5.2Security update for polkit (Important)SUSE Linux Enterprise Micro 5.2
This update for polkit fixes the following issues:
- CVE-2025-7519: Fixed a XML policy file with a large number of nested elements that may lead to out-of-bounds write. (bsc#1246472)
ImportantSUSE bug 1246472CVE-2025-7519 at SUSECVE-2025-7519 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2024-38822: Fixed Minion token validation (bsc#1244561)
- CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport (bsc#1244564)
- CVE-2024-38824: Fixed directory traversal vulnerability in recv_file method (bsc#1244565)
- CVE-2024-38825: Fixed salt.auth.pki module authentication issue (bsc#1244566)
- CVE-2025-22240: Fixed arbitrary directory creation or file deletion with GitFS (bsc#1244567)
- CVE-2025-22236: Fixed Minion event bus authorization bypass (bsc#1244568)
- CVE-2025-22241: Fixed the use of un-validated input in the VirtKey class (bsc#1244570)
- CVE-2025-22237: Fixed exploitation of the 'on demand' pillar functionality (bsc#1244571)
- CVE-2025-22238: Fixed the master's default cache vulnerability to a directory traversal attack (bsc#1244572)
- CVE-2025-22239: Fixed the arbitrary event injection on the Salt Master (bsc#1244574)
- CVE-2025-22242: Fixed a Denial of Service vulnerability through file read operation (bsc#1244575)
- CVE-2025-47287: Fixed a Denial of Service vulnerability in Tornado logging behavior (bsc#1243268)
- Other bugs fixed:
- Added subsystem filter to udev.exportdb (bsc#1236621)
- Fixed Ubuntu 24.04 test failures
- Fixed refresh of osrelease and related grains on Python 3.10+
- Fixed issue requiring proper Python flavor for dependencies
ImportantSUSE bug 1236621SUSE bug 1243268SUSE bug 1244561SUSE bug 1244564SUSE bug 1244565SUSE bug 1244566SUSE bug 1244567SUSE bug 1244568SUSE bug 1244570SUSE bug 1244571SUSE bug 1244572SUSE bug 1244574SUSE bug 1244575CVE-2024-38822 at SUSECVE-2024-38822 at NVDCVE-2024-38823 at SUSECVE-2024-38823 at NVDCVE-2024-38824 at SUSECVE-2024-38824 at NVDCVE-2024-38825 at SUSECVE-2024-38825 at NVDCVE-2025-22236 at SUSECVE-2025-22236 at NVDCVE-2025-22237 at SUSECVE-2025-22237 at NVDCVE-2025-22238 at SUSECVE-2025-22238 at NVDCVE-2025-22239 at SUSECVE-2025-22239 at NVDCVE-2025-22240 at SUSECVE-2025-22240 at NVDCVE-2025-22241 at SUSECVE-2025-22241 at NVDCVE-2025-22242 at SUSECVE-2025-22242 at NVDCVE-2025-47287 at SUSECVE-2025-47287 at NVDcpe:/o:suse:suse-microos:5.2Security update for boost (Important)SUSE Linux Enterprise Micro 5.2
This update for boost fixes the following issues:
- CVE-2016-9840: Fixed out-of-bounds pointer arithmetic in zlib in beast (bsc#1245936)
ImportantSUSE bug 1245936CVE-2016-9840 at SUSECVE-2016-9840 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Important)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2025-6395: Fix NULL pointer dereference when 2nd Client Hello omits PSK (bsc#1246299)
- CVE-2025-32988: Fix double-free due to incorrect ownership handling in the export logic of SAN entries containing an otherName (bsc#1246232)
- CVE-2025-32990: Fix 1-byte heap buffer overflow when parsing templates with certtool (bsc#1246267)
ImportantSUSE bug 1246232SUSE bug 1246267SUSE bug 1246299CVE-2025-32988 at SUSECVE-2025-32988 at NVDCVE-2025-32990 at SUSECVE-2025-32990 at NVDCVE-2025-6395 at SUSECVE-2025-6395 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2025-7425: Fixed heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr (bsc#1246296)
ImportantSUSE bug 1246296CVE-2025-7425 at SUSECVE-2025-7425 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Important)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
- Update to version 3.50.2
- CVE-2025-6965: Fixed an integer truncation to avoid assertion faults. (bsc#1246597)
ImportantSUSE bug 1246597CVE-2025-6965 at SUSECVE-2025-6965 at NVDcpe:/o:suse:suse-microos:5.2Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for grub2 fixes the following issues:
- CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grub_crypto_memcmp (bsc#1234959)
ModerateSUSE bug 1234959CVE-2024-56738 at SUSECVE-2024-56738 at NVDcpe:/o:suse:suse-microos:5.2Security update for dpkg (Moderate)SUSE Linux Enterprise Micro 5.2
This update for dpkg fixes the following issues:
- CVE-2025-6297: Fixed an improper sanitization of directory permissions that could lead to DoS. (bsc#1245573)
ModerateSUSE bug 1245573CVE-2025-6297 at SUSECVE-2025-6297 at NVDcpe:/o:suse:suse-microos:5.2Security update for libgcrypt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libgcrypt fixes the following issues:
- CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts (bsc#1221107).
ModerateSUSE bug 1221107CVE-2024-2236 at SUSECVE-2024-2236 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2025-4516: use-after-free in the unicode-escape decoder when using the error handler (bsc#1243273).
- CVE-2024-12718: Fixed extraction filter bypass that allowed file metadata modification outside extraction directory (bsc#1244056)
- CVE-2025-4138: Fixed issue that might allow symlink targets to point outside the destination directory, and the modification of some file metadata (bsc#1244059)
- CVE-2025-4330: Fixed extraction filter bypass that allowed linking outside extraction directory (bsc#1244060)
- CVE-2025-4435: Fixed Tarfile extracts filtered members when errorlevel=0 (bsc#1244061)
- CVE-2025-4517: Fixed arbitrary filesystem writes outside the extraction directory during extraction with filter='data' (bsc#1244032)
- CVE-2025-6069: Fixed worst case quadratic complexity when processing certain crafted malformed inputs with HTMLParser (bsc#1244705)
- CVE-2025-8194: Fixed denial of service caused by tar archives with negative offsets (bsc#1247249)
Other fixes:
- Limit buffer size for IPv6 address parsing (bsc#1244401).
ImportantSUSE bug 1233012SUSE bug 1243273SUSE bug 1244032SUSE bug 1244056SUSE bug 1244059SUSE bug 1244060SUSE bug 1244061SUSE bug 1244401SUSE bug 1244705SUSE bug 1247249SUSE bug 831629CVE-2024-12718 at SUSECVE-2024-12718 at NVDCVE-2025-4138 at SUSECVE-2025-4138 at NVDCVE-2025-4330 at SUSECVE-2025-4330 at NVDCVE-2025-4435 at SUSECVE-2025-4435 at NVDCVE-2025-4516 at SUSECVE-2025-4516 at NVDCVE-2025-4517 at SUSECVE-2025-4517 at NVDCVE-2025-6069 at SUSECVE-2025-6069 at NVDCVE-2025-8194 at SUSECVE-2025-8194 at NVDcpe:/o:suse:suse-microos:5.2Security update for cairo (Low)SUSE Linux Enterprise Micro 5.2
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
LowSUSE bug 1122321CVE-2019-6462 at SUSECVE-2019-6462 at NVDcpe:/o:suse:suse-microos:5.2Security update for iputils (Moderate)SUSE Linux Enterprise Micro 5.2
This update for iputils fixes the following issues:
- CVE-2025-48964: Fixed integer overflow in ping statistics via zero timestamp (bsc#1243772).
Other bugfixes:
- Fixed ping on s390x that printed invalid ttl (bsc#1243284).
ModerateSUSE bug 1243284SUSE bug 1243772CVE-2025-48964 at SUSECVE-2025-48964 at NVDcpe:/o:suse:suse-microos:5.2Security update for Mesa (Moderate)SUSE Linux Enterprise Micro 5.2
This update for Mesa fixes the following issues:
- CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040)
- CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041)
- CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042)
ModerateSUSE bug 1222040SUSE bug 1222041SUSE bug 1222042CVE-2023-45913 at SUSECVE-2023-45913 at NVDCVE-2023-45919 at SUSECVE-2023-45919 at NVDCVE-2023-45922 at SUSECVE-2023-45922 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-6032: Fixed machine init command failing to verify TLS certificate (bsc#1245320)
ImportantSUSE bug 1245320CVE-2025-6032 at SUSECVE-2025-6032 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2025-8176: Fixed heap use-after-free in tools/tiffmedian.c (bsc#1247108)
- CVE-2025-8177: Fixed possible buffer overflow in tools/thumbnail.c:setrow()
when processing malformed TIFF files (bsc#1247106)
ImportantSUSE bug 1247106SUSE bug 1247108CVE-2025-8176 at SUSECVE-2025-8176 at NVDCVE-2025-8177 at SUSECVE-2025-8177 at NVDcpe:/o:suse:suse-microos:5.2Security update for cairo (Low)SUSE Linux Enterprise Micro 5.2
This update for cairo fixes the following issues:
- CVE-2025-50422: NULL pointer access in `active_edges_to_traps()` can lead to crash in Poppler (bsc#1247589).
LowSUSE bug 1247589CVE-2025-50422 at SUSECVE-2025-50422 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50211: md-raid10: fix KASAN warning (bsc#1245140).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
- CVE-2023-52923: netfilter: nf_tables: split async and sync catchall in two functions (bsc#1236104).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
ImportantSUSE bug 1210629SUSE bug 1233551SUSE bug 1234863SUSE bug 1236104SUSE bug 1236333SUSE bug 1239644SUSE bug 1242414SUSE bug 1242417SUSE bug 1245140SUSE bug 1245217SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246186SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349CVE-2022-50211 at SUSECVE-2022-50211 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49138: Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (bsc#1238160).
- CVE-2023-52927: netfilter: allow exp not to be removed in nf_ct_find_expectation (bsc#1239644).
- CVE-2024-53057: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT (bsc#1233551).
- CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863).
- CVE-2025-37797: net_sched: hfsc: Fix a UAF vulnerability in class handling (bsc#1242417).
- CVE-2025-38079: crypto: algif_hash - fix double free in hash_accept (bsc#1245217).
- CVE-2025-38181: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr() (bsc#1246000).
- CVE-2025-38200: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (bsc#1246045).
- CVE-2025-38212: ipc: fix to protect IPCS lookups using RCU (bsc#1246029).
- CVE-2025-38213: vgacon: Add check for vc_origin address range in vgacon_scroll() (bsc#1246037).
- CVE-2025-38257: s390/pkey: Prevent overflow in size calculation for memdup_user() (bsc#1246186).
- CVE-2025-38494: HID: core: do not bypass hid_hw_raw_request (bsc#1247349).
- CVE-2025-38495: HID: core: ensure the allocated report buffer can contain the reserved report ID (bsc#1247348).
- CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347).
ImportantSUSE bug 1233551SUSE bug 1234863SUSE bug 1236333SUSE bug 1239644SUSE bug 1242414SUSE bug 1242417SUSE bug 1245217SUSE bug 1245711SUSE bug 1245986SUSE bug 1246000SUSE bug 1246029SUSE bug 1246037SUSE bug 1246045SUSE bug 1246186SUSE bug 1247347SUSE bug 1247348SUSE bug 1247349CVE-2023-52927 at SUSECVE-2023-52927 at NVDCVE-2024-53057 at SUSECVE-2024-53057 at NVDCVE-2024-53164 at SUSECVE-2024-53164 at NVDCVE-2024-57947 at SUSECVE-2024-57947 at NVDCVE-2025-37797 at SUSECVE-2025-37797 at NVDCVE-2025-37798 at SUSECVE-2025-37798 at NVDCVE-2025-38079 at SUSECVE-2025-38079 at NVDCVE-2025-38120 at SUSECVE-2025-38120 at NVDCVE-2025-38177 at SUSECVE-2025-38177 at NVDCVE-2025-38181 at SUSECVE-2025-38181 at NVDCVE-2025-38200 at SUSECVE-2025-38200 at NVDCVE-2025-38212 at SUSECVE-2025-38212 at NVDCVE-2025-38213 at SUSECVE-2025-38213 at NVDCVE-2025-38257 at SUSECVE-2025-38257 at NVDCVE-2025-38494 at SUSECVE-2025-38494 at NVDCVE-2025-38495 at SUSECVE-2025-38495 at NVDCVE-2025-38497 at SUSECVE-2025-38497 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-Jinja2 (Important)SUSE Linux Enterprise Micro 5.2
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
- Update to Docker 28.3.3-ce.
- CVE-2025-54388: Fixed a bug where firewalld when reloaded can make published container ports accessible from remote hosts. (bsc#1247367)
ModerateSUSE bug 1246556SUSE bug 1247367CVE-2025-54388 at SUSECVE-2025-54388 at NVDcpe:/o:suse:suse-microos:5.2Security update for jq (Moderate)SUSE Linux Enterprise Micro 5.2
This update for jq fixes the following issues:
- CVE-2025-48060: Fixed stack-buffer-overflow in jq_fuzz_execute (bsc#1244116)
ModerateSUSE bug 1244116CVE-2025-48060 at SUSECVE-2025-48060 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam (Moderate)SUSE Linux Enterprise Micro 5.2
This update for pam fixes the following issues:
- Improve previous CVE-2024-10041 fix which led to CPU performance issues (bsc#1232234)
ModerateSUSE bug 1232234SUSE bug 1246221CVE-2024-10041 at SUSECVE-2024-10041 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-urllib3 fixes the following issues:
- CVE-2025-50181: Pool managers now properly control redirects when retries is passed. (bsc#1244925)
ModerateSUSE bug 1244925CVE-2025-50181 at SUSECVE-2025-50181 at NVDcpe:/o:suse:suse-microos:5.2Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ignition fixes the following issues:
- CVE-2022-28948: Fixed an issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input (bsc#1248548)
ModerateSUSE bug 1248548CVE-2022-28948 at SUSECVE-2022-28948 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
ImportantSUSE bug 1236460CVE-2022-49043 at SUSECVE-2022-49043 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-future (Important)SUSE Linux Enterprise Micro 5.2
This update for python-future fixes the following issues:
- CVE-2025-50817: Fixed arbitrary code execution via the automatic import of file test.py (bsc#1248124)
ImportantSUSE bug 1248124CVE-2025-50817 at SUSECVE-2025-50817 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250812 release (bsc#1248438)
- CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
- CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access
- CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.
- CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processor with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access.
- Update for functional issues.
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ARL-H | A1 | 06-c5-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| ARL-S/HX (8P) | B0 | 06-c6-02/82 | 00000118 | 00000119 | Core Ultra Processor (Series 2)
| EMR-SP | A1 | 06-cf-02/87 | 210002a9 | 210002b3 | Xeon Scalable Gen5
| GNR-AP/SP | B0 | 06-ad-01/95 | 010003a2 | 010003d0 | Xeon Scalable Gen6
| GNR-AP/SP | H0 | 06-ad-01/20 | 0a0000d1 | 0a000100 | Xeon Scalable Gen6
| ICL-D | B0 | 06-6c-01/10 | 010002d0 | 010002e0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d000404 | 0d000410 | Xeon Scalable Gen3
| LNL | B0 | 06-bd-01/80 | 0000011f | 00000123 | Core Ultra 200 V Series Processor
| MTL | C0 | 06-aa-04/e6 | 00000024 | 00000025 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004128 | 00004129 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004128 | 00004129 | Core Gen13
| SPR-HBM | Bx | 06-8f-08/10 | 2c0003f7 | 2c000401 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000639 | 2b000643 | Xeon Scalable Gen4
| SRF-SP | C0 | 06-af-03/01 | 03000341 | 03000362 | Xeon 6700-Series Processors with E-Cores
New Disclosures Updated in Prior Releases:
All ADL, RPL, SPR, EMR, MTL, ARL Microcode patches previously released in May 2025.
ImportantSUSE bug 1248438CVE-2025-20053 at SUSECVE-2025-20053 at NVDCVE-2025-20109 at SUSECVE-2025-20109 at NVDCVE-2025-22839 at SUSECVE-2025-22839 at NVDCVE-2025-22840 at SUSECVE-2025-22840 at NVDCVE-2025-22889 at SUSECVE-2025-22889 at NVDCVE-2025-26403 at SUSECVE-2025-26403 at NVDCVE-2025-32086 at SUSECVE-2025-32086 at NVDcpe:/o:suse:suse-microos:5.2Security update for ignition (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ignition fixes the following issues:
CVE-2023-45288: Fixed unclosed connections when receiving too many headers in golang.org/x/net/http2 (bsc#1236518)
ModerateSUSE bug 1236518CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:suse:suse-microos:5.2Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic
standards.
To avoid problems with those, SUSE has by default now disabled those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in `krb5.conf`:
```
[libdefaults]
allow_des3 = true
allow_rc4 = true
```
ModerateSUSE bug 1241219CVE-2025-3576 at SUSECVE-2025-3576 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Update to version 9.1.1629.
- CVE-2025-53905: Fixed a path traversal issue in tar.vim plugin that may allow for file overwriting when opening
specially crafted tar files (bsc#1246604).
- CVE-2025-53906: Fixed a path traversal issue in zip.vim plugin that may allow for file overwriting when opening
specially crafted zip files (bsc#1246602).
- CVE-2025-55157: Fixed use-after-free in internal tuple reference management (bsc#1247938).
- CVE-2025-55158: Fixed double-free in internal typed value (typval_T) management (bsc#1247939).
ModerateSUSE bug 1246602SUSE bug 1246604SUSE bug 1247938SUSE bug 1247939CVE-2025-53905 at SUSECVE-2025-53905 at NVDCVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2025-55157 at SUSECVE-2025-55157 at NVDCVE-2025-55158 at SUSECVE-2025-55158 at NVDcpe:/o:suse:suse-microos:5.2Security update for net-tools (Moderate)SUSE Linux Enterprise Micro 5.2
This update for net-tools fixes the following issues:
Security issues fixed:
- CVE-2025-46836: missing bounds check in `get_name` may lead to a stack buffer overflow (bsc#1243581).
- Avoid unsafe use of `memcpy` in `ifconfig` (bsc#1248687).
- Prevent overflow in `ax25` and `netrom` (bsc#1248687).
- Fix stack buffer overflow in `parse_hex` (bsc#1248687).
- Fix stack buffer overflow in `proc_gen_fmt` (bsc#1248687).
Other issues fixed:
- Allow use of long interface names after CVE-2025-46836 fix, even if they are not accepted by the kernel (bsc#1248410).
- Fix netrom support.
ModerateSUSE bug 1243581SUSE bug 1246608SUSE bug 1248410SUSE bug 1248687SUSE bug 142461CVE-2025-46836 at SUSECVE-2025-46836 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2024-47175: no validation of IPP attributes in `ppdCreatePPDFromIPP2` when writing to a temporary PPD file allows
for the injection of attacker-controlled data to the resulting PPD (bsc#1230932).
- CVE-2025-58060: no password check when `AuthType` is set to anything but `Basic` and a request is made with an
`Authorization: Basic` header (bsc#1249049).
- CVE-2025-58364: unsafe deserialization and validation of printer attributes leads to NULL pointer dereference
(bsc#1249128).
ImportantSUSE bug 1230932SUSE bug 1246533SUSE bug 1249049SUSE bug 1249128CVE-2024-47175 at SUSECVE-2024-47175 at NVDCVE-2025-58060 at SUSECVE-2025-58060 at NVDCVE-2025-58364 at SUSECVE-2025-58364 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2024-52615: wide-area DNS uses constant source port for queries and can expose the Avahi-daemon to DNS spoofing
attacks (bsc#1233421).
ModerateSUSE bug 1233421CVE-2024-52615 at SUSECVE-2024-52615 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Important)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
Security issues fixed:
- CVE-2025-9086: bug in patch comparison logic when processing cookies can lead to out-of-bounds read in heap buffer
(bsc#1249191).
- CVE-2025-10148: predictable websocket mask can lead to proxy cache poisoning by malicious server (bsc#1249348).
Other issues fixed:
- Fix the --ftp-pasv option in curl v8.14.1 (bsc#1246197).
* tool_getparam: fix --ftp-pasv [5f805ee]
- Update to version 8.14.1 (jsc#PED-13055, jsc#PED-13056).
* TLS: add CURLOPT_SSL_SIGNATURE_ALGORITHMS and --sigalgs.
* websocket: add option to disable auto-pong reply.
* huge number of bugfixes.
Please see https://curl.se/ch/ for full changelogs.
ImportantSUSE bug 1246197SUSE bug 1249191SUSE bug 1249348SUSE bug 1249367CVE-2025-10148 at SUSECVE-2025-10148 at NVDCVE-2025-9086 at SUSECVE-2025-9086 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954).
- CVE-2022-50116: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- Disable N_GSM (jsc#PED-8240).
ImportantSUSE bug 1199657SUSE bug 1229334SUSE bug 1238954SUSE bug 1240799SUSE bug 1241433SUSE bug 1242780SUSE bug 1243278SUSE bug 1244824SUSE bug 1245970SUSE bug 1246073SUSE bug 1246473SUSE bug 1246781SUSE bug 1246911SUSE bug 1247143SUSE bug 1247314SUSE bug 1247374SUSE bug 1247437SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248306SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-29900 at SUSECVE-2022-29900 at NVDCVE-2022-29901 at SUSECVE-2022-29901 at NVDCVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Low)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2025-9165: local execution manipulation leading to memory leak (bsc#1248330).
- CVE-2025-8534: null pointer dereference in function PS_Lvl2page (bsc#1247582).
- CVE-2025-8961: segmentation fault via main function of tiffcrop utility (bsc#1248117).
LowSUSE bug 1247582SUSE bug 1248117SUSE bug 1248330CVE-2025-8534 at SUSECVE-2025-8534 at NVDCVE-2025-8961 at SUSECVE-2025-8961 at NVDCVE-2025-9165 at SUSECVE-2025-9165 at NVDcpe:/o:suse:suse-microos:5.2Security update for gdk-pixbuf (Important)SUSE Linux Enterprise Micro 5.2
This update for gdk-pixbuf fixes the following issues:
- CVE-2025-7345: heap buffer overflow in gdk‑pixbuf within the `gdk_pixbuf__jpeg_image_load_increment` function
(bsc#1246114).
- CVE-2025-6199: uninitialized memory could lead to leak arbitrary memory contents (bsc#1245227).
ImportantSUSE bug 1159337SUSE bug 1245227SUSE bug 1246114CVE-2025-6199 at SUSECVE-2025-6199 at NVDCVE-2025-7345 at SUSECVE-2025-7345 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (bsc#1238954).
- CVE-2022-50116: kernel: tty: n_gsm: fix deadlock and link starvation in outgoing data path (bsc#1244824).
- CVE-2023-53117: fs: prevent out-of-bounds array speculation when closing a file descriptor (bsc#1242780).
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-58239: tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1248614).
- CVE-2025-21971: net_sched: Prevent creation of classes with TC_H_ROOT (bsc#1240799).
- CVE-2025-22045: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (bsc#1241433).
- CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970).
- CVE-2025-38206: exfat: fix double free in delayed_free (bsc#1246073).
- CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473).
- CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781).
- CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911).
- CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143).
- CVE-2025-38468: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (bsc#1247437).
- CVE-2025-38477: net/sched: sch_qfq: Fix race condition on qfq_aggregate (bsc#1247314).
- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247374).
- CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976).
- CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223).
- CVE-2025-38563: perf/core: Prevent VMA split of buffer mappings (bsc#1248306).
- CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338).
- CVE-2025-38617: net/packet: fix a race in packet_set_ring() and packet_notifier() (bsc#1248621).
- CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511).
- CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748).
The following non-security bugs were fixed:
- Disable N_GSM (bsc#1244824 jsc#PED-8240).
- NFSv4.1: fix backchannel max_resp_sz verification check (bsc#1247518).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (bsc#1243278).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
ImportantSUSE bug 1229334SUSE bug 1238954SUSE bug 1240799SUSE bug 1241433SUSE bug 1242780SUSE bug 1243278SUSE bug 1244824SUSE bug 1245970SUSE bug 1246073SUSE bug 1246473SUSE bug 1246781SUSE bug 1246911SUSE bug 1247143SUSE bug 1247314SUSE bug 1247374SUSE bug 1247437SUSE bug 1247518SUSE bug 1247976SUSE bug 1248223SUSE bug 1248306SUSE bug 1248338SUSE bug 1248511SUSE bug 1248614SUSE bug 1248621SUSE bug 1248748CVE-2022-49492 at SUSECVE-2022-49492 at NVDCVE-2022-50116 at SUSECVE-2022-50116 at NVDCVE-2023-53117 at SUSECVE-2023-53117 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-58239 at SUSECVE-2024-58239 at NVDCVE-2025-21971 at SUSECVE-2025-21971 at NVDCVE-2025-22045 at SUSECVE-2025-22045 at NVDCVE-2025-38180 at SUSECVE-2025-38180 at NVDCVE-2025-38206 at SUSECVE-2025-38206 at NVDCVE-2025-38323 at SUSECVE-2025-38323 at NVDCVE-2025-38350 at SUSECVE-2025-38350 at NVDCVE-2025-38352 at SUSECVE-2025-38352 at NVDCVE-2025-38460 at SUSECVE-2025-38460 at NVDCVE-2025-38468 at SUSECVE-2025-38468 at NVDCVE-2025-38477 at SUSECVE-2025-38477 at NVDCVE-2025-38498 at SUSECVE-2025-38498 at NVDCVE-2025-38499 at SUSECVE-2025-38499 at NVDCVE-2025-38546 at SUSECVE-2025-38546 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38608 at SUSECVE-2025-38608 at NVDCVE-2025-38617 at SUSECVE-2025-38617 at NVDCVE-2025-38618 at SUSECVE-2025-38618 at NVDCVE-2025-38644 at SUSECVE-2025-38644 at NVDcpe:/o:suse:suse-microos:5.2Security update for open-vm-tools (Important)SUSE Linux Enterprise Micro 5.2
This update for open-vm-tools fixes the following issues:
- CVE-2025-41244: local privilege escalation via the Service Discovery Plugin (bsc#1250373).
ImportantSUSE bug 1250373CVE-2025-41244 at SUSECVE-2025-41244 at NVDcpe:/o:suse:suse-microos:5.2Security update for orc (Important)SUSE Linux Enterprise Micro 5.2
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the Orc compiler when
formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2025-9230: incorrect check of key size can lead to out-of-bounds read and write in RFC 3211 KEK unwrap
(bsc#1250232).
ImportantSUSE bug 1250232CVE-2025-9230 at SUSECVE-2025-9230 at NVDcpe:/o:suse:suse-microos:5.2Security update for cairo (Low)SUSE Linux Enterprise Micro 5.2
This update for cairo fixes the following issues:
- CVE-2019-6461: Avoid assert when drawing arcs with NaN angles (bsc#1122338)
LowSUSE bug 1122338CVE-2019-6461 at SUSECVE-2019-6461 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libxslt fixes the following issues:
- CVE-2025-10911: fixed use-after-free with key data stored cross-RVT (bsc#1250553)
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-9566: fixed an issue where kube play command could cause host files to get overwritten (bsc#1249154)
ImportantSUSE bug 1249154CVE-2025-9566 at SUSECVE-2025-9566 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Important)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2025-59375: memory amplification vulnerability allows attackers to trigger excessive dynamic memory allocations
by submitting crafted XML input (bsc#1249584).
ImportantSUSE bug 1249584CVE-2025-59375 at SUSECVE-2025-59375 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136)
ModerateSUSE bug 1226463SUSE bug 1236136CVE-2024-13176 at SUSECVE-2024-13176 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxslt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libxslt fixes the following issues:
- last fix caused a regression, patch was temporary disabled [bsc#1250553]
ModerateSUSE bug 1250553CVE-2025-10911 at SUSECVE-2025-10911 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
- CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
- CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140).
- CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- rpm: Configure KABI checkingness macro (bsc#1249186)
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186)
- rpm: Link arch-symbols script from scripts directory.
- rpm: Link guards script from scripts directory.
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206883SUSE bug 1206884SUSE bug 1209287SUSE bug 1209291SUSE bug 1210124SUSE bug 1210584SUSE bug 1213061SUSE bug 1213666SUSE bug 1215150SUSE bug 1216976SUSE bug 1220185SUSE bug 1220186SUSE bug 1240784SUSE bug 1241353SUSE bug 1243278SUSE bug 1244337SUSE bug 1245110SUSE bug 1245956SUSE bug 1246879SUSE bug 1246968SUSE bug 1247172SUSE bug 1247239SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248847SUSE bug 1249186SUSE bug 1249200SUSE bug 1249220SUSE bug 1249346SUSE bug 1249538SUSE bug 1249604SUSE bug 1249664SUSE bug 1249667SUSE bug 1249700SUSE bug 1249713SUSE bug 1249716SUSE bug 1249718SUSE bug 1249734SUSE bug 1249740SUSE bug 1249743SUSE bug 1249747SUSE bug 1249808SUSE bug 1249825SUSE bug 1249827SUSE bug 1249840SUSE bug 1249846SUSE bug 1249880SUSE bug 1249885SUSE bug 1249908SUSE bug 1249918SUSE bug 1249923SUSE bug 1249930SUSE bug 1249947SUSE bug 1249949SUSE bug 1250002SUSE bug 1250009SUSE bug 1250014SUSE bug 1250041SUSE bug 1250131SUSE bug 1250132SUSE bug 1250140SUSE bug 1250180SUSE bug 1250183SUSE bug 1250187SUSE bug 1250257SUSE bug 1250269SUSE bug 1250277SUSE bug 1250301SUSE bug 1250313SUSE bug 1250391SUSE bug 1250392SUSE bug 1250394SUSE bug 1250522SUSE bug 1250764SUSE bug 1250767SUSE bug 1250774SUSE bug 1250787SUSE bug 1250790SUSE bug 1250797SUSE bug 1250799SUSE bug 1250823SUSE bug 1250847SUSE bug 1250850SUSE bug 1250853SUSE bug 1250868SUSE bug 1250890SUSE bug 1250891CVE-2021-4460 at SUSECVE-2021-4460 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-21969 at SUSECVE-2025-21969 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-49980: USB: gadget: fix use-after-free read in usb_udc_uevent() (bsc#1245110).
- CVE-2022-50233: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} (bsc#1246968).
- CVE-2022-50248: wifi: iwlwifi: mvm: fix double free on tx path (bsc#1249840).
- CVE-2022-50252: igb: Do not free q_vector unless new one was allocated (bsc#1249846).
- CVE-2022-50258: wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (bsc#1249947).
- CVE-2022-50381: md: fix a crash in mempool_free (bsc#1250257).
- CVE-2022-50386: Bluetooth: L2CAP: Fix user-after-free (bsc#1250301).
- CVE-2022-50401: nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (bsc#1250140).
- CVE-2022-50408: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() (bsc#1250391).
- CVE-2022-50409: net: If sock is dead do not access sock's sk_wq in sk_stream_wait_memory (bsc#1250392).
- CVE-2022-50412: drm: bridge: adv7511: unregister cec i2c device after cec adapter (bsc#1250189).
- CVE-2023-53178: mm: fix zswap writeback race condition (bsc#1249827).
- CVE-2023-53220: media: az6007: Fix null-ptr-deref in az6007_i2c_xfer() (bsc#1250337).
- CVE-2023-53321: wifi: mac80211_hwsim: drop short frames (bsc#1250313).
- CVE-2023-53438: x86/MCE: Always save CS register on AMD Zen IF Poison errors (bsc#1250180).
- CVE-2024-53093: nvme-multipath: defer partition scanning (bsc#1233640).
- CVE-2025-21969: kABI workaround for l2cap_conn changes (bsc#1240784).
- CVE-2025-38011: drm/amdgpu: csa unmap use uninterruptible lock (bsc#1244729).
- CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956).
- CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963).
- CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239).
- CVE-2025-38553: net/sched: Restrict conditions for adding duplicating netems to qdisc tree (bsc#1248255).
- CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399).
- CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628).
- CVE-2025-38685: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220).
- CVE-2025-38713: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (bsc#1249200).
- CVE-2025-39751: ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (bsc#1249538).
- CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002).
The following non-security bugs were fixed:
- Limit patch filenames to 100 characters (bsc#1249604).
- Move pesign-obs-integration requirement from kernel-syms to kernel devel subpackage (bsc#1248108).
- git_sort: Make tests independent of environment.
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (git-fixes).
- kernel-binary: Another installation ordering fix (bsc#1241353).
- kernel-source: Do not list mkspec and its inputs as sources (bsc#1250522).
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346).
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879).
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337).
- rpm: Configure KABI checkingness macro (bsc#1249186).
- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186).
- scripts/python/kss-dashboard: attempt getting smash data
- scripts/python/kss-dashboard: fetch into repos if stale
- scripts/python/kss-dashboard: implement CVSSv3.1 score consistency check
- scripts/python/kss-dashboard: prepare for the alternative CVE branch
- scripts/python/kss-dashboard: simplify control flow
- scripts/python/kss-dashboard: speed up patch checking a bit
- scripts/python/kss-dashboard: use decorator to handle exceptions
- scripts/tar-up: Remove mkspec only affter running it.
- scripts: Import arch-symbols script from packaging
- scripts: Import guards script from packaging
- scripts: test_linux_git.py: Do not complain about missing cwd
- sequence-patch: Use arch-symbols
- suse_git/header: Complain about patch filenames over 100 characters.
- tar-up: Also sort generated tar archives
- tar-up: Handle multiple levels of symlinks
- tar-up: Normalize file modes to ones supported by git
- tar-up: Remove mkspec and its inputs as from target directory (bsc#1250522).
- tar-up: Remove the $build_dir prefix when in $build_dir
- tar-up: Set owner of files in generated tar archives to root rather than nobody
- tar_up: Handle symlinks in rpm directory
- use uniform permission checks for all mount propagation changes (git-fixes).
ImportantSUSE bug 1202700SUSE bug 1203063SUSE bug 1203332SUSE bug 1204228SUSE bug 1205128SUSE bug 1206883SUSE bug 1206884SUSE bug 1209287SUSE bug 1209291SUSE bug 1210124SUSE bug 1210584SUSE bug 1213061SUSE bug 1213666SUSE bug 1215150SUSE bug 1216976SUSE bug 1220185SUSE bug 1220186SUSE bug 1233640SUSE bug 1240784SUSE bug 1241353SUSE bug 1243278SUSE bug 1244337SUSE bug 1244729SUSE bug 1245110SUSE bug 1245956SUSE bug 1245963SUSE bug 1246879SUSE bug 1246968SUSE bug 1247172SUSE bug 1247239SUSE bug 1248108SUSE bug 1248255SUSE bug 1248399SUSE bug 1248628SUSE bug 1248847SUSE bug 1249186SUSE bug 1249200SUSE bug 1249220SUSE bug 1249346SUSE bug 1249538SUSE bug 1249604SUSE bug 1249664SUSE bug 1249667SUSE bug 1249700SUSE bug 1249713SUSE bug 1249716SUSE bug 1249718SUSE bug 1249734SUSE bug 1249740SUSE bug 1249743SUSE bug 1249747SUSE bug 1249808SUSE bug 1249825SUSE bug 1249827SUSE bug 1249840SUSE bug 1249846SUSE bug 1249880SUSE bug 1249885SUSE bug 1249908SUSE bug 1249918SUSE bug 1249923SUSE bug 1249930SUSE bug 1249947SUSE bug 1249949SUSE bug 1250002SUSE bug 1250009SUSE bug 1250014SUSE bug 1250041SUSE bug 1250131SUSE bug 1250132SUSE bug 1250140SUSE bug 1250180SUSE bug 1250183SUSE bug 1250187SUSE bug 1250189SUSE bug 1250257SUSE bug 1250269SUSE bug 1250277SUSE bug 1250301SUSE bug 1250313SUSE bug 1250337SUSE bug 1250391SUSE bug 1250392SUSE bug 1250394SUSE bug 1250522SUSE bug 1250764SUSE bug 1250767SUSE bug 1250774SUSE bug 1250787SUSE bug 1250790SUSE bug 1250797SUSE bug 1250799SUSE bug 1250823SUSE bug 1250847SUSE bug 1250850SUSE bug 1250853SUSE bug 1250868SUSE bug 1250890SUSE bug 1250891CVE-2021-4460 at SUSECVE-2021-4460 at NVDCVE-2022-2602 at SUSECVE-2022-2602 at NVDCVE-2022-2978 at SUSECVE-2022-2978 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50233 at SUSECVE-2022-50233 at NVDCVE-2022-50234 at SUSECVE-2022-50234 at NVDCVE-2022-50235 at SUSECVE-2022-50235 at NVDCVE-2022-50248 at SUSECVE-2022-50248 at NVDCVE-2022-50249 at SUSECVE-2022-50249 at NVDCVE-2022-50252 at SUSECVE-2022-50252 at NVDCVE-2022-50257 at SUSECVE-2022-50257 at NVDCVE-2022-50258 at SUSECVE-2022-50258 at NVDCVE-2022-50260 at SUSECVE-2022-50260 at NVDCVE-2022-50271 at SUSECVE-2022-50271 at NVDCVE-2022-50272 at SUSECVE-2022-50272 at NVDCVE-2022-50299 at SUSECVE-2022-50299 at NVDCVE-2022-50309 at SUSECVE-2022-50309 at NVDCVE-2022-50312 at SUSECVE-2022-50312 at NVDCVE-2022-50317 at SUSECVE-2022-50317 at NVDCVE-2022-50330 at SUSECVE-2022-50330 at NVDCVE-2022-50344 at SUSECVE-2022-50344 at NVDCVE-2022-50355 at SUSECVE-2022-50355 at NVDCVE-2022-50359 at SUSECVE-2022-50359 at NVDCVE-2022-50367 at SUSECVE-2022-50367 at NVDCVE-2022-50368 at SUSECVE-2022-50368 at NVDCVE-2022-50375 at SUSECVE-2022-50375 at NVDCVE-2022-50381 at SUSECVE-2022-50381 at NVDCVE-2022-50385 at SUSECVE-2022-50385 at NVDCVE-2022-50386 at SUSECVE-2022-50386 at NVDCVE-2022-50401 at SUSECVE-2022-50401 at NVDCVE-2022-50408 at SUSECVE-2022-50408 at NVDCVE-2022-50409 at SUSECVE-2022-50409 at NVDCVE-2022-50410 at SUSECVE-2022-50410 at NVDCVE-2022-50412 at SUSECVE-2022-50412 at NVDCVE-2022-50414 at SUSECVE-2022-50414 at NVDCVE-2022-50419 at SUSECVE-2022-50419 at NVDCVE-2022-50422 at SUSECVE-2022-50422 at NVDCVE-2022-50427 at SUSECVE-2022-50427 at NVDCVE-2022-50431 at SUSECVE-2022-50431 at NVDCVE-2022-50435 at SUSECVE-2022-50435 at NVDCVE-2022-50437 at SUSECVE-2022-50437 at NVDCVE-2022-50440 at SUSECVE-2022-50440 at NVDCVE-2022-50444 at SUSECVE-2022-50444 at NVDCVE-2022-50454 at SUSECVE-2022-50454 at NVDCVE-2022-50458 at SUSECVE-2022-50458 at NVDCVE-2022-50459 at SUSECVE-2022-50459 at NVDCVE-2022-50467 at SUSECVE-2022-50467 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-28328 at SUSECVE-2023-28328 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-53147 at SUSECVE-2023-53147 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2023-53179 at SUSECVE-2023-53179 at NVDCVE-2023-53213 at SUSECVE-2023-53213 at NVDCVE-2023-53220 at SUSECVE-2023-53220 at NVDCVE-2023-53265 at SUSECVE-2023-53265 at NVDCVE-2023-53273 at SUSECVE-2023-53273 at NVDCVE-2023-53304 at SUSECVE-2023-53304 at NVDCVE-2023-53321 at SUSECVE-2023-53321 at NVDCVE-2023-53333 at SUSECVE-2023-53333 at NVDCVE-2023-53438 at SUSECVE-2023-53438 at NVDCVE-2023-53464 at SUSECVE-2023-53464 at NVDCVE-2023-53492 at SUSECVE-2023-53492 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-53093 at SUSECVE-2024-53093 at NVDCVE-2024-58240 at SUSECVE-2024-58240 at NVDCVE-2025-21969 at SUSECVE-2025-21969 at NVDCVE-2025-38011 at SUSECVE-2025-38011 at NVDCVE-2025-38184 at SUSECVE-2025-38184 at NVDCVE-2025-38216 at SUSECVE-2025-38216 at NVDCVE-2025-38488 at SUSECVE-2025-38488 at NVDCVE-2025-38553 at SUSECVE-2025-38553 at NVDCVE-2025-38572 at SUSECVE-2025-38572 at NVDCVE-2025-38664 at SUSECVE-2025-38664 at NVDCVE-2025-38685 at SUSECVE-2025-38685 at NVDCVE-2025-38713 at SUSECVE-2025-38713 at NVDCVE-2025-39751 at SUSECVE-2025-39751 at NVDCVE-2025-39823 at SUSECVE-2025-39823 at NVDcpe:/o:suse:suse-microos:5.2Security update for samba (Critical)SUSE Linux Enterprise Micro 5.2
This update for samba fixes the following issues:
- CVE-2025-9640: Fixed vfs_streams_xattr uninitialized memory write (bsc#1251279).
- CVE-2025-10230: Fixed command Injection in WINS Server Hook Script (bsc#1251280).
CriticalSUSE bug 1251279SUSE bug 1251280CVE-2025-10230 at SUSECVE-2025-10230 at NVDCVE-2025-9640 at SUSECVE-2025-9640 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590)
- CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)
ModerateSUSE bug 1236588SUSE bug 1236590CVE-2025-0167 at SUSECVE-2025-0167 at NVDCVE-2025-0725 at SUSECVE-2025-0725 at NVDcpe:/o:suse:suse-microos:5.2Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.2
This update for protobuf fixes the following issues:
- CVE-2025-4565: parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or
messages can lead to crash due to a `RecursionError` (bsc#1244663).
ModerateSUSE bug 1244663CVE-2025-4565 at SUSECVE-2025-4565 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxslt (Important)SUSE Linux Enterprise Micro 5.2
This update for libxslt fixes the following issues:
- CVE-2025-11731: fixed a type confusion in exsltFuncResultComp function that could cause a denial of service (bsc#1251979)
ImportantSUSE bug 1251979CVE-2025-11731 at SUSECVE-2025-11731 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Important)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
- Move NSS DB password hash away from SHA-1.
Update to NSS 3.112.2:
* Prevent leaks during pkcs12 decoding.
* SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
Update to NSS 3.112.1:
* restore support for finding certificates by decoded serial number.
ImportantSUSE bug 1251263CVE-2025-9187 at SUSECVE-2025-9187 at NVDcpe:/o:suse:suse-microos:5.2Security update for afterburn (Important)SUSE Linux Enterprise Micro 5.2
This update for afterburn fixes the following issues:
Update to version 5.9.0.git21.a73f509.
Security issues fixed:
- CVE-2022-24713: regex: no proper complexity limitation when parsing untrusted regular expressions with large
repetitions on empty sub-expressions can lead to excessive resource consumption and denial of service (bsc#1196972).
- CVE-2024-12224: idna: acceptance of Punycode labels that do not produce any non-ASCII output may lead to incorrect
hostname comparisons and incorrect URL parsing (bsc#1243850).
- CVE-2025-5791: users: `root` user being appended to group listings whenever listing does not have exactly 1024 groups
can lead to privilege escalation when information is used for access control (bsc#1244199).
- CVE-2025-3416: openssl: passing of `Some(...)` value as `properties` argument to `Md::fetch` or `Cipher::fetch` can
lead to use-after-free (bsc#1242665).
Other issues fixed:
- Fixed in version 5.9.0.git21.a73f509:
* cargo: update dependencies
* microsoft/azure: Add XML attribute alias for serde-xml-rs Fedora compat
* microsoft/azure: Fix SharedConfig parsing of XML attributes
* microsoft/azure: Mock goalstate.SharedConfig output in tests
* providers/azure: switch SSH key retrieval from certs endpoint to IMDS as azure stopped providing keys in the old one (bsc#1250471).
* upcloud: implement UpCloud provider
* Update several build dependencies
- Fixed in version 5.9.0:
* cargo: update dependencies
* dracut: Return 255 in module-setup
* oraclecloud: add release note and move base URL to constant
* oraclecloud: implement oraclecloud provider
* Update several build dependencies
- Fixed in version 5.8.2:
* cargo: update dependencies
* packit: add initial support
- Fixed in version 5.7.0.git103.bae893c:
* proxmoxve: Add more context to log messages.
* proxmoxve: Remove unneeded fields
* proxmoxve: Add tests for static network configuration from cloud-init.
* proxmoxve: Add support for static network configuration from cloud-init.
* providers/openstack: ignore ec2 metadata if not present
* proxmox: use noop provider if no configdrive
* Update several build dependencies
- Fixed in version 5.7.0:
* cargo: update dependencies
* dhcp: replace dbus_proxy with proxy, and zbus traits
* providers/hetzner: private ipv4 addresses in attributes
* openstack: Document the two platforms
* microsoft/azure: allow empty certificate chain in PKCS12 file
* proxmoxve: implement proxmoxve provider
* providers/hetzner: fix duplicate attribute prefix
* lint: silence deadcode warnings
* lint: address latest lint's from msrv update
* cargo: update msrv to 1.75
* providers: Add 'akamai' provider
* providers/vmware: add missing public functions for non-amd64
* providers/vmware: Process guestinfo.metadata netplan configuration
* kubevirt: Run afterburn-hostname service
* providers: add support for scaleway
* Move away from deprecated `users` to `uzers`
* providers/hetzner: add support for Hetzner Cloud
* cargo: update MSRV to 1.71
* cargo: specify required features for nix dependency
* openstack: Add attribute OPENSTACK_INSTANCE_UUID
* cargo: allow openssl 0.10.46
* build-sys: Use new tier = 2 for cargo-vendor-filterer
* cargo: fix minimum version of openssl crate
* microsoft/crypto/mod: replace deprecated function `parse` with `parse2`
* cli: switch to clap derive
* cli: add descriptive value names for option arguments in --help
* cli: have clap require exactly one of --cmdline/--provider
* providers/`*`: move endpoint mocking into retry::Client
* retry/client: move URL parsing into helper function
* providers/microsoft: import crate::retry
* providers/microsoft: use stored client for all fetches
* providers/packet: use stored client for boot checkin
* initrd: remember to write trailing newline to network kargs file
* util: drop obsolete 'OEM' terminology
* Inline variables into format strings
* Update several build dependencies
- Fixed in version 5.4.1:
* cargo: add configuration for cargo-vendor-filterer
* util: support DHCP option lookup from NetworkManager
* util: factor out retries of DHCP option lookup
* util: refactor DHCP option query helper into an enum
* util: move dns_lease_key_lookup() to a separate module
* cargo: update MSRV to 1.66
* cargo: update all packages to fix build error
* cargo: continue to support openssh-keys 0.5
* cargo: drop serde_derive crate in favor of serde derive feature
* cargo: use consistent declaration syntax for slog dependency
* cargo: drop unused dependencies
* cargo: continue to support base64 0.13
* cargo: continue to support mailparse 0.13.8
* cargo: continue to support clap 3.1
* cargo: stop enabling LTO in release builds
* providers/ibmcloud: avoid error if an ssh key not found in metadata
* systemd: add explicit ordering, after multi-user.target
* network: fix clippy 1.63.0 lints
* cargo: allow serde_yaml 0.8
* cargo: update version ranges for post-1.x deps
* providers: Use inline `format!` in a few places
* *: bump MSRV to 1.58.0
* cargo: update clap to 3.2.5
* copr: mark git checkout as safe
* providers/aws: expose instance availability-zone-id as AWS_AVAILABILITY_ZONE_ID
* Update several build dependencies
- Fixed in version 5.3.0:
* systemd: enable sshkeys on Power VS platform
* network: Encode information for systemd-networkd-wait-online
* cargo: update to clap 3.1
* cargo: enable clap wrap_help feature
* cli: run clap tests
* cli: avoid deprecated clap constructs
* cargo: update to clap 3.0
* cli: use clap mechanism to require exp subcommand
* cargo: declare MSRV in Cargo.toml
* cargo: update to Rust 2021; bump MSRV to 1.56.0
* copr: abort if specfile fetch fails
* providers/aws: add AWS_IPV6 attribute
* providers/aws: bump metadata version to 2021-01-03
* kubevirt: Add KubeVirt platform support
* *.service: add/update Documentation field
* aws/mock_tests: explicitly drop mocks before resetting
* aws/mock_tests: split out IMDS tests
* aws/mock_tests: factor out map building
* *: use `RemainAfterExit` on all oneshot services
* Update several build dependencies
ImportantSUSE bug 1196972SUSE bug 1242665SUSE bug 1243850SUSE bug 1244199SUSE bug 1244675SUSE bug 1250471CVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2024-12224 at SUSECVE-2024-12224 at NVDCVE-2025-3416 at SUSECVE-2025-3416 at NVDCVE-2025-5791 at SUSECVE-2025-5791 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libssh fixes the following issues:
- CVE-2025-8277: memory exhaustion leading to client-side DoS due to improper memory management when KEX process is
repeated with incorrect guesses (bsc#1249375).
- CVE-2025-8114: NULL pointer dereference when an allocation error happens during the calculation of the KEX session ID
(bsc#1246974).
ModerateSUSE bug 1246974SUSE bug 1249375CVE-2025-8114 at SUSECVE-2025-8114 at NVDCVE-2025-8277 at SUSECVE-2025-8277 at NVDcpe:/o:suse:suse-microos:5.2Security update for tiff (Important)SUSE Linux Enterprise Micro 5.2
This update for tiff fixes the following issues:
- CVE-2025-9900: Fixed Write-What-Where in libtiff via TIFFReadRGBAImageOriented (bsc#1250413).
ImportantSUSE bug 1250413CVE-2025-9900 at SUSECVE-2025-9900 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252232).
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252232).
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252232).
Update to runc v1.2.7.
- Upstream changelog is available from <https://github.com/opencontainers/runc/releases/tag/v1.2.7>
ImportantSUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:suse-microos:5.2Security update for gpg2 (Low)SUSE Linux Enterprise Micro 5.2
This update for gpg2 fixes the following issues:
- CVE-2025-30258: fixed a verification denial of service due to a malicious subkey in the keyring (bsc#1239119)
LowSUSE bug 1239119CVE-2025-30258 at SUSECVE-2025-30258 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update for runc fixes the following issues:
Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0> ImportantSUSE bug 1252110SUSE bug 1252232CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions (bsc#1252376)
- CVE-2025-52565: Fixed container escape with malicious config due to /dev/console mount and related races (bsc#1252376)
- CVE-2025-52881: Fixed container escape and denial of service due to arbitrary write gadgets and procfs write redirects (bsc#1252376)
Other fixes:
- Fix: podman and buildah with runc 1.3.2 fail with lots of warnings as rootless (bsc#1252543)
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
ImportantSUSE bug 1248988SUSE bug 1252376SUSE bug 1252543CVE-2025-31133 at SUSECVE-2025-31133 at NVDCVE-2025-52565 at SUSECVE-2025-52565 at NVDCVE-2025-52881 at SUSECVE-2025-52881 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssh fixes the following issues:
- CVE-2025-61984: Fixed code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198)
- CVE-2025-61985: Fixed code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199)
ModerateSUSE bug 1251198SUSE bug 1251199CVE-2025-61984 at SUSECVE-2025-61984 at NVDCVE-2025-61985 at SUSECVE-2025-61985 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2025-9714: Fixed inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (bsc#1249076)
- CVE-2025-8732: Fixed infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247850)
ModerateSUSE bug 1247850SUSE bug 1249076CVE-2025-8732 at SUSECVE-2025-8732 at NVDCVE-2025-9714 at SUSECVE-2025-9714 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise FIXME kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1250293).
- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784).
- CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1250851).
- CVE-2022-50488: block, bfq: fix possible uaf for 'bfqq->bic' (bsc#1251201).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2023-53722: md: raid1: fix potential OOB in raid1_remove_disk() (bsc#1252499).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
ImportantSUSE bug 1065729SUSE bug 1199304SUSE bug 1205128SUSE bug 1206893SUSE bug 1210124SUSE bug 1243919SUSE bug 1247317SUSE bug 1249186SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250293SUSE bug 1250311SUSE bug 1250358SUSE bug 1250742SUSE bug 1250784SUSE bug 1250816SUSE bug 1250851SUSE bug 1250946SUSE bug 1251040SUSE bug 1251047SUSE bug 1251052SUSE bug 1251072SUSE bug 1251088SUSE bug 1251091SUSE bug 1251115SUSE bug 1251169SUSE bug 1251173SUSE bug 1251182SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251222SUSE bug 1251292SUSE bug 1251300SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251730SUSE bug 1251741SUSE bug 1251743SUSE bug 1251747SUSE bug 1251763SUSE bug 1251930SUSE bug 1252035SUSE bug 1252047SUSE bug 1252480SUSE bug 1252499SUSE bug 1252516SUSE bug 1252554SUSE bug 1252688SUSE bug 1252775CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40082 at SUSECVE-2025-40082 at NVDcpe:/o:suse:suse-microos:5.2Security update for grub2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for grub2 fixes the following issues:
- CVE-2025-54771: Fixed rub_file_close() does not properly controls the fs refcount (bsc#1252931)
- CVE-2025-61661: Fixed out-of-bounds write in grub_usb_get_string() function (bsc#1252932)
- CVE-2025-61662: Fixed missing unregister call for gettext command may lead to use-after-free (bsc#1252933)
- CVE-2025-61663: Fixed missing unregister call for normal commands may lead to use-after-free (bsc#1252934)
- CVE-2025-61664: Fixed missing unregister call for normal_exit command may lead to use-after-free (bsc#1252935)
Other fixes:
- Bump upstream SBAT generation to 6
ModerateSUSE bug 1252931SUSE bug 1252932SUSE bug 1252933SUSE bug 1252934SUSE bug 1252935CVE-2025-54771 at SUSECVE-2025-54771 at NVDCVE-2025-61661 at SUSECVE-2025-61661 at NVDCVE-2025-61662 at SUSECVE-2025-61662 at NVDCVE-2025-61663 at SUSECVE-2025-61663 at NVDCVE-2025-61664 at SUSECVE-2025-61664 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253542)
ImportantSUSE bug 1253542CVE-2025-47913 at SUSECVE-2025-47913 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757)
ModerateSUSE bug 1253757CVE-2025-11563 at SUSECVE-2025-11563 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2025-7039: Fixed buffer under-read on glib through glib/gfileutils.c via get_tmp_file() (bsc#1249055)
ModerateSUSE bug 1249055CVE-2025-7039 at SUSECVE-2025-7039 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50327: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value (bsc#1249859).
- CVE-2022-50334: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param() (bsc#1249857).
- CVE-2022-50388: nvme: fix multipath crash caused by flush request when blktrace is enabled (bsc#1250293).
- CVE-2022-50423: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (bsc#1250784).
- CVE-2022-50432: kernfs: fix use-after-free in __kernfs_remove (bsc#1250851).
- CVE-2022-50488: block, bfq: fix possible uaf for 'bfqq->bic' (bsc#1251201).
- CVE-2022-50516: fs: dlm: fix invalid derefence of sb_lvbptr (bsc#1251741).
- CVE-2023-53282: scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1250311).
- CVE-2023-53365: ip6mr: Fix skb_under_panic in ip6mr_cache_report() (bsc#1249988).
- CVE-2023-53395: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (bsc#1250358).
- CVE-2023-53500: xfrm: fix slab-use-after-free in decode_session6 (bsc#1250816).
- CVE-2023-53559: ip_vti: fix potential slab-use-after-free in decode_session6 (bsc#1251052).
- CVE-2023-53574: wifi: rtw88: delete timer and free skb queue when unloading (bsc#1251222).
- CVE-2023-53619: netfilter: conntrack: Avoid nf_ct_helper_hash uses after free (bsc#1251743).
- CVE-2023-53673: Bluetooth: hci_event: call disconnect callback before deleting conn (bsc#1251763).
- CVE-2023-53705: ipv6: Fix out-of-bounds access in ipv6_find_tlv() (bsc#1252554).
- CVE-2023-53722: md: raid1: fix potential OOB in raid1_remove_disk() (bsc#1252499).
- CVE-2025-38476: rpl: Fix use-after-free in rpl_do_srh_inline() (bsc#1247317).
- CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
- CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
- CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
ImportantSUSE bug 1065729SUSE bug 1199304SUSE bug 1205128SUSE bug 1206893SUSE bug 1210124SUSE bug 1247317SUSE bug 1249186SUSE bug 1249857SUSE bug 1249859SUSE bug 1249988SUSE bug 1250293SUSE bug 1250311SUSE bug 1250358SUSE bug 1250742SUSE bug 1250784SUSE bug 1250816SUSE bug 1250851SUSE bug 1250946SUSE bug 1251040SUSE bug 1251047SUSE bug 1251052SUSE bug 1251072SUSE bug 1251088SUSE bug 1251091SUSE bug 1251115SUSE bug 1251169SUSE bug 1251173SUSE bug 1251182SUSE bug 1251201SUSE bug 1251202SUSE bug 1251208SUSE bug 1251222SUSE bug 1251292SUSE bug 1251300SUSE bug 1251550SUSE bug 1251723SUSE bug 1251725SUSE bug 1251730SUSE bug 1251741SUSE bug 1251743SUSE bug 1251747SUSE bug 1251763SUSE bug 1251930SUSE bug 1252035SUSE bug 1252047SUSE bug 1252480SUSE bug 1252499SUSE bug 1252516SUSE bug 1252554SUSE bug 1252688SUSE bug 1252775CVE-2022-43945 at SUSECVE-2022-43945 at NVDCVE-2022-50327 at SUSECVE-2022-50327 at NVDCVE-2022-50334 at SUSECVE-2022-50334 at NVDCVE-2022-50388 at SUSECVE-2022-50388 at NVDCVE-2022-50423 at SUSECVE-2022-50423 at NVDCVE-2022-50432 at SUSECVE-2022-50432 at NVDCVE-2022-50470 at SUSECVE-2022-50470 at NVDCVE-2022-50480 at SUSECVE-2022-50480 at NVDCVE-2022-50484 at SUSECVE-2022-50484 at NVDCVE-2022-50487 at SUSECVE-2022-50487 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50489 at SUSECVE-2022-50489 at NVDCVE-2022-50493 at SUSECVE-2022-50493 at NVDCVE-2022-50494 at SUSECVE-2022-50494 at NVDCVE-2022-50496 at SUSECVE-2022-50496 at NVDCVE-2022-50504 at SUSECVE-2022-50504 at NVDCVE-2022-50513 at SUSECVE-2022-50513 at NVDCVE-2022-50516 at SUSECVE-2022-50516 at NVDCVE-2022-50532 at SUSECVE-2022-50532 at NVDCVE-2022-50534 at SUSECVE-2022-50534 at NVDCVE-2022-50544 at SUSECVE-2022-50544 at NVDCVE-2022-50546 at SUSECVE-2022-50546 at NVDCVE-2022-50549 at SUSECVE-2022-50549 at NVDCVE-2022-50563 at SUSECVE-2022-50563 at NVDCVE-2022-50574 at SUSECVE-2022-50574 at NVDCVE-2023-53282 at SUSECVE-2023-53282 at NVDCVE-2023-53365 at SUSECVE-2023-53365 at NVDCVE-2023-53395 at SUSECVE-2023-53395 at NVDCVE-2023-53500 at SUSECVE-2023-53500 at NVDCVE-2023-53559 at SUSECVE-2023-53559 at NVDCVE-2023-53564 at SUSECVE-2023-53564 at NVDCVE-2023-53566 at SUSECVE-2023-53566 at NVDCVE-2023-53574 at SUSECVE-2023-53574 at NVDCVE-2023-53619 at SUSECVE-2023-53619 at NVDCVE-2023-53673 at SUSECVE-2023-53673 at NVDCVE-2023-53705 at SUSECVE-2023-53705 at NVDCVE-2023-53722 at SUSECVE-2023-53722 at NVDCVE-2025-38476 at SUSECVE-2025-38476 at NVDCVE-2025-39968 at SUSECVE-2025-39968 at NVDCVE-2025-39973 at SUSECVE-2025-39973 at NVDCVE-2025-40018 at SUSECVE-2025-40018 at NVDCVE-2025-40082 at SUSECVE-2025-40082 at NVDcpe:/o:suse:suse-microos:5.2Security update for sssd (Important)SUSE Linux Enterprise Micro 5.2
This update for sssd fixes the following issues:
- CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827)
Other fixes:
- Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325)
ImportantSUSE bug 1244325SUSE bug 1251827CVE-2025-11561 at SUSECVE-2025-11561 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2025-9820: Fixed buffer overflow in gnutls_pkcs11_token_init. (bsc#1254132)
ModerateSUSE bug 1254132CVE-2025-9820 at SUSECVE-2025-9820 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd fixes the following issues:
- Update to containerd v1.7.29
- CVE-2024-25621: Fixed an overly broad default permission vulnerability. (bsc#1253126)
- CVE-2025-64329: Fixed a goroutine leaks which can lead to memory exhaustion on the host. (bsc#1253132)
ImportantSUSE bug 1253126SUSE bug 1253132CVE-2024-25621 at SUSECVE-2024-25621 at NVDCVE-2025-64329 at SUSECVE-2025-64329 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- CVE-2025-61915: Fixed a local denial-of-service via cupsd.conf update and related issues. (bsc#1253783)
- CVE-2025-58436: Fixed an issue where a slow client communication leads to a possible DoS attack. (bsc#1244057)
ModerateSUSE bug 1234225SUSE bug 1244057SUSE bug 1253783CVE-2025-58436 at SUSECVE-2025-58436 at NVDCVE-2025-61915 at SUSECVE-2025-61915 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Important)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
- The fix for CVE-2025-58436 causes a regression where
GTK applications will hang. (bsc#1254353)
See also https://github.com/OpenPrinting/cups/issues/1429
The fix has been temporary disabled.
ImportantSUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Low)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2025-6075: quadratic complexity in `os.path.expandvars()` can lead to performance degradation when values passed
to it are user-controlled (bsc#1252974).
- CVE-2025-8291: lack of validity checks on the ZIP64 End of Central Directory (EOCD) record allows for the creation of
ZIP archives that are processed inconsistently by the `zipfile` module (bsc#1251305).
LowSUSE bug 1251305SUSE bug 1252974CVE-2025-6075 at SUSECVE-2025-6075 at NVDCVE-2025-8291 at SUSECVE-2025-8291 at NVDcpe:/o:suse:suse-microos:5.2Security update for cups (Moderate)SUSE Linux Enterprise Micro 5.2
This update for cups fixes the following issues:
Security issues fixed:
- CVE-2025-58436: single client sending slow messages to cupsd can delay the application and make it unusable for other
clients (bsc#1244057).
Other issues fixed:
- Update the CVE-2025-58436 patch to fix a regression that causes GTK applications to hang (bsc#1254353).
ModerateSUSE bug 1244057SUSE bug 1254353CVE-2025-58436 at SUSECVE-2025-58436 at NVDcpe:/o:suse:suse-microos:5.2Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.2
This update for libpng16 fixes the following issues:
- CVE-2025-65018: Fixed heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read` (bsc#1254160)
- CVE-2025-66293: Fixed LIBPNG out-of-bounds read in `png_image_read_composite` (bsc#1254480)
- CVE-2025-64506: Fixed heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled (bsc#1254158)
- CVE-2025-64720: Fixed buffer overflow in `png_image_read_composite` via incorrect palette premultiplication (bsc#1254159)
- CVE-2025-64505: Fixed heap buffer over-read in `png_do_quantize` via malformed palette index (bsc#1254157)
ImportantSUSE bug 1254157SUSE bug 1254158SUSE bug 1254159SUSE bug 1254160SUSE bug 1254480CVE-2025-64505 at SUSECVE-2025-64505 at NVDCVE-2025-64506 at SUSECVE-2025-64506 at NVDCVE-2025-64720 at SUSECVE-2025-64720 at NVDCVE-2025-65018 at SUSECVE-2025-65018 at NVDCVE-2025-66293 at SUSECVE-2025-66293 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2025-14512: integer overflow in the GIO `escape_byte_string()` function when processing malicious files or remote
filesystem attribute values can lead to denial-of-service (bsc#1254878).
- CVE-2025-14087: buffer underflow in the GVariant parser `bytestring_parse()` and `string_parse()`functions when
processing attacker-influenced data may lead to crash or code execution (bsc#1254662).
- CVE-2025-13601: heap-based buffer overflow in the `g_escape_uri_string()` function when processing strings with a
large number of unacceptable characters may lead to crash or code execution (bsc#1254297).
ImportantSUSE bug 1254297SUSE bug 1254662SUSE bug 1254878CVE-2025-13601 at SUSECVE-2025-13601 at NVDCVE-2025-14087 at SUSECVE-2025-14087 at NVDCVE-2025-14512 at SUSECVE-2025-14512 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
- Security issues fixed:
- CVE-2025-62349: Added minimum_auth_version to enforce security (bsc#1254257)
- CVE-2025-62348: Fixed Junos module yaml loader (bsc#1254256)
- Backport security fixes for vendored tornado
* BDSA-2024-3438
* BDSA-2024-3439
* BDSA-2024-9026
- Other changes and bugs fixed:
- Fixed TLS and x509 modules for OSes with older cryptography module
- Fixed Salt for Python > 3.11 (bsc#1252285) (bsc#1252244)
* Use external tornado on Python > 3.11
* Make tls and x509 to use python-cryptography
* Remove usage of spwd
- Fixed payload signature verification on Tumbleweed (bsc#1251776)
- Fixed broken symlink on migration to Leap 16.0 (bsc#1250755)
- Fixed known_hosts error on gitfs (bsc#1250520) (bsc#1227207)
- Improved SL Micro 6.2 detection with grains
- Reverted requirement of M2Crypto >= 0.44.0 for SUSE Family distros
- Set python-CherryPy as required for python-salt-testsuite
ImportantSUSE bug 1227207SUSE bug 1250520SUSE bug 1250755SUSE bug 1251776SUSE bug 1252244SUSE bug 1252285SUSE bug 1254256SUSE bug 1254257CVE-2025-62348 at SUSECVE-2025-62348 at NVDCVE-2025-62349 at SUSECVE-2025-62349 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- cifs: Check the lease context if we actually got a lease (bsc#1228688).
- cifs: return a single-use cfid if we did not get a lease (bsc#1228688).
- smb3: fix Open files on server counter going negative (git-fixes).
ImportantSUSE bug 1228688SUSE bug 1249806SUSE bug 1251247SUSE bug 1251786SUSE bug 1252560SUSE bug 1252780SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Moderate)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed SSH Agent that could cause a panic due to an out-of-bounds read
with non-validated message sizes (bsc#1253993)
ModerateSUSE bug 1253993CVE-2025-47914 at SUSECVE-2025-47914 at NVDcpe:/o:suse:suse-microos:5.2Security update for libtasn1 (Important)SUSE Linux Enterprise Micro 5.2
This update for libtasn1 fixes the following issues:
- CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes
quadratic time to complete. (bsc#1236878)
ImportantSUSE bug 1236878CVE-2024-12133 at SUSECVE-2024-12133 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)
ModerateSUSE bug 1236705CVE-2025-0938 at SUSECVE-2025-0938 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Low)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
- CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)
LowSUSE bug 1236282CVE-2025-0395 at SUSECVE-2025-0395 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Moderate)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20250211 release (bsc#1237096)
- CVE-2024-31068: Improper Finite State Machines (FSMs) in Hardware Logic for some Intel Processors may allow privileged user to potentially enable denial of service via local access.
- CVE-2024-36293: A potential security vulnerability in some Intel Software Guard Extensions (Intel SGX) Platforms may allow denial of service. Intel is releasing microcode updates to mitigate this potential vulnerability.
- CVE-2024-39355: A potential security vulnerability in some 13th and 14th Generation Intel Core Processors may allow denial of service. Intel is releasing microcode and UEFI reference code updates to mitigate this potential vulnerability.
- CVE-2024-37020: A potential security vulnerability in the Intel Data Streaming Accelerator (Intel DSA) for some Intel Xeon Processors may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability.
- New Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SRF-SP | C0 | 06-af-03/01 | | 03000330 | Xeon 6700-Series Processors with E-Cores
### Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000037 | 00000038 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000037 | 00000038 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000435 | 00000436 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000435 | 00000436 | Core Gen12
| ADL-N | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0/R0 | 06-9a-04/40 | 00000007 | 00000009 | Intel(R) Atom(R) C1100
| CFL-H | R0 | 06-9e-0d/22 | 00000100 | 00000102 | Core Gen9 Mobile
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f8 | 000000fa | Core Gen8 Desktop, Mobile, Xeon E
| EMR-SP | A0 | 06-cf-01/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000283 | 21000291 | Xeon Scalable Gen5
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | 010002c0 | Xeon D-17xx, D-27xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | 0d0003f5 | Xeon Scalable Gen3
| RPL-E/HX/S | B0 | 06-b7-01/32 | 0000012b | 0000012c | Core Gen13/Gen14
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004123 | 00004124 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004123 | 00004124 | Core Gen13
| RPL-S | H0 | 06-bf-05/07 | 00000037 | 00000038 | Core Gen13/Gen14
| RKL-S | B0 | 06-a7-01/02 | 00000062 | 00000063 | Core Gen11
| SPR-HBM | Bx | 06-8f-08/10 | 2c000390 | 2c0003e0 | Xeon Max
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b000603 | 2b000620 | Xeon Scalable Gen4
| TWL | N0 | 06-be-00/19 | 0000001a | 0000001c | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
### New Disclosures Updated in Prior Releases
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
ModerateSUSE bug 1237096CVE-2024-31068 at SUSECVE-2024-31068 at NVDCVE-2024-36293 at SUSECVE-2024-36293 at NVDCVE-2024-37020 at SUSECVE-2024-37020 at NVDCVE-2024-39355 at SUSECVE-2024-39355 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssh (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssh fixes the following issues:
- CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).
ModerateSUSE bug 1237040CVE-2025-26465 at SUSECVE-2025-26465 at NVDcpe:/o:suse:suse-microos:5.2Security update for grub2 (Important)SUSE Linux Enterprise Micro 5.2
This update for grub2 fixes the following issues:
- CVE-2024-45781: Fixed strcpy overflow in ufs. (bsc#1233617)
- CVE-2024-56737: Fixed a heap-based buffer overflow in hfs. (bsc#1234958)
- CVE-2024-45782: Fixed strcpy overflow in hfs. (bsc#1233615)
- CVE-2024-45780: Fixed an overflow in tar/cpio. (bsc#1233614)
- CVE-2024-45783: Fixed a refcount overflow in hfsplus. (bsc#1233616)
- CVE-2024-45774: Fixed a heap overflow in JPEG parser. (bsc#1233609)
- CVE-2024-45775: Fixed a missing NULL check in extcmd parser. (bsc#1233610)
- CVE-2024-45776: Fixed an overflow in .MO file handling. (bsc#1233612)
- CVE-2024-45777: Fixed an integer overflow in gettext. (bsc#1233613)
- CVE-2024-45778: Fixed bfs filesystem by removing it from lockdown capable modules. (bsc#1233606)
- CVE-2024-45779: Fixed a heap overflow in bfs. (bsc#1233608)
- CVE-2025-0624: Fixed an out-of-bounds write during the network boot process. (bsc#1236316)
- CVE-2025-0622: Fixed a use-after-free when handling hooks during module unload in command/gpg . (bsc#1236317)
- CVE-2025-0690: Fixed an integer overflow that may lead to an out-of-bounds write through the read command.
(bsc#1237012)
- CVE-2025-1118: Fixed an issue where the dump command was not being blocked when grub was in lockdown mode.
(bsc#1237013)
- CVE-2025-0677: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in ufs.
(bsc#1237002)
- CVE-2025-0684: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in reiserfs.
(bsc#1237008)
- CVE-2025-0685: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in jfs.
(bsc#1237009)
- CVE-2025-0686: Fixed an integer overflow that may lead to an out-of-bounds write when handling symlinks in romfs.
(bsc#1237010)
- CVE-2025-0689: Fixed a heap-based buffer overflow in udf that may lead to arbitrary code execution. (bsc#1237011)
- CVE-2025-1125: Fixed an integer overflow that may lead to an out-of-bounds write in hfs. (bsc#1237014)
- CVE-2025-0678: Fixed an integer overflow that may lead to an out-of-bounds write in squash4. (bsc#1237006)
ImportantSUSE bug 1233606SUSE bug 1233608SUSE bug 1233609SUSE bug 1233610SUSE bug 1233612SUSE bug 1233613SUSE bug 1233614SUSE bug 1233615SUSE bug 1233616SUSE bug 1233617SUSE bug 1234958SUSE bug 1236316SUSE bug 1236317SUSE bug 1237002SUSE bug 1237006SUSE bug 1237008SUSE bug 1237009SUSE bug 1237010SUSE bug 1237011SUSE bug 1237012SUSE bug 1237013SUSE bug 1237014CVE-2024-45774 at SUSECVE-2024-45774 at NVDCVE-2024-45775 at SUSECVE-2024-45775 at NVDCVE-2024-45776 at SUSECVE-2024-45776 at NVDCVE-2024-45777 at SUSECVE-2024-45777 at NVDCVE-2024-45778 at SUSECVE-2024-45778 at NVDCVE-2024-45779 at SUSECVE-2024-45779 at NVDCVE-2024-45780 at SUSECVE-2024-45780 at NVDCVE-2024-45781 at SUSECVE-2024-45781 at NVDCVE-2024-45782 at SUSECVE-2024-45782 at NVDCVE-2024-45783 at SUSECVE-2024-45783 at NVDCVE-2024-56737 at SUSECVE-2024-56737 at NVDCVE-2025-0622 at SUSECVE-2025-0622 at NVDCVE-2025-0624 at SUSECVE-2025-0624 at NVDCVE-2025-0677 at SUSECVE-2025-0677 at NVDCVE-2025-0678 at SUSECVE-2025-0678 at NVDCVE-2025-0684 at SUSECVE-2025-0684 at NVDCVE-2025-0685 at SUSECVE-2025-0685 at NVDCVE-2025-0686 at SUSECVE-2025-0686 at NVDCVE-2025-0689 at SUSECVE-2025-0689 at NVDCVE-2025-0690 at SUSECVE-2025-0690 at NVDCVE-2025-1118 at SUSECVE-2025-1118 at NVDCVE-2025-1125 at SUSECVE-2025-1125 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2024-8612: Fixed information leak in virtio devices (bsc#1230915).
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007).
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845).
Other fixes:
- Fix ipxe build with new binutils (bsc#1219733, bsc#1219722).
ImportantSUSE bug 1219722SUSE bug 1219733SUSE bug 1222845SUSE bug 1229007SUSE bug 1230915CVE-2024-3447 at SUSECVE-2024-3447 at NVDCVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:suse:suse-microos:5.2Security update for pam_pkcs11 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for pam_pkcs11 fixes the following issues:
- CVE-2025-24032: default value for `cert_policy` (`none`) allows for authentication bypass (bsc#1237062).
- CVE-2025-24031: uninitialized pointer dereference caused by user pressing ctrl-c/ctrl-d when asked for PIN leads to
crash (bsc#1237058).
ModerateSUSE bug 1237058SUSE bug 1237062CVE-2025-24031 at SUSECVE-2025-24031 at NVDCVE-2025-24032 at SUSECVE-2025-24032 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Update to version 9.1.1101:
- CVE-2024-43790: possible out-of-bounds read when performing a search command (bsc#1229685).
- CVE-2024-43802: heap buffer overflow due to incorrect flushing of the typeahead buffer (bsc#1229822).
- CVE-2024-45306: heap buffer overflow when cursor position is invalid (bsc#1230078).
- CVE-2025-22134: heap buffer overflow when switching to other buffers using the :all command with active visual mode
(bsc#1235695).
- CVE-2025-24014: NULL pointer dereference may lead to segmentation fault when in silent Ex mode (bsc#1236151).
- CVE-2025-1215: memory corruption when manipulating the --log argument (bsc#1237137).
ModerateSUSE bug 1229685SUSE bug 1229822SUSE bug 1230078SUSE bug 1235695SUSE bug 1236151SUSE bug 1237137CVE-2024-43790 at SUSECVE-2024-43790 at NVDCVE-2024-43802 at SUSECVE-2024-43802 at NVDCVE-2024-45306 at SUSECVE-2024-45306 at NVDCVE-2025-1215 at SUSECVE-2025-1215 at NVDCVE-2025-22134 at SUSECVE-2025-22134 at NVDCVE-2025-24014 at SUSECVE-2025-24014 at NVDcpe:/o:suse:suse-microos:5.2Security update for gnutls (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gnutls fixes the following issues:
- CVE-2024-12243: quadratic complexity of DER input decoding in libtasn1 can lead to a DoS (bsc#1236974).
ModerateSUSE bug 1236974CVE-2024-12243 at SUSECVE-2024-12243 at NVDcpe:/o:suse:suse-microos:5.2Security update for procps (Important)SUSE Linux Enterprise Micro 5.2
This update for procps fixes the following issues:
- Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid
argument has a leading space (bsc#1236842, bsc#1214290).
ImportantSUSE bug 1214290SUSE bug 1236842CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:suse:suse-microos:5.2Security update for ovmf (Important)SUSE Linux Enterprise Micro 5.2
This update for ovmf fixes the following issues:
- CVE-2023-45229: out-of-bounds read in edk2 when processing IA_NA/IA_TA options in DHCPv6 Advertise messages.
(bsc#1218879)
- CVE-2023-45230: buffer overflow in the DHCPv6 client in edk2 via a long Server ID option. (bsc#1218880)
- CVE-2023-45231: out-of-bounds read in edk2 when handling a ND Redirect message with truncated options. (bsc#1218881)
- CVE-2023-45232: infinite loop in edk2 when parsing unknown options in the Destination Options header. (bsc#1218882)
- CVE-2023-45233: infinite loop in edk2 when parsing PadN options in the Destination Options header. (bsc#1218883)
- CVE-2023-45234: buffer overflow in edk2 when processing DNS Servers options in a DHCPv6 Advertise message.
(bsc#1218884)
- CVE-2023-45235: buffer overflow in edk2 when handling the Server ID option in a DHCPv6 proxy Advertise message.
(bsc#1218885)
ImportantSUSE bug 1218879SUSE bug 1218880SUSE bug 1218881SUSE bug 1218882SUSE bug 1218883SUSE bug 1218884SUSE bug 1218885CVE-2023-45229 at SUSECVE-2023-45229 at NVDCVE-2023-45230 at SUSECVE-2023-45230 at NVDCVE-2023-45231 at SUSECVE-2023-45231 at NVDCVE-2023-45232 at SUSECVE-2023-45232 at NVDCVE-2023-45233 at SUSECVE-2023-45233 at NVDCVE-2023-45234 at SUSECVE-2023-45234 at NVDCVE-2023-45235 at SUSECVE-2023-45235 at NVDcpe:/o:suse:suse-microos:5.2Security update for libX11 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libX11 fixes the following issues:
- CVE-2025-26597: improper resizing of key actions when nGroups is 0 can lead to buffer overflows in
XkbChangeTypesOfKey() (bsc#1237431).
ModerateSUSE bug 1237431CVE-2025-26597 at SUSECVE-2025-26597 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
The following non-security bugs were fixed:
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus (bsc#1231847, bsc#1231847, bsc#1237389).
- NFS: Reduce readdir stack usage (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).
ImportantSUSE bug 1215420SUSE bug 1224763SUSE bug 1231847SUSE bug 1233112SUSE bug 1234025SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235441SUSE bug 1235466SUSE bug 1235645SUSE bug 1235759SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1236104SUSE bug 1237389CVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDcpe:/o:suse:suse-microos:5.2Security update for podman (Important)SUSE Linux Enterprise Micro 5.2
This update for podman fixes the following issues:
- CVE-2025-27144: Fixed denial of service in parsing function of embedded library Go JOSE (bsc#1237641)
- CVE-2024-9676: github.com/containers/storage: Fixed symlink traversal vulnerability in the containers/storage library can cause Denial of Service (DoS) (bsc#1231698)
- CVE-2024-9675: Fixed cache arbitrary directory mount in buildah (bsc#1231499)
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction in buildah (bsc#1231208)
- CVE-2024-9341: cri-o: FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
- CVE-2024-1753: Fixed full container escape at build time in buildah (bsc#1221677)
- CVE-2024-11218: Fixed a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. (bsc#1236270)
- CVE-2024-6104: Fixed hashicorp/go-retryablehttp writing sensitive information to log files (bsc#1227052)
- CVE-2023-45288: Fixed golang.org/x/net/http2 excessive resource consumption when receiving too many headers (bsc#1236507)
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
* Required for rootless mode as a regular user has no permission
to load kernel modules
- Refactor network backend dependencies:
* podman requires either netavark or cni-plugins. On ALP, require
netavark, otherwise prefer netavark but don't force it.
* This fixes missing cni-plugins in some scenarios
* Default to netavark everywhere where it's available
ImportantSUSE bug 1214612SUSE bug 1215807SUSE bug 1215926SUSE bug 1217828SUSE bug 1221677SUSE bug 1227052SUSE bug 1231208SUSE bug 1231230SUSE bug 1231499SUSE bug 1231698SUSE bug 1236270SUSE bug 1236507SUSE bug 1237641CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-11218 at SUSECVE-2024-11218 at NVDCVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDCVE-2024-9676 at SUSECVE-2024-9676 at NVDCVE-2025-27144 at SUSECVE-2025-27144 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
Update to Docker 27.5.1-ce (bsc#1237335):
- CVE-2024-29018: External DNS requests from 'internal' networks could lead to data exfiltration (bsc#1234089).
ModerateSUSE bug 1234089SUSE bug 1237335CVE-2024-29018 at SUSECVE-2024-29018 at NVDcpe:/o:suse:suse-microos:5.2Security update for u-boot (Moderate)SUSE Linux Enterprise Micro 5.2
This update for u-boot fixes the following issues:
- CVE-2024-57256: integer overflow in U-Boot's ext4 symlink resolution function (bsc#1237284).
- CVE-2024-57258: multiple integer overflows in U-Boot's memory allocator (bsc#1237287).
ModerateSUSE bug 1237284SUSE bug 1237287CVE-2024-57256 at SUSECVE-2024-57256 at NVDCVE-2024-57258 at SUSECVE-2024-57258 at NVDcpe:/o:suse:suse-microos:5.2Security update for krb5 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
ModerateSUSE bug 1236619CVE-2025-24528 at SUSECVE-2025-24528 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
ImportantSUSE bug 1215420SUSE bug 1224700SUSE bug 1225742SUSE bug 1232919SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1236757SUSE bug 1236761SUSE bug 1236821SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237768SUSE bug 1238033CVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47633: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (bsc#1237768).
- CVE-2022-49080: mm/mempolicy: fix mpol_new leak in shared_policy_replace (bsc#1238033).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-50199: mm/swapfile: skip HugeTLB pages for unuse_vma (bsc#1233112).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-56600: net: inet6: do not leave a dangling sk pointer in inet6_create() (bsc#1235217).
- CVE-2024-56601: net: inet: do not leave a dangling sk pointer in inet_create() (bsc#1235230).
- CVE-2024-56623: scsi: qla2xxx: Fix use after free on unload (bsc#1235466).
- CVE-2024-56650: netfilter: x_tables: fix LED ID check in led_tg_check() (bsc#1235430).
- CVE-2024-56658: net: defer final 'struct net' free in netns dismantle (bsc#1235441).
- CVE-2024-56664: bpf, sockmap: Fix race between element replace and close() (bsc#1235249).
- CVE-2024-56759: btrfs: fix use-after-free when COWing tree bock and tracing is enabled (bsc#1235645).
- CVE-2024-57791: net/smc: check return value of sock_recvmsg when draining clc data (bsc#1235759).
- CVE-2024-57798: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (bsc#1235818).
- CVE-2024-57849: s390/cpum_sf: Handle CPU hotplug remove during sampling (bsc#1235814).
- CVE-2024-57893: ALSA: seq: oss: Fix races at processing SysEx messages (bsc#1235920).
- CVE-2025-21690: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (bsc#1237025).
- CVE-2025-21692: net: sched: fix ets qdisc OOB Indexing (bsc#1237028).
- CVE-2025-21699: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (bsc#1237139).
The following non-security bugs were fixed:
- net: mana: Add get_link and get_link_ksettings in ethtool (bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- NFS: Adjust the amount of readahead performed by NFS readdir (bsc#1231847).
- NFS: Do not flush the readdir cache in nfs_dentry_iput() (bsc#1231847).
- NFS: Improve heuristic for readdirplus -revert (bsc#1237160).
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- NFS: Reduce readdir stack usage (bsc#1231847).
- NFS: Trigger the 'ls -l' readdir heuristic sooner (bsc#1231847).
- NFS: Use kmemdup_nul() in nfs_readdir_make_qstr() (bsc#1231847).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
ImportantSUSE bug 1215420SUSE bug 1224700SUSE bug 1224763SUSE bug 1225742SUSE bug 1231847SUSE bug 1232919SUSE bug 1233112SUSE bug 1234025SUSE bug 1234853SUSE bug 1234891SUSE bug 1234963SUSE bug 1235054SUSE bug 1235061SUSE bug 1235073SUSE bug 1235217SUSE bug 1235230SUSE bug 1235249SUSE bug 1235430SUSE bug 1235441SUSE bug 1235466SUSE bug 1235645SUSE bug 1235759SUSE bug 1235814SUSE bug 1235818SUSE bug 1235920SUSE bug 1236104SUSE bug 1236757SUSE bug 1236761SUSE bug 1236821SUSE bug 1237025SUSE bug 1237028SUSE bug 1237139SUSE bug 1237160SUSE bug 1237389SUSE bug 1237768SUSE bug 1238033CVE-2021-47633 at SUSECVE-2021-47633 at NVDCVE-2022-49080 at SUSECVE-2022-49080 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52924 at SUSECVE-2023-52924 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50199 at SUSECVE-2024-50199 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53173 at SUSECVE-2024-53173 at NVDCVE-2024-53239 at SUSECVE-2024-53239 at NVDCVE-2024-56539 at SUSECVE-2024-56539 at NVDCVE-2024-56548 at SUSECVE-2024-56548 at NVDCVE-2024-56600 at SUSECVE-2024-56600 at NVDCVE-2024-56601 at SUSECVE-2024-56601 at NVDCVE-2024-56605 at SUSECVE-2024-56605 at NVDCVE-2024-56623 at SUSECVE-2024-56623 at NVDCVE-2024-56650 at SUSECVE-2024-56650 at NVDCVE-2024-56658 at SUSECVE-2024-56658 at NVDCVE-2024-56664 at SUSECVE-2024-56664 at NVDCVE-2024-56759 at SUSECVE-2024-56759 at NVDCVE-2024-57791 at SUSECVE-2024-57791 at NVDCVE-2024-57798 at SUSECVE-2024-57798 at NVDCVE-2024-57849 at SUSECVE-2024-57849 at NVDCVE-2024-57893 at SUSECVE-2024-57893 at NVDCVE-2025-21690 at SUSECVE-2025-21690 at NVDCVE-2025-21692 at SUSECVE-2025-21692 at NVDCVE-2025-21699 at SUSECVE-2025-21699 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2024-56171: Fixed use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363).
- CVE-2025-24928: Fixed stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370).
- CVE-2025-27113: Fixed NULL Pointer Dereference in libxml2 xmlPatMatch (bsc#1237418).
ImportantSUSE bug 1237363SUSE bug 1237370SUSE bug 1237418CVE-2024-56171 at SUSECVE-2024-56171 at NVDCVE-2025-24928 at SUSECVE-2025-24928 at NVDCVE-2025-27113 at SUSECVE-2025-27113 at NVDcpe:/o:suse:suse-microos:5.2Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.2
This update for rsync fixes the following issues:
- CVE-2024-12747: Fixed race condition in handling symbolic links (bsc#1235475)
- Broken rsyncd after protocol bump, regression reported (bsc#1237187).
- Bump protocol version to 32 - make it easier to show server is patched.
ModerateSUSE bug 1235475SUSE bug 1237187CVE-2024-12747 at SUSECVE-2024-12747 at NVDcpe:/o:suse:suse-microos:5.2Security update for freetype2 (Important)SUSE Linux Enterprise Micro 5.2
This update for freetype2 fixes the following issues:
- CVE-2025-27363: Fixed out-of-bounds write when attempting to parse font
subglyph structures related to TrueType GX and variable font files (bsc#1239465).
ImportantSUSE bug 1239465CVE-2025-27363 at SUSECVE-2025-27363 at NVDcpe:/o:suse:suse-microos:5.2Security update for salt (Important)SUSE Linux Enterprise Micro 5.2
This update for salt fixes the following issues:
- Security issues fixed:
* CVE-2025-67724: Fixed missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: Fixed DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: Fixed HTTP header parameter parsing algorithm (bsc#1254904)
* CVE-2025-13836: Set a safe limit to http.client response read (bsc#1254400)
- Made syntax in httputil_test compatible with Python 3.6
- Fixed KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Improved wheel key.finger call (bsc#1240532)
- Improved utils.find_json function (bsc#1246130)
- Extended warn_until period to 2027
ImportantSUSE bug 1240532SUSE bug 1246130SUSE bug 1254325SUSE bug 1254400SUSE bug 1254903SUSE bug 1254904SUSE bug 1254905CVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-67724 at SUSECVE-2025-67724 at NVDCVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
Update sqlite3 to 3.51.3:
- CVE-2025-7709: Integer Overflow in FTS5 Extension (bsc#1254670).
- CVE-2025-70873: SQLite zipfile extension may disclose uninitialized heap memory during inflation (bsc#1259619).
Changelog:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
ModerateSUSE bug 1254670SUSE bug 1259619CVE-2025-70873 at SUSECVE-2025-70873 at NVDCVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-urllib3 fixes the following issue:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API
(bsc#1254867).
ModerateSUSE bug 1254867SUSE bug 1259829CVE-2025-66471 at SUSECVE-2025-66471 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2026-1299: header injection when an email is serialized due to improper newline quoting in BytesGenerator (bsc#1257181). ImportantSUSE bug 1257181CVE-2026-1299 at SUSECVE-2026-1299 at NVDcpe:/o:suse:suse-microos:5.2Security update for vim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for vim fixes the following issues:
Update Vim to version 9.2.0110:
- CVE-2025-53906: Fixed that malicious zip archive may cause a path traversal in Vim's zip (bsc#1246602).
- CVE-2026-26269: Fixed Netbeans specialKeys stack buffer overflow (bsc#1258229).
- CVE-2026-28417: Fixed crafted URL parsed by netrw plugin can lead to execute arbitrary shell commands (bsc#1259051).
- CVE-2026-28418: Fixed that a malformed tags file can cause an heap-based buffer overflow out-of-bounds read (bsc#1259052)
- CVE-2026-28419: Fixed processing a malformed tags file containing a delimiter can lead to a crash (bsc#1259053)
- CVE-2026-28420: Fixed that processing maximum combining characters in terminal emulator can lead to heap-based buffer overflow write (bsc#1259054)
- CVE-2026-28421: Fixed that a crafted swap file can cause a heap-buffer-overflow and a segmentation fault
- CVE-2026-28422: Fixed that a malicious modeline or plugin can trigger a stack-buffer-overflow (bsc#1259056)
ModerateSUSE bug 1246602SUSE bug 1258229SUSE bug 1259051SUSE bug 1259052SUSE bug 1259053SUSE bug 1259054SUSE bug 1259055SUSE bug 1259056CVE-2025-53906 at SUSECVE-2025-53906 at NVDCVE-2026-26269 at SUSECVE-2026-26269 at NVDCVE-2026-28417 at SUSECVE-2026-28417 at NVDCVE-2026-28418 at SUSECVE-2026-28418 at NVDCVE-2026-28419 at SUSECVE-2026-28419 at NVDCVE-2026-28420 at SUSECVE-2026-28420 at NVDCVE-2026-28421 at SUSECVE-2026-28421 at NVDCVE-2026-28422 at SUSECVE-2026-28422 at NVDcpe:/o:suse:suse-microos:5.2Security update for containerd (Important)SUSE Linux Enterprise Micro 5.2
This update for containerd rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:suse-microos:5.2Security update for expat (Important)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity
declaration value (bsc#1259726).
- CVE-2026-32777: denial of service due to infinite loop in DTD content parsing (bsc#1259711).
- CVE-2026-32778: NULL pointer dereference in `setContext` on retry after an out-of-memory condition (bsc#1259729).
ImportantSUSE bug 1259711SUSE bug 1259726SUSE bug 1259729CVE-2026-32776 at SUSECVE-2026-32776 at NVDCVE-2026-32777 at SUSECVE-2026-32777 at NVDCVE-2026-32778 at SUSECVE-2026-32778 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.2
This update for python-pyasn1 fixes the following issues:
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803).
ImportantSUSE bug 1259803CVE-2026-30922 at SUSECVE-2026-30922 at NVDcpe:/o:suse:suse-microos:5.2Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.2
This update for util-linux fixes the following issues:
- CVE-2025-14104: Fixed heap buffer overread in setpwnam() when processing 256-byte usernames (bsc#1254666).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682).
ModerateSUSE bug 1254666CVE-2025-14104 at SUSECVE-2025-14104 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.2
This update for python-tornado fixes the following issues:
- CVE-2026-31958: parsing large multipart bodies with many parts can cause a denial of service (bsc#1259553).
- incomplete validation of cookie attributes allows for injection of user-controlled values in other cookie attributes
(bsc#1259630).
ImportantSUSE bug 1254905SUSE bug 1259553SUSE bug 1259630CVE-2026-31958 at SUSECVE-2026-31958 at NVDcpe:/o:suse:suse-microos:5.2Security update for tar (Important)SUSE Linux Enterprise Micro 5.2
This update for tar fixes the following issue:
- CVE-2025-45582: file overwrite via directory traversal in crafted TAR archives (bsc#1246399).
ImportantSUSE bug 1246399CVE-2025-45582 at SUSECVE-2025-45582 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issue:
- CVE-2026-24401: avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
ModerateSUSE bug 1257235CVE-2026-24401 at SUSECVE-2026-24401 at NVDcpe:/o:suse:suse-microos:5.2Security update for ignition (Important)SUSE Linux Enterprise Micro 5.2
This update for ignition fixes the following issue:
- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-
header (bsc#1260251)
ImportantSUSE bug 1260251CVE-2026-33186 at SUSECVE-2026-33186 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Important)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2026-28387: Potential use-after-free in DANE client code (bsc#1260441).
- CVE-2026-28388: NULL Pointer Dereference When Processing a Delta CRL (bsc#1260442).
- CVE-2026-28389: Possible NULL dereference when processing CMS KeyAgreeRecipientInfo (bsc#1260443).
- CVE-2026-31789: Heap buffer overflow in hexadecimal conversion (bsc#1260444).
- CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE encapsulation (bsc#1260445).
ImportantSUSE bug 1260441SUSE bug 1260442SUSE bug 1260443SUSE bug 1260444SUSE bug 1260445CVE-2026-28387 at SUSECVE-2026-28387 at NVDCVE-2026-28388 at SUSECVE-2026-28388 at NVDCVE-2026-28389 at SUSECVE-2026-28389 at NVDCVE-2026-31789 at SUSECVE-2026-31789 at NVDCVE-2026-31790 at SUSECVE-2026-31790 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character that doesn't appear in the test string (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:suse-microos:5.2Security update for nghttp2 (Important)SUSE Linux Enterprise Micro 5.2
This update for nghttp2 fixes the following issue:
- CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845).
ImportantSUSE bug 1259845CVE-2026-27135 at SUSECVE-2026-27135 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit-machines (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit-machines fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit-tukit (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit-tukit fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit-podman (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit-podman fixes the following issues:
- CVE-2026-25547: brace-expansion: unbounded brace range expansion can lead to excessive CPU and memory consumption and
may crash a Node.js process (bsc#1257836).
- CVE-2026-26996: minimatch: ReDoS when glob pattern contains many consecutive wildcards followed by a literal character
that doesn't appear in the test string (bsc#1258641).
ImportantSUSE bug 1257836SUSE bug 1258641CVE-2026-25547 at SUSECVE-2026-25547 at NVDCVE-2026-26996 at SUSECVE-2026-26996 at NVDcpe:/o:suse:suse-microos:5.2Security update for avahi (Moderate)SUSE Linux Enterprise Micro 5.2
This update for avahi fixes the following issues:
- CVE-2025-68276: avahi: reachable assertion in `avahi_wide_area_scan_cache` can lead to crash of avahi-daemon (bsc#1256498).
- CVE-2025-68468: avahi: reachable assertion in `lookup_multicast_callback` can lead to crash of avahi-daemon (bsc#1256499).
- CVE-2025-68471: avahi: reachable assertion in `lookup_start` can lead to crash of avahi-daemon (bsc#1256500).
ModerateSUSE bug 1256498SUSE bug 1256499SUSE bug 1256500CVE-2025-68276 at SUSECVE-2025-68276 at NVDCVE-2025-68468 at SUSECVE-2025-68468 at NVDCVE-2025-68471 at SUSECVE-2025-68471 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2025-14523: Reject duplicated Host in headers and followed
upsteram update (bsc#1254876).
- CVE-2026-0719: Fixed overflow for password md4sum (bsc#1256399)
ImportantSUSE bug 1254876SUSE bug 1256399CVE-2025-14523 at SUSECVE-2025-14523 at NVDCVE-2026-0719 at SUSECVE-2026-0719 at NVDcpe:/o:suse:suse-microos:5.2Security update for gpg2 (Important)SUSE Linux Enterprise Micro 5.2
This update for gpg2 fixes the following issues:
- CVE-2025-68973: Fix possible memory corruption in the armor parser (gpg.fail/memcpy)(bsc#1255715).
- Avoid potential downgrade to SHA1 in 3rd party key signatures (gpg.fail/sha1) (bsc#1256246).
- Error out on unverified output for non-detached signatures (gpg.fail/detached) (bsc#1256244).
- Fix Cleartext Signature Forgery in the NotDashEscaped header implementation in GnuPG (gpg.fail/notdash) (bsc#1256390).
ImportantSUSE bug 1255715SUSE bug 1256244SUSE bug 1256246SUSE bug 1256390CVE-2025-68973 at SUSECVE-2025-68973 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-tornado (Important)SUSE Linux Enterprise Micro 5.2
This update for python-tornado fixes the following issues:
- CVE-2025-67725: inefficient algorithm when parsing parameters for HTTP header values (bsc#1254905).
- CVE-2025-67726: Denial of Service (DoS) via maliciously crafted HTTP request caused by the HTTPHeaders.add method (bsc#1254904).
ImportantSUSE bug 1254904SUSE bug 1254905CVE-2025-67725 at SUSECVE-2025-67725 at NVDCVE-2025-67726 at SUSECVE-2025-67726 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libsodium fixes the following issues:
- CVE-2025-15444: fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
ModerateSUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDcpe:/o:suse:suse-microos:5.2Security update for libtasn1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libtasn1 fixes the following issues:
- CVE-2025-13151: stack-based buffer overflow in `asn1_expend_octet_string` (bsc#1256341).
ModerateSUSE bug 1256341CVE-2025-13151 at SUSECVE-2025-13151 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Low)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2026-0988: Fixed a potential integer overflow in g_buffered_input_stream_peek (bsc#1257049).
LowSUSE bug 1257049CVE-2026-0988 at SUSECVE-2026-0988 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2025-12084: cpython: Fixed quadratic algorithm in xml.dom.minidom leading to denial of service (bsc#1254997)
- CVE-2025-13836: Fixed default Content-Lenght read amount from HTTP response (bsc#1254400)
- CVE-2025-13837: Fixed plistlib module denial of service (bsc#1254401)
ModerateSUSE bug 1254400SUSE bug 1254401SUSE bug 1254997CVE-2025-12084 at SUSECVE-2025-12084 at NVDCVE-2025-13836 at SUSECVE-2025-13836 at NVDCVE-2025-13837 at SUSECVE-2025-13837 at NVDcpe:/o:suse:suse-microos:5.2Security update for xen (Moderate)SUSE Linux Enterprise Micro 5.2
This update for xen fixes the following issues:
Security fixes:
- CVE-2025-58150: Fixed buffer overrun with shadow paging and
tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation
(XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
device unplug allow PV guests to access memory of devices no
longer assigned to it (XSA-476) (bsc#1252692)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed multiple
vulnerabilities in the Viridian interface (XSA-472) (bsc#1248807)
Other fixes:
- Fixed virtxend service restart. Caused by a failure to start
xenstored (bsc#1254180)
ModerateSUSE bug 1248807SUSE bug 1252692SUSE bug 1254180SUSE bug 1256745SUSE bug 1256747CVE-2025-27466 at SUSECVE-2025-27466 at NVDCVE-2025-58142 at SUSECVE-2025-58142 at NVDCVE-2025-58143 at SUSECVE-2025-58143 at NVDCVE-2025-58149 at SUSECVE-2025-58149 at NVDCVE-2025-58150 at SUSECVE-2025-58150 at NVDCVE-2026-23553 at SUSECVE-2026-23553 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
- CVE-2023-53659: iavf: Fix out-of-bounds when setting channels on remove (bsc#1251247).
- CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
- CVE-2023-53717: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (bsc#1252560).
- CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
- CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
- CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
- CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).
The following non-security bugs were fixed:
- cifs: Check the lease context if we actually got a lease (bsc#1228688).
- cifs: return a single-use cfid if we did not get a lease (bsc#1228688).
- smb3: fix Open files on server counter going negative (git-fixes).
ImportantSUSE bug 1228688SUSE bug 1249806SUSE bug 1251247SUSE bug 1251786SUSE bug 1252560SUSE bug 1252780SUSE bug 1253367SUSE bug 1253431SUSE bug 1253436CVE-2022-50280 at SUSECVE-2022-50280 at NVDCVE-2023-53659 at SUSECVE-2023-53659 at NVDCVE-2023-53676 at SUSECVE-2023-53676 at NVDCVE-2023-53717 at SUSECVE-2023-53717 at NVDCVE-2025-40040 at SUSECVE-2025-40040 at NVDCVE-2025-40121 at SUSECVE-2025-40121 at NVDCVE-2025-40154 at SUSECVE-2025-40154 at NVDCVE-2025-40204 at SUSECVE-2025-40204 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Low)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2026-0989: Fixed call stack exhaustion leading to application
crash due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256805)
LowSUSE bug 1256805CVE-2026-0989 at SUSECVE-2026-0989 at NVDcpe:/o:suse:suse-microos:5.2Security update for openssl-1_1 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for openssl-1_1 fixes the following issues:
- CVE-2026-22795: Missing ASN1_TYPE validation in PKCS#12 parsing (bsc#1256839).
- CVE-2025-69420: Missing ASN1_TYPE validation in TS_RESP_verify_response() function (bsc#1256837).
- CVE-2025-69421: NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (bsc#1256838).
- CVE-2026-22796: ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (bsc#1256840).
- CVE-2025-68160: Heap out-of-bounds write in BIO_f_linebuffer on short writes (bsc#1256834).
- CVE-2025-69418: Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (bsc#1256835).
- CVE-2025-69419: Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (bsc#1256836).
ModerateSUSE bug 1256834SUSE bug 1256835SUSE bug 1256836SUSE bug 1256837SUSE bug 1256838SUSE bug 1256839SUSE bug 1256840CVE-2025-68160 at SUSECVE-2025-68160 at NVDCVE-2025-69418 at SUSECVE-2025-69418 at NVDCVE-2025-69419 at SUSECVE-2025-69419 at NVDCVE-2025-69420 at SUSECVE-2025-69420 at NVDCVE-2025-69421 at SUSECVE-2025-69421 at NVDCVE-2026-22795 at SUSECVE-2026-22795 at NVDCVE-2026-22796 at SUSECVE-2026-22796 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50282: chardev: fix error handling in cdev_device_add() (bsc#1249739).
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844).
- CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command interface (bsc#1256040).
- CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion queue (bsc#1256137).
- CVE-2022-50756: nvme-core: replace ctrl page size with a macro (bsc#1256216).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control messages (bsc#1255002).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
ImportantSUSE bug 1065729SUSE bug 1196823SUSE bug 1204957SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207653SUSE bug 1209799SUSE bug 1213653SUSE bug 1213969SUSE bug 1225109SUSE bug 1228015SUSE bug 1245210SUSE bug 1245751SUSE bug 1249739SUSE bug 1249871SUSE bug 1250397SUSE bug 1252678SUSE bug 1254520SUSE bug 1254592SUSE bug 1254614SUSE bug 1254615SUSE bug 1254632SUSE bug 1254634SUSE bug 1254686SUSE bug 1254711SUSE bug 1254751SUSE bug 1254763SUSE bug 1254775SUSE bug 1254785SUSE bug 1254792SUSE bug 1254813SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254959SUSE bug 1255002SUSE bug 1255565SUSE bug 1255576SUSE bug 1255607SUSE bug 1255609SUSE bug 1255636SUSE bug 1255844SUSE bug 1255901SUSE bug 1255908SUSE bug 1255919SUSE bug 1256040SUSE bug 1256045SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256064SUSE bug 1256095SUSE bug 1256127SUSE bug 1256132SUSE bug 1256136SUSE bug 1256137SUSE bug 1256143SUSE bug 1256154SUSE bug 1256165SUSE bug 1256194SUSE bug 1256203SUSE bug 1256207SUSE bug 1256208SUSE bug 1256216SUSE bug 1256230SUSE bug 1256242SUSE bug 1256248SUSE bug 1256333SUSE bug 1256344SUSE bug 1256353SUSE bug 1256426SUSE bug 1256641SUSE bug 1256779CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDcpe:/o:suse:suse-microos:5.2Security update for glib2 (Important)SUSE Linux Enterprise Micro 5.2
This update for glib2 fixes the following issues:
- CVE-2026-1485: Fixed buffer underflow and out-of-bounds access due to integer wraparound in content type parsing (bsc#1257354).
- CVE-2026-1484: Fixed buffer underflow and out-of-bounds access due to miscalculated buffer boundaries in the Base64 encoding routine (bsc#1257355).
- CVE-2026-1489: Fixed undersized heap allocation followed by out-of-bounds access due to integer overflow in Unicode case conversion (bsc#1257353).
ImportantSUSE bug 1257353SUSE bug 1257354SUSE bug 1257355CVE-2026-1484 at SUSECVE-2026-1484 at NVDCVE-2026-1485 at SUSECVE-2026-1485 at NVDCVE-2026-1489 at SUSECVE-2026-1489 at NVDcpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2025-11234: Fixed use-after-free in websocket handshake code can lead to denial of service (bsc#1250984).
ImportantSUSE bug 1250984CVE-2025-11234 at SUSECVE-2025-11234 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsodium (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libsodium fixes the following issues:
- CVE-2025-15444: Fixed cryptographic bypass via improper elliptic curve point validation (bsc#1256070).
- CVE-2025-69277: Fixed incorrect validation of elliptic curve points in crypto_core_ed25519_is_valid_point function (bsc#1255764).
ModerateSUSE bug 1255764SUSE bug 1256070CVE-2025-15444 at SUSECVE-2025-15444 at NVDCVE-2025-69277 at SUSECVE-2025-69277 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50282: chardev: fix error handling in cdev_device_add() (bsc#1249739).
- CVE-2022-50630: mm: hugetlb: fix UAF in hugetlb_handle_userfault (bsc#1254785).
- CVE-2022-50700: wifi: ath10k: Delay the unmapping of the buffer (bsc#1255576).
- CVE-2022-50717: nvmet-tcp: add bounds check on Transfer Tag (bsc#1255844).
- CVE-2022-50726: net/mlx5: Fix possible use-after-free in async command interface (bsc#1256040).
- CVE-2022-50736: RDMA/siw: Fix immediate work request flush to completion queue (bsc#1256137).
- CVE-2022-50756: nvme-core: replace ctrl page size with a macro (bsc#1256216).
- CVE-2023-53215: sched/fair: Don't balance task to its current running CPU (bsc#1250397).
- CVE-2023-53254: cacheinfo: Fix shared_cpu_map to handle shared caches at different levels (bsc#1249871).
- CVE-2023-53761: USB: usbtmc: Fix direction for 0-length ioctl control messages (bsc#1255002).
- CVE-2023-53781: smc: Fix use-after-free in tcp_write_timer_handler() (bsc#1254751).
- CVE-2023-54142: gtp: Fix use-after-free in __gtp_encap_destroy() (bsc#1256095).
- CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053).
- CVE-2023-54243: netfilter: ebtables: fix table blob use-after-free (bsc#1255908).
- CVE-2025-38068: crypto: lzo - Fix compression buffer overrun (bsc#1245210).
- CVE-2025-38159: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (bsc#1245751).
- CVE-2025-40019: crypto: essiv - Check ssize for decryption and in-place encryption (bsc#1252678).
- CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).
- CVE-2025-40220: fuse: fix livelock in synchronous file put from fuseblk workers (bsc#1254520).
- CVE-2025-40233: ocfs2: clear extent cache after moving/defragmenting extents (bsc#1254813).
- CVE-2025-40277: drm/vmwgfx: Validate command header size against (bsc#1254894).
- CVE-2025-40280: tipc: Fix use-after-free in tipc_mon_reinit_self() (bsc#1254847).
- CVE-2025-40331: sctp: Prevent TOCTOU out-of-bounds write (bsc#1254615).
- CVE-2025-68813: ipvs: fix ipv4 null-ptr-deref in route error path (bsc#1256641).
- CVE-2025-71120: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (bsc#1256779).
ImportantSUSE bug 1065729SUSE bug 1196823SUSE bug 1204957SUSE bug 1206889SUSE bug 1207051SUSE bug 1207088SUSE bug 1207653SUSE bug 1209799SUSE bug 1213653SUSE bug 1213969SUSE bug 1225109SUSE bug 1228015SUSE bug 1245210SUSE bug 1245751SUSE bug 1249739SUSE bug 1249871SUSE bug 1250397SUSE bug 1252678SUSE bug 1254520SUSE bug 1254592SUSE bug 1254614SUSE bug 1254615SUSE bug 1254632SUSE bug 1254634SUSE bug 1254686SUSE bug 1254711SUSE bug 1254751SUSE bug 1254763SUSE bug 1254775SUSE bug 1254785SUSE bug 1254792SUSE bug 1254813SUSE bug 1254847SUSE bug 1254851SUSE bug 1254894SUSE bug 1254902SUSE bug 1254959SUSE bug 1255002SUSE bug 1255565SUSE bug 1255576SUSE bug 1255607SUSE bug 1255609SUSE bug 1255636SUSE bug 1255844SUSE bug 1255901SUSE bug 1255908SUSE bug 1255919SUSE bug 1256040SUSE bug 1256045SUSE bug 1256048SUSE bug 1256049SUSE bug 1256053SUSE bug 1256056SUSE bug 1256064SUSE bug 1256095SUSE bug 1256127SUSE bug 1256132SUSE bug 1256136SUSE bug 1256137SUSE bug 1256143SUSE bug 1256154SUSE bug 1256165SUSE bug 1256194SUSE bug 1256203SUSE bug 1256207SUSE bug 1256208SUSE bug 1256216SUSE bug 1256230SUSE bug 1256242SUSE bug 1256248SUSE bug 1256333SUSE bug 1256344SUSE bug 1256353SUSE bug 1256426SUSE bug 1256641SUSE bug 1256779CVE-2022-0854 at SUSECVE-2022-0854 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-50282 at SUSECVE-2022-50282 at NVDCVE-2022-50623 at SUSECVE-2022-50623 at NVDCVE-2022-50630 at SUSECVE-2022-50630 at NVDCVE-2022-50635 at SUSECVE-2022-50635 at NVDCVE-2022-50640 at SUSECVE-2022-50640 at NVDCVE-2022-50641 at SUSECVE-2022-50641 at NVDCVE-2022-50644 at SUSECVE-2022-50644 at NVDCVE-2022-50646 at SUSECVE-2022-50646 at NVDCVE-2022-50649 at SUSECVE-2022-50649 at NVDCVE-2022-50668 at SUSECVE-2022-50668 at NVDCVE-2022-50671 at SUSECVE-2022-50671 at NVDCVE-2022-50678 at SUSECVE-2022-50678 at NVDCVE-2022-50700 at SUSECVE-2022-50700 at NVDCVE-2022-50703 at SUSECVE-2022-50703 at NVDCVE-2022-50709 at SUSECVE-2022-50709 at NVDCVE-2022-50717 at SUSECVE-2022-50717 at NVDCVE-2022-50726 at SUSECVE-2022-50726 at NVDCVE-2022-50730 at SUSECVE-2022-50730 at NVDCVE-2022-50731 at SUSECVE-2022-50731 at NVDCVE-2022-50733 at SUSECVE-2022-50733 at NVDCVE-2022-50736 at SUSECVE-2022-50736 at NVDCVE-2022-50742 at SUSECVE-2022-50742 at NVDCVE-2022-50744 at SUSECVE-2022-50744 at NVDCVE-2022-50756 at SUSECVE-2022-50756 at NVDCVE-2022-50758 at SUSECVE-2022-50758 at NVDCVE-2022-50767 at SUSECVE-2022-50767 at NVDCVE-2022-50814 at SUSECVE-2022-50814 at NVDCVE-2022-50821 at SUSECVE-2022-50821 at NVDCVE-2022-50823 at SUSECVE-2022-50823 at NVDCVE-2022-50827 at SUSECVE-2022-50827 at NVDCVE-2022-50828 at SUSECVE-2022-50828 at NVDCVE-2022-50840 at SUSECVE-2022-50840 at NVDCVE-2022-50843 at SUSECVE-2022-50843 at NVDCVE-2022-50850 at SUSECVE-2022-50850 at NVDCVE-2022-50870 at SUSECVE-2022-50870 at NVDCVE-2022-50876 at SUSECVE-2022-50876 at NVDCVE-2022-50880 at SUSECVE-2022-50880 at NVDCVE-2022-50884 at SUSECVE-2022-50884 at NVDCVE-2022-50889 at SUSECVE-2022-50889 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-53215 at SUSECVE-2023-53215 at NVDCVE-2023-53254 at SUSECVE-2023-53254 at NVDCVE-2023-53761 at SUSECVE-2023-53761 at NVDCVE-2023-53781 at SUSECVE-2023-53781 at NVDCVE-2023-54019 at SUSECVE-2023-54019 at NVDCVE-2023-54024 at SUSECVE-2023-54024 at NVDCVE-2023-54110 at SUSECVE-2023-54110 at NVDCVE-2023-54142 at SUSECVE-2023-54142 at NVDCVE-2023-54168 at SUSECVE-2023-54168 at NVDCVE-2023-54170 at SUSECVE-2023-54170 at NVDCVE-2023-54242 at SUSECVE-2023-54242 at NVDCVE-2023-54243 at SUSECVE-2023-54243 at NVDCVE-2023-54270 at SUSECVE-2023-54270 at NVDCVE-2025-38068 at SUSECVE-2025-38068 at NVDCVE-2025-38159 at SUSECVE-2025-38159 at NVDCVE-2025-40019 at SUSECVE-2025-40019 at NVDCVE-2025-40215 at SUSECVE-2025-40215 at NVDCVE-2025-40220 at SUSECVE-2025-40220 at NVDCVE-2025-40233 at SUSECVE-2025-40233 at NVDCVE-2025-40256 at SUSECVE-2025-40256 at NVDCVE-2025-40277 at SUSECVE-2025-40277 at NVDCVE-2025-40280 at SUSECVE-2025-40280 at NVDCVE-2025-40331 at SUSECVE-2025-40331 at NVDCVE-2025-68813 at SUSECVE-2025-68813 at NVDCVE-2025-71120 at SUSECVE-2025-71120 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit-podman (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit-podman fixes the following issues:
- CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324)
ImportantSUSE bug 1257324CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:suse-microos:5.2Security update for expat (Moderate)SUSE Linux Enterprise Micro 5.2
This update for expat fixes the following issues:
- CVE-2026-24515: Fixed a null dereference in XML_ExternalEntityParserCreate. (bsc#1257144)
- CVE-2026-25210: Fixed an integer overflow in doContent. (bsc#1257496)
ModerateSUSE bug 1257144SUSE bug 1257496CVE-2026-24515 at SUSECVE-2026-24515 at NVDCVE-2026-25210 at SUSECVE-2026-25210 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit-machines (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit-machines fixes the following issues:
- CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324)
ImportantSUSE bug 1257325CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:suse-microos:5.2Security update for cockpit-machines (Important)SUSE Linux Enterprise Micro 5.2
This update for cockpit-machines fixes the following issues:
- CVE-2025-13465: Update the lodash dependencie to avoid prototype pollution. (bsc#1257324)
ImportantSUSE bug 1257325CVE-2025-13465 at SUSECVE-2025-13465 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup2 (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup2 fixes the following issues:
- CVE-2026-1761: Check length of bytes read in soup_filter_input_stream_read_until to avoid a stack-based buffer
overflow (bsc#1257598).
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
ImportantSUSE bug 1256418SUSE bug 1257598CVE-2026-0716 at SUSECVE-2026-0716 at NVDCVE-2026-1761 at SUSECVE-2026-1761 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-pyasn1 (Important)SUSE Linux Enterprise Micro 5.2
This update for python-pyasn1 fixes the following issues:
- CVE-2026-23490: Fixed malformed RELATIVE-OID with excessive continuation
octets leading to Denial of Service (bsc#1256902)
ImportantSUSE bug 1256902CVE-2026-23490 at SUSECVE-2026-23490 at NVDcpe:/o:suse:suse-microos:5.2Security update for sqlite3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for sqlite3 fixes the following issues:
- Update to v3.51.2:
- CVE-2025-7709: Fixed an integer overflow in the FTS5 extension. (bsc#1254670)
ModerateSUSE bug 1248586SUSE bug 1254670CVE-2025-7709 at SUSECVE-2025-7709 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozjs60 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for mozjs60 fixes the following issues:
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)
ModerateSUSE bug 1230036SUSE bug 1230037SUSE bug 1230038SUSE bug 1232602CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDCVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-urllib3 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-urllib3_1 fixes the following issues:
- CVE-2025-66471: excessive resource consumption via decompression of highly compressed data in Streaming API (bsc#1254867).
- CVE-2025-66418: resource exhaustion via unbounded number of links in the decompression chain (bsc#1254866).
- CVE-2026-21441: excessive resource consumption during decompression of data in HTTP redirect responses (bsc#1256331).
ModerateSUSE bug 1254866SUSE bug 1254867SUSE bug 1256331CVE-2025-66418 at SUSECVE-2025-66418 at NVDCVE-2025-66471 at SUSECVE-2025-66471 at NVDCVE-2026-21441 at SUSECVE-2026-21441 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2025-4476: null pointer dereference may lead to denial of service (bsc#1243422).
ModerateSUSE bug 1243422CVE-2025-4476 at SUSECVE-2025-4476 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: Use 'hash' iterators to simplify code (bsc#1257232).
ImportantSUSE bug 1223007SUSE bug 1235905SUSE bug 1236104SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1240284SUSE bug 1244904SUSE bug 1245110SUSE bug 1245723SUSE bug 1248306SUSE bug 1248377SUSE bug 1249699SUSE bug 1249827SUSE bug 1251201SUSE bug 1253409SUSE bug 1255171SUSE bug 1255594SUSE bug 1256612SUSE bug 1256623SUSE bug 1256726SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit (bsc#1255594).
- CVE-2025-38129: page_pool: fix inconsistency for page_pool_ring_lock() (bsc#1245723).
- CVE-2025-40139: net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward (bsc#1253409).
- CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
- CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
- CVE-2025-71089: iommu: disable SVA when CONFIG_X86 is set (bsc#1256612).
- CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
- CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
- CVE-2026-23001: macvlan: Use 'hash' iterators to simplify code (bsc#1257232).
ImportantSUSE bug 1223007SUSE bug 1235905SUSE bug 1236104SUSE bug 1237885SUSE bug 1237906SUSE bug 1238414SUSE bug 1238754SUSE bug 1238763SUSE bug 1240284SUSE bug 1244904SUSE bug 1245110SUSE bug 1245723SUSE bug 1248306SUSE bug 1248377SUSE bug 1249699SUSE bug 1249827SUSE bug 1251201SUSE bug 1253409SUSE bug 1255171SUSE bug 1255594SUSE bug 1256612SUSE bug 1256623SUSE bug 1256726SUSE bug 1256792SUSE bug 1257232SUSE bug 1257236CVE-2022-49604 at SUSECVE-2022-49604 at NVDCVE-2022-49943 at SUSECVE-2022-49943 at NVDCVE-2022-49980 at SUSECVE-2022-49980 at NVDCVE-2022-50329 at SUSECVE-2022-50329 at NVDCVE-2022-50488 at SUSECVE-2022-50488 at NVDCVE-2022-50697 at SUSECVE-2022-50697 at NVDCVE-2023-52923 at SUSECVE-2023-52923 at NVDCVE-2023-52983 at SUSECVE-2023-52983 at NVDCVE-2023-53178 at SUSECVE-2023-53178 at NVDCVE-2024-26832 at SUSECVE-2024-26832 at NVDCVE-2024-54031 at SUSECVE-2024-54031 at NVDCVE-2025-21760 at SUSECVE-2025-21760 at NVDCVE-2025-21764 at SUSECVE-2025-21764 at NVDCVE-2025-21765 at SUSECVE-2025-21765 at NVDCVE-2025-21766 at SUSECVE-2025-21766 at NVDCVE-2025-38129 at SUSECVE-2025-38129 at NVDCVE-2025-38563 at SUSECVE-2025-38563 at NVDCVE-2025-38565 at SUSECVE-2025-38565 at NVDCVE-2025-40139 at SUSECVE-2025-40139 at NVDCVE-2025-68312 at SUSECVE-2025-68312 at NVDCVE-2025-71085 at SUSECVE-2025-71085 at NVDCVE-2025-71089 at SUSECVE-2025-71089 at NVDCVE-2025-71112 at SUSECVE-2025-71112 at NVDCVE-2026-22999 at SUSECVE-2026-22999 at NVDCVE-2026-23001 at SUSECVE-2026-23001 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2025-14524: bearer token leak on cross-protocol redirect (bsc#1255731).
- CVE-2025-14819: libssh global knownhost override (bsc#1255732).
- CVE-2025-15079: libssh key passphrase bypass without agent set (bsc#1255733).
- CVE-2025-15224: OpenSSL partial chain store policy bypass (bsc#1255734).
ModerateSUSE bug 1255731SUSE bug 1255732SUSE bug 1255733SUSE bug 1255734CVE-2025-14524 at SUSECVE-2025-14524 at NVDCVE-2025-14819 at SUSECVE-2025-14819 at NVDCVE-2025-15079 at SUSECVE-2025-15079 at NVDCVE-2025-15224 at SUSECVE-2025-15224 at NVDcpe:/o:suse:suse-microos:5.2Security update for libpcap (Low)SUSE Linux Enterprise Micro 5.2
This update for libpcap fixes the following issues:
- CVE-2025-11961: missing validation of provided MAC-48 address string in `pcap_ether_aton()` can lead to out-of-bounds
read and write (bsc#1255765).
LowSUSE bug 1255765CVE-2025-11961 at SUSECVE-2025-11961 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libssh fixes the following issues:
- CVE-2026-0964: improper sanitation of paths received from SCP servers can cause path traversal (bsc#1258049).
- CVE-2026-0965: possible denial of service when parsing unexpected configuration files (bsc#1258045).
- CVE-2026-0966: buffer underflow in ssh_get_hexa() on invalid input (bsc#1258054).
- CVE-2026-0967: specially crafted patterns could cause denial of service (bsc#1258081).
- CVE-2026-0968: malformed SFTP message can lead to out of bound read (bsc#1258080).
ModerateSUSE bug 1258045SUSE bug 1258049SUSE bug 1258054SUSE bug 1258080SUSE bug 1258081CVE-2026-0964 at SUSECVE-2026-0964 at NVDCVE-2026-0965 at SUSECVE-2026-0965 at NVDCVE-2026-0966 at SUSECVE-2026-0966 at NVDCVE-2026-0967 at SUSECVE-2026-0967 at NVDCVE-2026-0968 at SUSECVE-2026-0968 at NVDcpe:/o:suse:suse-microos:5.2Security update for libxml2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libxml2 fixes the following issues:
- CVE-2026-0990: Fixed a call stack overflow leading to application crash due to infinite recursion in `xmlCatalogXMLResolveURI`. (bsc#1256807, bsc#1256811)
- CVE-2026-0992: Fixed an excessive resource consumption when processing XML catalogs due to exponential behavior. (bsc#1256809, bsc#1256812)
- CVE-2026-1757: Fixed a memory leak in the `xmllint` interactive shell. (bsc#1257594, bsc#1257595)
- CVE-2025-10911: Fixed a use-after-free with key data stored cross-RVT. (bsc#1250553)
ModerateSUSE bug 1250553SUSE bug 1256807SUSE bug 1256808SUSE bug 1256809SUSE bug 1256811SUSE bug 1256812SUSE bug 1257593SUSE bug 1257594SUSE bug 1257595CVE-2025-10911 at SUSECVE-2025-10911 at NVDCVE-2026-0990 at SUSECVE-2026-0990 at NVDCVE-2026-0992 at SUSECVE-2026-0992 at NVDCVE-2026-1757 at SUSECVE-2026-1757 at NVDcpe:/o:suse:suse-microos:5.2Security update for libpng16 (Important)SUSE Linux Enterprise Micro 5.2
This update for libpng16 fixes the following issues:
- CVE-2025-28162: memory leaks when running `pngimage` (bsc#1257364).
- CVE-2025-28164: memory leaks when running `pngimage` (bsc#1257365).
- CVE-2026-22695: heap buffer over-read in png_image_finish_read (bsc#1256525).
- CVE-2026-22801: integer truncation causing heap buffer over-read in png_image_write_* (bsc#1256526).
- CVE-2026-25646: heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020).
ImportantSUSE bug 1256525SUSE bug 1256526SUSE bug 1257364SUSE bug 1257365SUSE bug 1258020CVE-2025-28162 at SUSECVE-2025-28162 at NVDCVE-2025-28164 at SUSECVE-2025-28164 at NVDCVE-2026-22695 at SUSECVE-2026-22695 at NVDCVE-2026-22801 at SUSECVE-2026-22801 at NVDCVE-2026-25646 at SUSECVE-2026-25646 at NVDcpe:/o:suse:suse-microos:5.2Security update for protobuf (Moderate)SUSE Linux Enterprise Micro 5.2
This update for protobuf fixes the following issues:i
- CVE-2026-0994: Fixed google.protobuf.Any recursion depth bypass in Python json_format.ParseDict (bsc#1257173).
ModerateSUSE bug 1257173CVE-2026-0994 at SUSECVE-2026-0994 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2025-32049: denial of Service attack to websocket server (bsc#1240751).
- CVE-2026-2369: buffer overread due to integer underflow when handling zero-length resources (bsc#1258120).
- CVE-2026-2443: out-of-bounds read when processing specially crafted HTTP Range headers can lead to heap information
disclosure to remote attackers (bsc#1258170).
- CVE-2026-2708: HTTP request smuggling via duplicate Content-Length headers (bsc#1258508).
ImportantSUSE bug 1240751SUSE bug 1258120SUSE bug 1258170SUSE bug 1258508CVE-2025-32049 at SUSECVE-2025-32049 at NVDCVE-2026-2369 at SUSECVE-2026-2369 at NVDCVE-2026-2443 at SUSECVE-2026-2443 at NVDCVE-2026-2708 at SUSECVE-2026-2708 at NVDcpe:/o:suse:suse-microos:5.2Security update for python3 (Important)SUSE Linux Enterprise Micro 5.2
This update for python3 fixes the following issues:
- CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable
characters (bsc#1257029).
- CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel
(bsc#1257031).
- CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042).
- CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044).
- CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046).
- CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041).
ImportantSUSE bug 1257029SUSE bug 1257031SUSE bug 1257041SUSE bug 1257042SUSE bug 1257044SUSE bug 1257046CVE-2025-11468 at SUSECVE-2025-11468 at NVDCVE-2025-15282 at SUSECVE-2025-15282 at NVDCVE-2025-15366 at SUSECVE-2025-15366 at NVDCVE-2025-15367 at SUSECVE-2025-15367 at NVDCVE-2026-0672 at SUSECVE-2026-0672 at NVDCVE-2026-0865 at SUSECVE-2026-0865 at NVDcpe:/o:suse:suse-microos:5.2Security update for docker (Moderate)SUSE Linux Enterprise Micro 5.2
This update for docker fixes the following issues:
- CVE-2025-58181: Fixed a bug in crypto/ssh where invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253904)
ModerateSUSE bug 1253904CVE-2025-58181 at SUSECVE-2025-58181 at NVDcpe:/o:suse:suse-microos:5.2Security update for ucode-intel (Important)SUSE Linux Enterprise Micro 5.2
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20260210 release (bsc#1258046)
- CVE-2024-24853: Updated fix for incorrect behavior order in transition
between executive monitor and SMI transfer monitor (STM) in some Intel(R)
Processor may allow a privileged user to potentially enable escalation
of privilege via local access. (bsc#1229129)
- CVE-2025-31648: Improper handling of values in the microcode flow for
some Intel Processor Family may allow an escalation of privilege. (bsc#1258046)
ImportantSUSE bug 1229129SUSE bug 1258046CVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2025-31648 at SUSECVE-2025-31648 at NVDcpe:/o:suse:suse-microos:5.2Security update for rsync (Moderate)SUSE Linux Enterprise Micro 5.2
This update for rsync fixes the following issues:
- CVE-2025-10158: Fixed out of bounds array access via negative index (bsc#1254441)
ModerateSUSE bug 1254441CVE-2025-10158 at SUSECVE-2025-10158 at NVDcpe:/o:suse:suse-microos:5.2Security update for gpg2 (Moderate)SUSE Linux Enterprise Micro 5.2
This update for gpg2 fixes the following issues:
Security fix:
- Fixed GnuPG accepting Path Separators and Path Traversals
in Literal Data (bsc#1256389)
ModerateSUSE bug 1256389cpe:/o:suse:suse-microos:5.2Security update for qemu (Important)SUSE Linux Enterprise Micro 5.2
This update for qemu fixes the following issues:
- CVE-2024-6505: Fixed queue index out-of-bounds access in software RSS (bsc#1227397)
- CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554)
ImportantSUSE bug 1209554SUSE bug 1227397CVE-2023-1544 at SUSECVE-2023-1544 at NVDCVE-2024-6505 at SUSECVE-2024-6505 at NVDcpe:/o:suse:suse-microos:5.2Security update for mozilla-nss (Moderate)SUSE Linux Enterprise Micro 5.2
This update for mozilla-nss fixes the following issues:
update to NSS 3.112.3:
* CVE-2026-2781: Avoid integer overflow in platform-independent ghash (bsc#1258568)
ModerateSUSE bug 1258568CVE-2026-2781 at SUSECVE-2026-2781 at NVDcpe:/o:suse:suse-microos:5.2Security update for shim (Moderate)SUSE Linux Enterprise Micro 5.2
This update for shim fixes the following issues:
shim is updated to version 16.1:
- shim_start_image(): fix guid/handle pairing when uninstalling protocols
- Fix uncompressed ipv6 netboot
- fix test segfaults caused by uninitialized memory
- SbatLevel_Variable.txt: minor typo fix.
- Realloc() needs to allocate one more byte for sprintf()
- IPv6: Add more check to avoid multiple double colon and illegal char
- Loader proto v2
- loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
- Generate Authenticode for the entire PE file
- README: mention new loader protocol and interaction with UKIs
- shim: change automatically enable MOK_POLICY_REQUIRE_NX
- Save var info
- add SbatLevel entry 2025051000 for PSA-2025-00012-1
- Coverity fixes 20250804
- fix http boot
- Fix double free and leak in the loader protocol
shim is updated to version 16.0:
- Validate that a supplied vendor cert is not in PEM format
- sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
- sbat: Also bump latest for grub,4 (and to todays date)
- undo change that limits certificate files to a single file
- shim: don't set second_stage to the empty string
- Fix SBAT.md for today's consensus about numbers
- Update Code of Conduct contact address
- make-certs: Handle missing OpenSSL installation
- Update MokVars.txt
- export DEFINES for sub makefile
- Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
- Null-terminate 'arguments' in fallback
- Fix 'Verifiying' typo in error message
- Update Fedora CI targets
- Force gcc to produce DWARF4 so that gdb can use it
- Minor housekeeping 2024121700
- Discard load-options that start with WINDOWS
- Fix the issue that the gBS->LoadImage pointer was empty.
- shim: Allow data after the end of device path node in load options
- Handle network file not found like disks
- Update gnu-efi submodule for EFI_HTTP_ERROR
- Increase EFI file alignment
- avoid EFIv2 runtime services on Apple x86 machines
- Improve shortcut performance when comparing two boolean expressions
- Provide better error message when MokManager is not found
- tpm: Boot with a warning if the event log is full
- MokManager: remove redundant logical constraints
- Test import_mok_state() when MokListRT would be bigger than available size
- test-mok-mirror: minor bug fix
- Fix file system browser hang when enrolling MOK from disk
- Ignore a minor clang-tidy nit
- Allow fallback to default loader when encountering errors on network boot
- test.mk: don't use a temporary random.bin
- pe: Enhance debug report for update_mem_attrs
- Multiple certificate handling improvements
- Generate SbatLevel Metadata from SbatLevel_Variable.txt
- Apply EKU check with compile option
- Add configuration option to boot an alternative 2nd stage
- Loader protocol (with Device Path resolution support)
- netboot cleanup for additional files
- Document how revocations can be delivered
- post-process-pe: add tests to validate NX compliance
- regression: CopyMem() in ad8692e copies out of bounds
- Save the debug and error logs in mok-variables
- Add features for the Host Security ID program
- Mirror some more efi variables to mok-variables
- This adds DXE Services measurements to HSI and uses them for NX
- Add shim's current NX_COMPAT status to HSIStatus
- README.tpm: reflect that vendor_db is in fact logged as 'vendor_db'
- Reject HTTP message with duplicate Content-Length header fields
- Disable log saving
- fallback: don't add new boot order entries backwards
- README.tpm: Update MokList entry to MokListRT
- SBAT Level update for February 2025 GRUB CVEs
ModerateSUSE bug 1240871SUSE bug 1247432CVE-2024-2312 at SUSECVE-2024-2312 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Moderate)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2025-14017: Fixed broken TLS options for threaded LDAPS (bsc#1256105).
ModerateSUSE bug 1256105CVE-2025-14017 at SUSECVE-2025-14017 at NVDcpe:/o:suse:suse-microos:5.2Security update for libvirt (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libvirt fixes the following issues:
Security fixes:
- CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots (bsc#1253703)
- CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML (bsc#1253278)
Other fixes:
- libvirt-supportconfig: Add support for supportconfig.rc (bsc#1251822)
ModerateSUSE bug 1251822SUSE bug 1253278SUSE bug 1253703CVE-2025-12748 at SUSECVE-2025-12748 at NVDCVE-2025-13193 at SUSECVE-2025-13193 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Important)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issues:
- CVE-2026-1467: lack of input sanitization can lead to unintended or unauthorized HTTP requests (bsc#1257398).
- CVE-2026-1539: proxy authentication credentials leaked via the Proxy-Authorization header when handling HTTP redirects
(bsc#1257441).
- CVE-2026-1760: improper handling of HTTP requests combining certain headers by SoupServer can lead to HTTP request
smuggling and potential DoS (bsc#1257597).
ImportantSUSE bug 1257398SUSE bug 1257441SUSE bug 1257597CVE-2026-1467 at SUSECVE-2026-1467 at NVDCVE-2026-1539 at SUSECVE-2026-1539 at NVDCVE-2026-1760 at SUSECVE-2026-1760 at NVDcpe:/o:suse:suse-microos:5.2Security update for python-tornado (Moderate)SUSE Linux Enterprise Micro 5.2
This update for python-tornado fixes the following issue:
- CVE-2025-67724: missing validation of the supplied reason phrase (bsc#1254903).
ModerateSUSE bug 1254903CVE-2025-67724 at SUSECVE-2025-67724 at NVDcpe:/o:suse:suse-microos:5.2Security update for libsoup (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libsoup fixes the following issue:
- CVE-2026-0716: improper bounds handling may allow out-of-bounds read (bsc#1256418).
ModerateSUSE bug 1256418CVE-2026-0716 at SUSECVE-2026-0716 at NVDcpe:/o:suse:suse-microos:5.2Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.2
This update for util-linux fixes the following issues:
- CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' (bsc#1258859).
ModerateSUSE bug 1258859CVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:suse-microos:5.2Security update for curl (Important)SUSE Linux Enterprise Micro 5.2
This update for curl fixes the following issues:
- CVE-2026-1965: bad reuse of HTTP Negotiate connection (bsc#1259362).
- CVE-2026-3783: token leak with redirect and netrc (bsc#1259363).
- CVE-2026-3784: wrong proxy connection reuse with credentials (bsc#1259364).
- CVE-2026-3805: use after free in SMB connection reuse (bsc#1259365).
ImportantSUSE bug 1259362SUSE bug 1259363SUSE bug 1259364SUSE bug 1259365CVE-2026-1965 at SUSECVE-2026-1965 at NVDCVE-2026-3783 at SUSECVE-2026-3783 at NVDCVE-2026-3784 at SUSECVE-2026-3784 at NVDCVE-2026-3805 at SUSECVE-2026-3805 at NVDcpe:/o:suse:suse-microos:5.2Security update for glibc (Important)SUSE Linux Enterprise Micro 5.2
This update for glibc fixes the following issues:
- CVE-2026-0861: memalign: reinstate alignment overflow check (bsc#1256766)
- CVE-2026-0915: resolv: Fix NSS DNS backend for getnetbyaddr (bsc#1256822)
- CVE-2025-15281: posix: Reset wordexp_t fields with WRDE_REUSE (bsc#1257005)
- CVE-2025-8058: posix: Fix double-free after allocation failure in regcomp (bsc#1246965)
ImportantSUSE bug 1246965SUSE bug 1256766SUSE bug 1256822SUSE bug 1257005CVE-2025-15281 at SUSECVE-2025-15281 at NVDCVE-2025-8058 at SUSECVE-2025-8058 at NVDCVE-2026-0861 at SUSECVE-2026-0861 at NVDCVE-2026-0915 at SUSECVE-2026-0915 at NVDcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255163).
- CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (bsc#1255049).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
(bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
The following non security issues were fixed:
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1246166SUSE bug 1247177SUSE bug 1255049SUSE bug 1255163SUSE bug 1255401SUSE bug 1256645SUSE bug 1257231SUSE bug 1257735SUSE bug 1257749SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258849CVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-38224 at SUSECVE-2025-38224 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDcpe:/o:suse:suse-microos:5.2Security update for jq (Low)SUSE Linux Enterprise Micro 5.2
This update for jq fixes the following issue:
- CVE-2025-9403: test suite assertion failure in JSON parsing consistency validation (bsc#1248600).
LowSUSE bug 1248600CVE-2025-9403 at SUSECVE-2025-9403 at NVDcpe:/o:suse:suse-microos:5.2Security update for libssh (Moderate)SUSE Linux Enterprise Micro 5.2
This update for libssh fixes the following issues:
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377).
ModerateSUSE bug 1259377CVE-2026-3731 at SUSECVE-2026-3731 at NVDcpe:/o:suse:suse-microos:5.2Security update for runc (Important)SUSE Linux Enterprise Micro 5.2
This update for runc rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:suse-microos:5.2Security update for docker (Important)SUSE Linux Enterprise Micro 5.2
This update for docker rebuilds it against the current go 1.25 security release.
Importantcpe:/o:suse:suse-microos:5.2Security update for the Linux Kernel (Important)SUSE Linux Enterprise Micro 5.2
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1255163).
- CVE-2023-53827: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (bsc#1255049).
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-38224: can: kvaser_pciefd: refine error prone echo_skb_max handling logic (bsc#1246166).
- CVE-2025-38375: virtio-net: ensure the received length does not exceed allocated size (bsc#1247177).
- CVE-2025-68285: libceph: fix potential use-after-free in have_mon_and_osd_map() (bsc#1255401).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
ImportantSUSE bug 1238917SUSE bug 1246166SUSE bug 1247177SUSE bug 1255049SUSE bug 1255163SUSE bug 1255401SUSE bug 1256645SUSE bug 1257231SUSE bug 1257735SUSE bug 1257749SUSE bug 1257790SUSE bug 1258340SUSE bug 1258395SUSE bug 1258849CVE-2023-53794 at SUSECVE-2023-53794 at NVDCVE-2023-53827 at SUSECVE-2023-53827 at NVDCVE-2025-21738 at SUSECVE-2025-21738 at NVDCVE-2025-38224 at SUSECVE-2025-38224 at NVDCVE-2025-38375 at SUSECVE-2025-38375 at NVDCVE-2025-68285 at SUSECVE-2025-68285 at NVDCVE-2025-71066 at SUSECVE-2025-71066 at NVDCVE-2026-23004 at SUSECVE-2026-23004 at NVDCVE-2026-23060 at SUSECVE-2026-23060 at NVDCVE-2026-23074 at SUSECVE-2026-23074 at NVDCVE-2026-23089 at SUSECVE-2026-23089 at NVDCVE-2026-23191 at SUSECVE-2026-23191 at NVDCVE-2026-23204 at SUSECVE-2026-23204 at NVDCVE-2026-23268 at SUSECVE-2026-23268 at NVDCVE-2026-23269 at SUSECVE-2026-23269 at NVDcpe:/o:suse:suse-microos:5.2Security update for util-linux (Moderate)SUSE Linux Enterprise Micro 5.2
This update for util-linux fixes the following issues:
Security issue:
- CVE-2026-3184: access control bypass due to improper hostname canonicalization in `login` (bsc#1258859).
Non security issues:
- recognize fuse 'portal' as a virtual file system (bsc#1234736).
- fdisk: fix possible partition overlay and data corruption if EBR gap is missing (bsc#1222465).
ModerateSUSE bug 1222465SUSE bug 1234736SUSE bug 1258859CVE-2026-3184 at SUSECVE-2026-3184 at NVDcpe:/o:suse:suse-microos:5.2Security update for systemd (Important)SUSE Linux Enterprise Micro 5.2
This update for systemd fixes the following issues:
- CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method (bsc#1259650).
- CVE-2026-29111: local unprivileged user can trigger an assert in systemd (bsc#1259418).
- udev: check for invalid chars in various fields received from the kernel (bsc#1259697).
Changelog:
- 566517ffcb machined: reject invalid class types when registering machines
- abbdd89d78 udev: fix review mixup
- c9cedd26be udev-builtin-net-id: print cescaped bad attributes
- c0f4ec3db9 udev: ensure tag parsing stays within bounds
- 38afcb73cc udev: ensure there is space for trailing NUL before calling sprintf
- a64247de62 udev: check for invalid chars in various fields received from the kernel
- ecce32966e core/cgroup: avoid one unnecessary strjoina()
- 6abd2b5bd2 core: validate input cgroup path more prudently
- 2d7d93d6c1 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
ImportantSUSE bug 1259418SUSE bug 1259650SUSE bug 1259697CVE-2026-29111 at SUSECVE-2026-29111 at NVDCVE-2026-4105 at SUSECVE-2026-4105 at NVDcpe:/o:suse:suse-microos:5.2apparmor-parserSUSE-MicroOS-releaseaugeasaugeas-lenseslibaugeas0bashlibreadline7btrfsmaintenancechronychrony-pool-susecni-pluginscontainerdcoreutilscpiocracklibcracklib-dict-smalllibcrack2curllibcurl4dbus-1libdbus-1-3dbus-1-glibdockerdocker-libnetworkdocker-runcruncdracute2fsprogslibcom_err2libext2fs2elfutilslibasm1libdw1libebl-pluginslibelf1filefile-magiclibmagic1firewalldpython3-firewallfuselibfuse2gettext-runtimeglib2-toolslibgio-2_0-0libglib-2_0-0libgmodule-2_0-0libgobject-2_0-0glibcglibc-localeglibc-locale-basegpg2grepgrub2grub2-arm64-efigrub2-i386-pcgrub2-powerpc-ieee1275grub2-s390x-emugrub2-snapper-plugingrub2-x86_64-efigrub2-x86_64-xengstreamerlibgstreamer-1_0-0gstreamer-plugins-baselibgstallocators-1_0-0libgstapp-1_0-0libgstaudio-1_0-0libgstgl-1_0-0libgstpbutils-1_0-0libgstriff-1_0-0libgsttag-1_0-0libgstvideo-1_0-0hardlinkkdumpkernel-defaultkernel-firmwarekernel-rtkrb5lesslibX11-6libX11-datalibX11-xcb1libXext6libXrender1libXv1libaudit1libauparse0libblkid1libfdisk1libmount1libsmartcols1libuuid1util-linuxutil-linux-systemdlibbluetooth3libbsd0libbz2-1libcairo2libcontainers-commonlibcroco-0_6-3libevent-2_1-8libexpat1libfreebl3libsoftokn3mozilla-nssmozilla-nss-certslibfreetype6libgbm1libgcc_s1libstdc++6libgcrypt20libgnutls30libgraphite2-3libhogweed4libnettle6libidn11libidn2-0libjpeg8libjson-c3libksba8libldap-2_4-2libldap-dataliblua5_3-5liblz4-1liblzo2-2libmspack0libncurses6ncurses-utilsterminfoterminfo-baselibnghttp2-14libnm0typelib-1_0-NM-1_0libopenssl1_1openssl-1_1libopus0libpango-1_0-0libpcre1libpcre2-8-0libpng16-16libpolkit0polkitlibprocps7procpslibproxy1libpython3_6m1_0python3python3-baselibruby2_5-2_5ruby2.5ruby2.5-stdliblibseccomp2libsolv-toolslibspice-server1libsqlite3-0libssh2-1libssh4libsystemd0libudev1systemdsystemd-sysvinitudevlibtasn1libtasn1-6libthai-datalibthai0libunwindlibvirglrenderer0libvirt-libslibvmtools0open-vm-toolslibvorbis0libvorbisenc2libxkbcommon0libxml2-2libxml2-toolslibxslt1libyaml-0-2libyaml-cpp0_6libz1libzmq5libzstd1libzypplogrotatemozilla-nsprnfs-clientopenslpopensshopensslpamperlperl-basepermissionspodmanpodman-cni-configpolicycoreutilspolicycoreutils-python-utilspython3-policycoreutilspowerpc-utilspython3-Jinja2python3-PyYAMLpython3-requestspython3-saltsaltsalt-minionpython3-setuptoolspython3-urllib3qemuqemu-armqemu-ipxeqemu-ppcqemu-s390qemu-seabiosqemu-sgabiosqemu-toolsqemu-vgabiosqemu-x86rpcbindrpmrsyncshadowshimslirp4netnssquashfssudosupportutilstarucode-intelupdate-alternativesvim-data-commonvim-smallwickedwicked-servicewpa_supplicantxen-libszypperzypper-needs-restartingapparmor-abstractionspam_apparmorbzip2coolkeycryptsetuplibcryptsetup12libcryptsetup12-hmaccyrus-saslcyrus-sasl-digestmd5cyrus-sasl-gssapilibsasl2-3dnsmasqdracut-fipsiscsiuiolibopeniscsiusr0_2_0open-iscsijqlibjq1kernel-firmware-allkernel-firmware-amdgpukernel-firmware-ath10kkernel-firmware-ath11kkernel-firmware-atheroskernel-firmware-bluetoothkernel-firmware-bnx2kernel-firmware-brcmkernel-firmware-chelsiokernel-firmware-dpaa2kernel-firmware-i915kernel-firmware-intelkernel-firmware-iwlwifikernel-firmware-liquidiokernel-firmware-marvellkernel-firmware-mediakernel-firmware-mediatekkernel-firmware-mellanoxkernel-firmware-mwifiexkernel-firmware-networkkernel-firmware-nfpkernel-firmware-nvidiakernel-firmware-platformkernel-firmware-presterakernel-firmware-qlogickernel-firmware-radeonkernel-firmware-realtekkernel-firmware-serialkernel-firmware-soundkernel-firmware-tikernel-firmware-ueaglekernel-firmware-usb-networkucode-amdlibcares2libekmfweb1s390-toolslibfreebl3-hmaclibsoftokn3-hmacmozilla-nss-toolslibgcrypt20-hmaclibgnutls30-hmaclibhivex0perl-Win-Hivexlibjansson4libldb2libmicrohttpd12libopenssl-1_1-devellibopenssl1_1-hmaclibpcap1libpcsclite1pcsc-litelibrados2librbd1libslirp0libsss_certmap0libsss_idmap0libsss_nss_idmap0sssdsssd-commonsssd-krb5-commonsssd-ldapsystemd-containersystemd-journal-remotelibtirpc-netconfiglibtirpc3libtpms0libvirt-daemonlibvirt-daemon-driver-interfacelibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-iscsi-directlibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-daemon-qemulogin_defsnfs-kernel-serveropenscopenssh-clientsopenssh-commonopenssh-fipsopenssh-serverpolicycoreutils-develprocmailpython3-cryptographypython3-pysalt-transactional-updateqemu-s390xqemu-ovmf-x86_64qemu-uefi-aarch64swtpmsysstattrousersafterburnafterburn-dracutaideavahilibavahi-client3libavahi-common3libavahi-core7aws-clicifs-utilsconntrack-toolscups-configlibcups2dbus-1-x11gdk-pixbuf-loader-rsvglibrsvg-2-2gdk-pixbuf-query-loaderslibgdk_pixbuf-2_0-0typelib-1_0-GdkPixbuf-2_0glib-networkinggnutlsgrofflibXcursor1libXfixes3libXi6libXinerama1libXrandr2libXtst6libbrotlicommon1libbrotlidec1libcairo-gobject2libfribidi0libgmp10libjbig2liblcms2-2libosinfolibosinfo-1_0-0typelib-1_0-Libosinfo-1_0libp11-kit0p11-kitp11-kit-toolstypelib-1_0-Pango-1_0libsoup-2_4-1libtiff5libvirt-clientpython3-libxml2-pythonzstdpython-azure-agentpython3-Babelpython3-rsaqemu-audio-spiceqemu-chardev-spiceqemu-guest-agentqemu-hw-display-qxlqemu-hw-display-virtio-gpuqemu-hw-display-virtio-vgaqemu-hw-usb-redirectqemu-ui-openglqemu-ui-spice-coresamba-client-libssocatvirt-installvirt-manager-commonNetworkManagerSLE-Micro-releaselibapparmor1bash-shbcm43xx-firmwaredracut-mkinitrd-deprecatedglibc-develgptfdiskgtk2-toolslibgtk-2_0-0guestfs-dataguestfs-toolslibguestfs0perl-Sys-Guestfsgzipliblzma5xzhaproxykeepalivedkernel-firmware-qcomkubevirt-manifestskubevirt-virtctllibarchive13libkmipclient1libharfbuzz-gobject0libharfbuzz0typelib-1_0-HarfBuzz-0_0libhogweed6libnettle8libicu-suse65_1libicu65_1-bedatalibicu65_1-ledatalibmpfr6libndp0libprotobuf-lite20libsnmp30snmp-mibslibssh-configlibtss2-esys0libtss2-fapi1libtss2-mu0libtss2-rc0libtss2-sys1libtss2-tcti-device0libtss2-tctildr0tpm2-0-tsslibudisks2-0libudisks2-0_btrfslibudisks2-0_lvm2udisks2libvirglrenderer1python3-libxml2libyajl2zlib-develpam_u2fperl-ExtUtils-MakeMakerpython3-M2Cryptopython3-lxmlqemu-SLOFqemu-accel-tcg-x86tpm2.0-toolsu-boot-rpiarm64NetworkManager-bluetoothNetworkManager-cloud-setupNetworkManager-pppoeNetworkManager-tuiNetworkManager-wwancniconmoncontainerized-data-importer-manifestsdb48-utilslibdb-4_8kpartxlibmpath0multipath-toolslibcolord2libnewt0_52libonig4libpixman-1-0libsepol2libsnmp40sqlite3-tclppppython3-certifipython3-futuresamba-libsMesaMesa-driMesa-galliumMesa-libEGL1Mesa-libGL1Mesa-libglapi0dmidecodegawkgitgit-coreperl-Gitlibopeniscsiusr0libXxf86vm1libbpf1libcap2libcontainers-sles-mountslibpolkit-agent-1-0libpolkit-gobject-1-0libsha1detectcoll1podman-dockerpython3-configobjpython3-tornadoqemu-block-curlskopeokernel-default-basedrbdlibwayland-client0libwayland-cursor0libwayland-egl1libwayland-server0xxdtftpboot-installation-SLE-Micro-5.3-aarch64tftpboot-installation-SLE-Micro-5.3-s390xtftpboot-installation-SLE-Micro-5.3-x86_64python3-jmespathpython3-plypython3-simplejsonpython3-pyzmqtcllibopenssl3libxmlsec1-1libxmlsec1-openssl1ca-certificates-mozillalibicu73_2libicu73_2-bedatalibicu73_2-ledatamdadmlibeconf0suse-module-toolslibzck-devellibzck1zchunkkernel-firmware-nvidia-gspx-G06nvidia-open-driver-G06-signed-kmp-defaultfdo-clientfdo-client-develtraceroutesuse-build-keykernel-source-rtpython3-idnalibprotobuf-lite25_1_0podman-remotecockpitcockpit-bridgecockpit-networkmanagercockpit-selinuxcockpit-storagedcockpit-systemcockpit-wspython3-dnspythongtk3-datagtk3-schemagtk3-toolslibgtk-3-0typelib-1_0-Gtk-3_0liborc-0_4-0libatomic1libabsl2308_0_0libmozjs-60system-user-brlttys390-tools-genprotimg-dataiputilsscreenpam_pkcs11libbd_btrfs2libbd_crypto2libbd_fs2libbd_loop2libbd_lvm2libbd_mdraid2libbd_part2libbd_swap2libbd_utils2libblockdevlibblockdev2ignitionignition-dracut-grub2pam-configboost-license1_66_0libboost_system1_66_0libboost_thread1_66_0kernel-firmware-nvidia-gspx-G06-cudanv-prefer-signed-open-drivernvidia-open-driver-G06-signed-cuda-kmp-defaultrust-keylimeregionServiceClientConfigAzureregionServiceClientConfigEC2regionServiceClientConfigGCEnet-toolschrony-pool-emptylibprocps8python3-pyasn1libsodium23qemu-hw-display-virtio-gpu-pcidocker-buildxopenssl-ibmcatftpboot-installation-SLE-Micro-5.4-aarch64tftpboot-installation-SLE-Micro-5.4-s390xtftpboot-installation-SLE-Micro-5.4-x86_64cockpit-wickedpython3-rpmrpm-ndbopenCryptokipodmanshfwupdatefwupdate-efilibfwup1libunbound8unbound-anchorwgetbind-utilspython3-bindlibuv-devellibuv1helmhelm-bash-completionlibopenvswitch-3_1-0libovn-23_03-0openvswitch3openvswitch3-pkiopenvswitch3-vtepovn3ovn3-centralovn3-dockerovn3-hostovn3-vteppython3-ovs3google-guest-agentgoogle-osconfig-agentkernel-macrosdhcpdhcp-clientdhcp-develdhcp-relaydhcp-serverclamavlibclamav12libclammspack0libfreshclam3krb5-clientpython3-sssd-configsssd-adsssd-dbussssd-krb5sssd-toolsdpdk22dpdk22-kmp-defaultdpdk22-thunderxdpdk22-thunderx-kmp-defaultdpdk22-thunderx-toolsdpdk22-toolslibdpdk-23util-linux-extranet-snmpperl-SNMPlibabsl2401_0_0libcapstone4libfdt1python3-distropython3-asn1cryptopython3-cffipython3-pyOpenSSLpython3-pycparserlibesmtpkmodkmod-compatlibkmod2perl-Bootloaderaaa_basepython3-pytzdwarveslibdwarves-devellibdwarves1mokutillibtalloc2libtdb1libtevent0systemd-presets-common-SUSElibgpg-error0libfmt8libcrypt1libxcrypt-devellinux-glibc-develtftpboot-installation-SLE-Micro-5.1-aarch64tftpboot-installation-SLE-Micro-5.1-s390xtftpboot-installation-SLE-Micro-5.1-x86_64cockpit-dashboardcoreutils-doctftpboot-installation-SLE-Micro-5.2-aarch64tftpboot-installation-SLE-Micro-5.2-s390xtftpboot-installation-SLE-Micro-5.2-x86_64ca-certificates-mozilla-prebuiltcockpit-machinescockpit-tukitcockpit-podman(aarch64|ppc64le|s390x|x86_64)0:2.13.4-3.3.15.0(aarch64|ppc64le|s390x|x86_64)0:1.10.1-1.11(aarch64|ppc64le|s390x|x86_64)0:4.4-9.10.1(aarch64|ppc64le|s390x|x86_64)0:7.0-9.10.1(aarch64|ppc64le|s390x|x86_64)0:0.4.2-1.11(aarch64|ppc64le|s390x|x86_64)0:3.2-9.18.1(aarch64|ppc64le|s390x|x86_64)0:0.8.6-3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.3.9-5.29.3(aarch64|ppc64le|s390x|x86_64)0:8.29-2.12(aarch64|ppc64le|s390x|x86_64)0:2.12-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-11.3.1(aarch64|ppc64le|s390x|x86_64)0:7.66.0-4.11.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-8.3.1(aarch64|ppc64le|s390x|x86_64)0:0.108-1.29(aarch64|ppc64le|s390x|x86_64)0:19.03.15_ce-6.46.1(aarch64|ppc64le|s390x|x86_64)0:0.7.0.1+gitr2908_55e924b8a842-4.31.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0rc10+gitr3981_dc9208a3303f-6.45.3(aarch64|ppc64le|s390x|x86_64)0:1.0.0~rc10-1.9.1(aarch64|ppc64le|s390x|x86_64)0:049.1+suse.186.g320cc3d1-1.1(aarch64|ppc64le|s390x|x86_64)0:1.43.8-4.23.1(aarch64|ppc64le|s390x|x86_64)0:0.168-4.5.3(aarch64|ppc64le|s390x|x86_64)0:5.32-7.11.2(aarch64|ppc64le|s390x|x86_64)0:0.5.5-4.24.9(aarch64|ppc64le|s390x|x86_64)0:2.9.7-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.19.8.1-4.11.1(aarch64|ppc64le|s390x|x86_64)0:2.62.6-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.26-13.51.1(aarch64|ppc64le|s390x|x86_64)0:2.2.5-4.14.4(aarch64|ppc64le|s390x|x86_64)0:3.1-4.3.12(aarch64|ppc64le|s390x|x86_64)0:2.04-9.30.1(aarch64|ppc64le|s390x|x86_64)0:1.16.2-1.53(aarch64|ppc64le|s390x|x86_64)0:1.16.2-2.12(aarch64|ppc64le|s390x|x86_64)0:1.0+git.e66999f-1.25(aarch64|ppc64le|s390x|x86_64)0:0.9.0-11.3.1(aarch64|ppc64le|s390x|x86_64)0:5.3.18-24.49.2(aarch64|ppc64le|s390x|x86_64)0:20200107-3.15.1(aarch64|ppc64le|s390x|x86_64)0:5.3.18-8.3.1(aarch64|ppc64le|s390x|x86_64)0:1.16.3-3.15.1(aarch64|ppc64le|s390x|x86_64)0:530-1.6(aarch64|ppc64le|s390x|x86_64)0:1.6.5-3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.3.3-1.30(aarch64|ppc64le|s390x|x86_64)0:0.9.10-1.30(aarch64|ppc64le|s390x|x86_64)0:1.0.11-1.23(aarch64|ppc64le|s390x|x86_64)0:2.8.1-12.3.1(aarch64|ppc64le|s390x|x86_64)0:2.33.1-4.13.1(aarch64|ppc64le|s390x|x86_64)0:2.33.1-4.13.2(aarch64|ppc64le|s390x|x86_64)0:5.48-13.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8.7-3.3.17(aarch64|ppc64le|s390x|x86_64)0:1.0.6-5.9.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-1.55(aarch64|ppc64le|s390x|x86_64)0:20200727-3.12.1(aarch64|ppc64le|s390x|x86_64)0:0.6.13-1.26(aarch64|ppc64le|s390x|x86_64)0:2.1.8-2.23(aarch64|ppc64le|s390x|x86_64)0:2.2.5-3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.53.1-3.51.1(aarch64|ppc64le|s390x|x86_64)0:2.10.1-4.8.1(aarch64|ppc64le|s390x|x86_64)0:19.3.4-45.23(aarch64|ppc64le|s390x|x86_64)0:10.2.1+git583-1.3.4(aarch64|ppc64le|s390x|x86_64)0:1.8.2-8.36.1(aarch64|ppc64le|s390x|x86_64)0:3.6.7-14.7.1(aarch64|ppc64le|s390x|x86_64)0:1.3.11-2.12(aarch64|ppc64le|s390x|x86_64)0:3.4.1-4.12.1(aarch64|ppc64le|s390x|x86_64)0:1.34-3.2.2(aarch64|ppc64le|s390x|x86_64)0:2.2.0-3.6.1(aarch64|ppc64le|s390x|x86_64)0:8.1.2-5.15.7(aarch64|ppc64le|s390x|x86_64)0:0.13-1.19(aarch64|ppc64le|s390x|x86_64)0:1.3.5-2.14(aarch64|ppc64le|s390x|x86_64)0:2.4.46-9.45.1(aarch64|ppc64le|s390x|x86_64)0:5.3.4-3.3.2(aarch64|ppc64le|s390x|x86_64)0:1.8.0-3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.10-2.22(aarch64|ppc64le|s390x|x86_64)0:0.6-3.8.19(aarch64|ppc64le|s390x|x86_64)0:6.1-5.6.2(aarch64|ppc64le|s390x|x86_64)0:1.40.0-1.15(aarch64|ppc64le|s390x|x86_64)0:1.22.10-3.3.4(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-11.12.1(aarch64|ppc64le|s390x|x86_64)0:1.3.1-3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.44.7+11-1.25(aarch64|ppc64le|s390x|x86_64)0:8.41-4.20(aarch64|ppc64le|s390x|x86_64)0:10.31-1.14(aarch64|ppc64le|s390x|x86_64)0:1.6.34-3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.116-1.51(aarch64|ppc64le|s390x|x86_64)0:3.3.15-7.13.2(aarch64|ppc64le|s390x|x86_64)0:0.4.15-4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.12-3.75.1(aarch64|ppc64le|s390x|x86_64)0:2.5.8-4.11.1(aarch64|ppc64le|s390x|x86_64)0:2.4.1-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.7.16-3.13.1(aarch64|ppc64le|s390x|x86_64)0:0.14.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.28.0-3.9.2(aarch64|ppc64le|s390x|x86_64)0:1.9.0-4.13.1(aarch64|ppc64le|s390x|x86_64)0:0.8.7-10.12.1(aarch64|ppc64le|s390x|x86_64)0:246.10-2.3(aarch64|ppc64le|s390x|x86_64)0:4.13-4.5.1(aarch64|ppc64le|s390x|x86_64)0:0.1.27-1.16(aarch64|ppc64le|s390x|x86_64)0:1.2.1-4.2.3(aarch64|ppc64le|s390x|x86_64)0:0.6.0-4.3.1(aarch64|ppc64le|s390x|x86_64)0:6.0.0-13.8.1(aarch64|ppc64le|s390x|x86_64)0:11.2.5-4.12.1(aarch64|ppc64le|s390x|x86_64)0:1.3.6-4.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-3.28.1(aarch64|ppc64le|s390x|x86_64)0:1.1.32-3.8.24(aarch64|ppc64le|s390x|x86_64)0:0.1.7-1.17(aarch64|ppc64le|s390x|x86_64)0:0.6.1-4.2.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-3.18.1(aarch64|ppc64le|s390x|x86_64)0:4.2.3-3.15.4(aarch64|ppc64le|s390x|x86_64)0:1.4.4-1.3.1(aarch64|ppc64le|s390x|x86_64)0:17.25.6-3.28.2(aarch64|ppc64le|s390x|x86_64)0:3.13.0-4.3.9(aarch64|ppc64le|s390x|x86_64)0:4.25.1-3.15.2(aarch64|ppc64le|s390x|x86_64)0:2.1.1-10.10.1(aarch64|ppc64le|s390x|x86_64)0:2.0.0-6.12.2(aarch64|ppc64le|s390x|x86_64)0:8.1p1-5.12.3(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-1.46(aarch64|ppc64le|s390x|x86_64)0:1.3.0-6.29.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-7.12.1(aarch64|ppc64le|s390x|x86_64)0:20181224-23.3.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-4.28.1(aarch64|ppc64le|s390x|x86_64)0:3.1-1.25(aarch64|ppc64le|s390x|x86_64)0:1.3.7.1-3.27.1(aarch64|ppc64le|s390x|x86_64)0:2.10.1-3.5.1(aarch64|ppc64le|s390x|x86_64)0:5.1.2-6.6.1(aarch64|ppc64le|s390x|x86_64)0:2.20.1-6.6.1(aarch64|ppc64le|s390x|x86_64)0:3000-24.1(aarch64|ppc64le|s390x|x86_64)0:40.5.0-6.3.1(aarch64|ppc64le|s390x|x86_64)0:1.24-9.10.1(aarch64|ppc64le|s390x|x86_64)0:4.2.1-11.13.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-11.13.1(aarch64|ppc64le|s390x|x86_64)0:1.12.1+-11.13.1(aarch64|ppc64le|s390x|x86_64)0:8-11.13.1(aarch64|ppc64le|s390x|x86_64)0:0.2.3-5.9.2(aarch64|ppc64le|s390x|x86_64)0:4.14.1-20.3(aarch64|ppc64le|s390x|x86_64)0:3.1.3-4.3.1(aarch64|ppc64le|s390x|x86_64)0:4.6-3.5.6(aarch64|ppc64le|s390x|x86_64)0:15+git47-3.13.1(aarch64|ppc64le|s390x|x86_64)0:0.4.7-3.12.1(aarch64|ppc64le|s390x|x86_64)0:4.3-1.29(aarch64|ppc64le|s390x|x86_64)0:1.8.22-4.15.1(aarch64|ppc64le|s390x|x86_64)0:3.1.9-5.24.3(aarch64|ppc64le|s390x|x86_64)0:1.30-3.3.2(aarch64|ppc64le|s390x|x86_64)0:20210216-2.19.1(aarch64|ppc64le|s390x|x86_64)0:1.19.0.4-2.48(aarch64|ppc64le|s390x|x86_64)0:8.0.1568-5.11.1(aarch64|ppc64le|s390x|x86_64)0:0.6.64-3.3.4(aarch64|ppc64le|s390x|x86_64)0:2.9-4.23.1(aarch64|ppc64le|s390x|x86_64)0:4.13.2_06-3.22.1(aarch64|ppc64le|s390x|x86_64)0:1.14.42-3.17.1(aarch64|ppc64le|s390x|x86_64)0:2.13.6-1.315.1(aarch64|ppc64le|s390x|x86_64)0:4.4-19.6.1(aarch64|ppc64le|s390x|x86_64)0:7.0-19.6.1(aarch64|ppc64le|s390x|x86_64)0:0.4.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.0.6-5.11.1(aarch64|ppc64le|s390x|x86_64)0:3.2-9.24.2(aarch64|ppc64le|s390x|x86_64)0:1.4.4-5.36.1(aarch64|ppc64le|s390x|x86_64)0:1.1.0-1.31(aarch64|ppc64le|s390x|x86_64)0:8.32-1.2(aarch64|ppc64le|s390x|x86_64)0:2.12-3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.3.4-1.34(aarch64|ppc64le|s390x|x86_64)0:7.66.0-4.22.1(aarch64|ppc64le|s390x|x86_64)0:2.1.27-2.2(aarch64|ppc64le|s390x|x86_64)0:1.12.2-8.11.2(aarch64|ppc64le|s390x|x86_64)0:2.78-7.8.1(aarch64|ppc64le|s390x|x86_64)0:20.10.6_ce-6.49.3(aarch64|ppc64le|s390x|x86_64)0:049.1+suse.203.g8ee14a90-3.35.1(aarch64|ppc64le|s390x|x86_64)0:1.43.8-4.26.1(aarch64|ppc64le|s390x|x86_64)0:0.9.3-1.1(aarch64|ppc64le|s390x|x86_64)0:2.62.6-3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.31-7.30(aarch64|ppc64le|s390x|x86_64)0:2.2.27-1.2(aarch64|ppc64le|s390x|x86_64)0:2.04-1.1(aarch64|ppc64le|s390x|x86_64)0:0.7.8.6-32.5.1(aarch64|ppc64le|s390x|x86_64)0:2.1.4-32.5.1(aarch64|ppc64le|s390x|x86_64)0:1.6-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.9.0-16.1(aarch64|ppc64le|s390x|x86_64)0:5.3.18-59.19.1(aarch64|ppc64le|s390x|x86_64)0:20210208-2.4(aarch64|ppc64le|s390x|x86_64)0:5.3.18-8.13.1(aarch64|ppc64le|s390x|x86_64)0:1.16.3-3.21.1(aarch64|ppc64le|s390x|x86_64)0:2.8.5-3.43(aarch64|ppc64le|s390x|x86_64)0:2.36.2-2.29(aarch64|ppc64le|s390x|x86_64)0:2.36.2-2.1(aarch64|ppc64le|s390x|x86_64)0:1.17.1+20200724-3.14.1(aarch64|ppc64le|s390x|x86_64)0:2.15.1-8.5.1(aarch64|ppc64le|s390x|x86_64)0:3.53.1-3.53.1(aarch64|ppc64le|s390x|x86_64)0:10.3.0+git1587-1.6.4(aarch64|ppc64le|s390x|x86_64)0:1.8.2-8.39.1(aarch64|ppc64le|s390x|x86_64)0:3.6.7-14.13.5(aarch64|ppc64le|s390x|x86_64)0:1.3.14-5.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.1-4.18.1(aarch64|ppc64le|s390x|x86_64)0:2.9-1.24(aarch64|ppc64le|s390x|x86_64)0:8.1.2-5.18.1(aarch64|ppc64le|s390x|x86_64)0:2.4.46-9.58.1(aarch64|ppc64le|s390x|x86_64)0:2.2.1-1.1(aarch64|ppc64le|s390x|x86_64)0:5.3.6-3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.9.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.9.57-1.33(aarch64|ppc64le|s390x|x86_64)0:0.6-3.11.1(aarch64|ppc64le|s390x|x86_64)0:1.40.0-6.1(aarch64|ppc64le|s390x|x86_64)0:1.22.10-3.7.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-11.30.1(aarch64|ppc64le|s390x|x86_64)0:1.9.1-1.33(aarch64|ppc64le|s390x|x86_64)0:8.41-6.4.2(aarch64|ppc64le|s390x|x86_64)0:10.31-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.8.24-1.14(aarch64|ppc64le|s390x|x86_64)0:0.116-3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.3.15-7.19.1(aarch64|ppc64le|s390x|x86_64)0:0.4.15-12.41(aarch64|ppc64le|s390x|x86_64)0:3.6.13-3.84.1(aarch64|ppc64le|s390x|x86_64)0:15.2.13.79+g51835b62d61-3.28.1(aarch64|ppc64le|s390x|x86_64)0:4.3.1-1.51(aarch64|ppc64le|s390x|x86_64)0:0.7.19-6.1(aarch64|ppc64le|s390x|x86_64)0:3.36.0-3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.16.1-23.11.1(aarch64|ppc64le|s390x|x86_64)0:246.15-7.11.1(aarch64|ppc64le|s390x|x86_64)0:1.2.6-1.131(aarch64|ppc64le|s390x|x86_64)0:0.8.2-1.1(aarch64|ppc64le|s390x|x86_64)0:1.5.0-4.5.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-6.5.1(aarch64|ppc64le|s390x|x86_64)0:11.3.0-10.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-3.37.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-3.21.1(aarch64|ppc64le|s390x|x86_64)0:1.4.4-1.6.1(aarch64|ppc64le|s390x|x86_64)0:17.27.0-12.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-2.43(aarch64|ppc64le|s390x|x86_64)0:4.25.1-3.17.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-10.18.1(aarch64|ppc64le|s390x|x86_64)0:0.19.0-3.7.1(aarch64|ppc64le|s390x|x86_64)0:2.0.0-6.15.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-6.38.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-15.87(aarch64|ppc64le|s390x|x86_64)0:20181225-23.6.1(aarch64|ppc64le|s390x|x86_64)0:3.1-2.2(aarch64|ppc64le|s390x|x86_64)0:1.3.8-9.6.1(aarch64|ppc64le|s390x|x86_64)0:3.22-2.34(aarch64|ppc64le|s390x|x86_64)0:2.10.1-3.10.2(aarch64|ppc64le|s390x|x86_64)0:5.4.1-1.1(aarch64|ppc64le|s390x|x86_64)0:2.8-10.1(aarch64|ppc64le|s390x|x86_64)0:1.8.1-5.6.1(aarch64|ppc64le|s390x|x86_64)0:2.24.0-1.24(aarch64|ppc64le|s390x|x86_64)0:3002.2-50.1.9.1(aarch64|ppc64le|s390x|x86_64)0:1.25.10-4.3.1(aarch64|ppc64le|s390x|x86_64)0:5.2.0-103.2(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-103.2(aarch64|ppc64le|s390x|x86_64)0:1.14.0_0_g155821a-103.2(aarch64|ppc64le|s390x|x86_64)0:8-103.2(aarch64|ppc64le|s390x|x86_64)0:202008-10.8.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3-37.2(aarch64|ppc64le|s390x|x86_64)0:1.0.0~rc93-1.17.1(aarch64|ppc64le|s390x|x86_64)0:15.4-4.7.1(aarch64|ppc64le|s390x|x86_64)0:4.4-1.1(aarch64|ppc64le|s390x|x86_64)0:1.9.5p2-1.5(aarch64|ppc64le|s390x|x86_64)0:3.1.17-7.35.5.1(aarch64|ppc64le|s390x|x86_64)0:0.5.2-1.20(aarch64|ppc64le|s390x|x86_64)0:12.0.2-3.30.1(aarch64|ppc64le|s390x|x86_64)0:1.30-3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.3.14-6.6.2(aarch64|ppc64le|s390x|x86_64)0:20210525-7.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1568-5.14.1(aarch64|ppc64le|s390x|x86_64)0:0.6.65-2.1(aarch64|ppc64le|s390x|x86_64)0:2.9-4.29.1(aarch64|ppc64le|s390x|x86_64)0:4.14.2_04-3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.14.46-13.1(aarch64|ppc64le|s390x|x86_64)0:5.2.0-150300.1.35.2(aarch64|ppc64le|s390x|x86_64)0:0.16-24.1(aarch64|ppc64le|s390x|x86_64)0:2.13.6-150300.3.11.2(aarch64|ppc64le|s390x|x86_64)0:1.10.1-3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.7-3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.20.7-30.3.1(aarch64|ppc64le|s390x|x86_64)0:6.9-5.12.1(aarch64|ppc64le|s390x|x86_64)0:1.4.5-1.46(aarch64|ppc64le|s390x|x86_64)0:1.4.12-60.1(aarch64|ppc64le|s390x|x86_64)0:8.32-150300.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-11.6.1(aarch64|ppc64le|s390x|x86_64)0:2.3.7-150300.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-3.26.1(aarch64|ppc64le|s390x|x86_64)0:7.66.0-4.27.1(aarch64|ppc64le|s390x|x86_64)0:2.1.27-150300.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-8.11.1(aarch64|ppc64le|s390x|x86_64)0:2.86-7.17.1(aarch64|ppc64le|s390x|x86_64)0:20.10.12_ce-159.1(aarch64|ppc64le|s390x|x86_64)0:049.1+suse.228.g07676562-3.54.1(aarch64|ppc64le|s390x|x86_64)0:5.32-7.14.1(aarch64|ppc64le|s390x|x86_64)0:2.46.5-3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.40.0-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.62.4-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.9.12.1(aarch64|ppc64le|s390x|x86_64)0:3.6.7-14.16.1(aarch64|ppc64le|s390x|x86_64)0:1.22.3-5.3.1(aarch64|ppc64le|s390x|x86_64)0:2.04-150300.22.12.2(aarch64|ppc64le|s390x|x86_64)0:1.16.3-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.16.3-4.3.1(aarch64|ppc64le|s390x|x86_64)0:0.7.8.6-32.12.1(aarch64|ppc64le|s390x|x86_64)0:2.1.5-32.12.1(aarch64|ppc64le|s390x|x86_64)0:0.9.0-18.3.1(aarch64|ppc64le|s390x|x86_64)0:5.3.18-150300.59.49.1(aarch64|ppc64le|s390x|x86_64)0:5.3.18-150300.76.1(aarch64|ppc64le|s390x|x86_64)0:1.19.2-150300.8.3.2(aarch64|ppc64le|s390x|x86_64)0:530-3.3.2(aarch64|ppc64le|s390x|x86_64)0:1.6.5-3.21.1(aarch64|ppc64le|s390x|x86_64)0:1.1.15-1.18(aarch64|ppc64le|s390x|x86_64)0:5.0.3-1.24(aarch64|ppc64le|s390x|x86_64)0:1.7.9-3.2.1(aarch64|ppc64le|s390x|x86_64)0:1.1.3-1.22(aarch64|ppc64le|s390x|x86_64)0:1.5.1-2.17(aarch64|ppc64le|s390x|x86_64)0:1.2.3-1.24(aarch64|ppc64le|s390x|x86_64)0:2.36.2-4.5.1(aarch64|ppc64le|s390x|x86_64)0:1.0.7-3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-5.2.1(aarch64|ppc64le|s390x|x86_64)0:1.17.1+20200724-3.17.1(aarch64|ppc64le|s390x|x86_64)0:20210626-150300.8.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.13-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.15.1-150300.8.14.1(aarch64|ppc64le|s390x|x86_64)0:2.2.5-3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.68.2-3.64.2(aarch64|ppc64le|s390x|x86_64)0:1.0.5-3.3.1(aarch64|ppc64le|s390x|x86_64)0:20.2.4-57.13(aarch64|ppc64le|s390x|x86_64)0:1.8.2-8.42.1(aarch64|ppc64le|s390x|x86_64)0:6.1.2-4.9.1(aarch64|ppc64le|s390x|x86_64)0:1.3.14-5.6.1(aarch64|ppc64le|s390x|x86_64)0:2.1-3.2.1(aarch64|ppc64le|s390x|x86_64)0:8.1.2-32.2.1(aarch64|ppc64le|s390x|x86_64)0:0.13-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.9-3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4.1-150300.3.10.1(aarch64|ppc64le|s390x|x86_64)0:0.6-3.14.1(aarch64|ppc64le|s390x|x86_64)0:6.1-5.9.1(aarch64|ppc64le|s390x|x86_64)0:1.22.10-3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1d-11.38.1(aarch64|ppc64le|s390x|x86_64)0:1.7.1-1.52(aarch64|ppc64le|s390x|x86_64)0:0.23.2-4.13.1(aarch64|ppc64le|s390x|x86_64)0:8.45-20.10.1(aarch64|ppc64le|s390x|x86_64)0:0.116-3.9.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-10.15.1(aarch64|ppc64le|s390x|x86_64)0:15.2.15.83+gf72054fa653-3.34.1(aarch64|ppc64le|s390x|x86_64)0:2.5.3-150300.10.5.1(aarch64|ppc64le|s390x|x86_64)0:0.7.20-9.2(aarch64|ppc64le|s390x|x86_64)0:2.68.3-2.32(aarch64|ppc64le|s390x|x86_64)0:0.14.3-1.48(aarch64|ppc64le|s390x|x86_64)0:1.16.1-150300.23.17.3(aarch64|ppc64le|s390x|x86_64)0:246.16-150300.7.39.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-45.5.1(aarch64|ppc64le|s390x|x86_64)0:0.6.0-4.9.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150300.6.26.1(aarch64|ppc64le|s390x|x86_64)0:11.3.5-13.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-3.24.1(aarch64|ppc64le|s390x|x86_64)0:17.29.3-27.1(aarch64|ppc64le|s390x|x86_64)0:4.32-3.20.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-10.21.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-6.50.1(aarch64|ppc64le|s390x|x86_64)0:20181225-23.12.1(aarch64|ppc64le|s390x|x86_64)0:3.4.4-150300.9.3.2(aarch64|ppc64le|s390x|x86_64)0:3.1-150300.4.2(aarch64|ppc64le|s390x|x86_64)0:1.3.9-150300.9.17.1(aarch64|ppc64le|s390x|x86_64)0:2.2.49.2-3.20.1(aarch64|ppc64le|s390x|x86_64)0:2.8.0-3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-3.4.1(aarch64|ppc64le|s390x|x86_64)0:3002.2-150300.53.7.2(aarch64|ppc64le|s390x|x86_64)0:5.2.0-150300.109.2(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-150300.109.2(aarch64|ppc64le|s390x|x86_64)0:1.14.0_0_g155821a-150300.109.2(aarch64|ppc64le|s390x|x86_64)0:8-150300.109.2(aarch64|ppc64le|s390x|x86_64)0:202008-10.11.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150300.46.1(aarch64|ppc64le|s390x|x86_64)0:3.1.3-4.10.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-27.1(aarch64|ppc64le|s390x|x86_64)0:4.15.4+git.324.8332acf1a63-150300.3.25.3(aarch64|ppc64le|s390x|x86_64)0:1.7.3.2-4.10(aarch64|ppc64le|s390x|x86_64)0:1.9.5p2-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:12.0.2-3.33.1(aarch64|ppc64le|s390x|x86_64)0:20220207-10.1(aarch64|ppc64le|s390x|x86_64)0:3.2.0-7.7.1(aarch64|ppc64le|s390x|x86_64)0:0.6.68-150300.4.5.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3_06-150300.3.18.2(aarch64|ppc64le|s390x|x86_64)0:1.14.51-24.1(aarch64|ppc64le|s390x|x86_64)0:1.38.2-150400.1.25.3(aarch64|ppc64le|s390x|x86_64)0:5.2.0-150400.1.3(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150400.3.4(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150400.3.3(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150400.3.3.6(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.5.73(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.25.22(aarch64|ppc64le|s390x|x86_64)0:7.0-150400.25.22(aarch64|ppc64le|s390x|x86_64)0:20180314-150400.28.5(aarch64|ppc64le|s390x|x86_64)0:1.0.8-150400.1.122(aarch64|ppc64le|s390x|x86_64)0:4.1-150400.19.4(aarch64|ppc64le|s390x|x86_64)0:6.15-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.6.6-150000.73.2(aarch64|ppc64le|s390x|x86_64)0:8.32-150400.7.5(aarch64|ppc64le|s390x|x86_64)0:2.13-150400.1.98(aarch64|ppc64le|s390x|x86_64)0:2.4.3-150400.1.110(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.32.1(aarch64|ppc64le|s390x|x86_64)0:7.79.1-150400.5.6.1(aarch64|ppc64le|s390x|x86_64)0:2.1.27-150300.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-150400.16.52(aarch64|ppc64le|s390x|x86_64)0:1.12.2-150400.16.5(aarch64|ppc64le|s390x|x86_64)0:2.86-150400.14.3(aarch64|ppc64le|s390x|x86_64)0:20.10.17_ce-150000.166.1(aarch64|ppc64le|s390x|x86_64)0:055+suse.294.gc5bc4bb5-150400.3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.46.4-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.185-150400.5.3.1(aarch64|ppc64le|s390x|x86_64)0:0.9.3-150400.8.6.1(aarch64|ppc64le|s390x|x86_64)0:2.52.6-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:2.42.9-150400.5.6.1(aarch64|ppc64le|s390x|x86_64)0:2.70.1-150400.1.6(aarch64|ppc64le|s390x|x86_64)0:2.70.4-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.37.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.13.1(aarch64|ppc64le|s390x|x86_64)0:2.2.27-150300.3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.0.8-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:3.1-150000.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.22.4-150400.3.4(aarch64|ppc64le|s390x|x86_64)0:2.06-150400.11.5.2(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150400.1.9(aarch64|ppc64le|s390x|x86_64)0:2.24.33-150400.2.11(aarch64|ppc64le|s390x|x86_64)0:1.44.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.10-150200.10.1(aarch64|ppc64le|s390x|x86_64)0:5.2.3-150000.4.7.1(aarch64|ppc64le|s390x|x86_64)0:2.4.8+git0.d1f8d41e0-150400.3.3.13(aarch64|ppc64le|s390x|x86_64)0:0.7.8.6-150400.39.8.1(aarch64|ppc64le|s390x|x86_64)0:2.1.7-150400.39.8.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2+git10.g26f0b96-150400.1.4(aarch64|ppc64le|s390x|x86_64)0:2.2.2-150400.3.5.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150400.24.18.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150400.13.5(aarch64|ppc64le|s390x|x86_64)0:20220509-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.19.2-150400.1.9(aarch64|ppc64le|s390x|x86_64)0:0.49.0-150400.1.37(aarch64|ppc64le|s390x|x86_64)0:590-150400.1.51(aarch64|ppc64le|s390x|x86_64)0:6.0.0-150400.1.4(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.0.6-150400.2.13(aarch64|ppc64le|s390x|x86_64)0:2.37.2-150400.8.3.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150400.9.6(aarch64|ppc64le|s390x|x86_64)0:20210626-150400.1.3(aarch64|ppc64le|s390x|x86_64)0:2.19.0-150400.7.7.1(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.6.9(aarch64|ppc64le|s390x|x86_64)0:3.79.1-150400.3.10.2(aarch64|ppc64le|s390x|x86_64)0:1.0.10-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:21.2.4-150400.68.6.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150400.4.6(aarch64|ppc64le|s390x|x86_64)0:3.4.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.21-150400.2.10(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.2.21(aarch64|ppc64le|s390x|x86_64)0:65.1-150200.4.5.1(aarch64|ppc64le|s390x|x86_64)0:8.2.2-150400.15.9(aarch64|ppc64le|s390x|x86_64)0:2.12-150400.1.10(aarch64|ppc64le|s390x|x86_64)0:2.4.46-150200.14.11.2(aarch64|ppc64le|s390x|x86_64)0:2.4.3-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.9.3-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:4.0.2-3.3.1(aarch64|ppc64le|s390x|x86_64)0:6.1-150000.5.12.1(aarch64|ppc64le|s390x|x86_64)0:1.6-1.26(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150400.7.7.1(aarch64|ppc64le|s390x|x86_64)0:1.3.1-150000.3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.7.1-150400.8.6(aarch64|ppc64le|s390x|x86_64)0:0.23.22-150400.1.10(aarch64|ppc64le|s390x|x86_64)0:1.50.4-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.10.1-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:8.45-150000.20.13.1(aarch64|ppc64le|s390x|x86_64)0:10.39-150400.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150400.1.9(aarch64|ppc64le|s390x|x86_64)0:3.3.15-150000.7.25.1(aarch64|ppc64le|s390x|x86_64)0:3.9.2-4.12.1(aarch64|ppc64le|s390x|x86_64)0:0.4.17-150400.1.8(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.27.1(aarch64|ppc64le|s390x|x86_64)0:16.2.9.536+g41a9f9a5573-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.5.3-150400.2.4(aarch64|ppc64le|s390x|x86_64)0:4.3.1-150300.11.1(aarch64|ppc64le|s390x|x86_64)0:5.7.3-10.12.1(aarch64|ppc64le|s390x|x86_64)0:0.7.22-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.1.6(aarch64|ppc64le|s390x|x86_64)0:0.15.0-150400.2.8(aarch64|ppc64le|s390x|x86_64)0:0.9.6-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:2.5.2-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:249.12-150400.8.10.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.11.1(aarch64|ppc64le|s390x|x86_64)0:1.2.6-150300.3.11.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150400.1.6(aarch64|ppc64le|s390x|x86_64)0:2.9.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.9.1-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.0.0-150400.5.8(aarch64|ppc64le|s390x|x86_64)0:12.1.0-150300.19.1(aarch64|ppc64le|s390x|x86_64)0:1.3.6-150000.4.5.2(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150400.1.13(aarch64|ppc64le|s390x|x86_64)0:2.9.14-150400.5.7.1(aarch64|ppc64le|s390x|x86_64)0:1.1.34-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:2.1.0-150000.4.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.3-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-150000.3.33.1(aarch64|ppc64le|s390x|x86_64)0:1.5.0-150400.1.71(aarch64|ppc64le|s390x|x86_64)0:17.31.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150400.8.57(aarch64|ppc64le|s390x|x86_64)0:3.18.1-150400.3.7.1(aarch64|ppc64le|s390x|x86_64)0:4.34-150000.3.23.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-150100.10.24.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.58.3(aarch64|ppc64le|s390x|x86_64)0:1.2.0-150400.2.4(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.3.1(aarch64|ppc64le|s390x|x86_64)0:7.62-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:20201225-150400.5.8.1(aarch64|ppc64le|s390x|x86_64)0:3.4.7-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.1-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:1.3.10-150400.19.3.1(aarch64|ppc64le|s390x|x86_64)0:0.38.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.3.2-150400.16.3.1(aarch64|ppc64le|s390x|x86_64)0:4.7.1-150200.3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.10.0-150000.5.9.2(aarch64|ppc64le|s390x|x86_64)0:3004-150400.8.11.1(aarch64|ppc64le|s390x|x86_64)0:44.1.1-150400.1.4(aarch64|ppc64le|s390x|x86_64)0:6.2.0-150400.37.5.3(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-150400.37.5.3(aarch64|ppc64le|s390x|x86_64)0:1.15.0_0_g2dd4b9b-150400.37.5.3(aarch64|ppc64le|s390x|x86_64)0:8-150400.37.5.3(aarch64|ppc64le|s390x|x86_64)0:202202-150400.3.3(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150300.49.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.3-150000.30.1(aarch64|ppc64le|s390x|x86_64)0:4.15.8+git.500.d5910280cc7-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:0.4.7-3.15.1(aarch64|ppc64le|s390x|x86_64)0:1.9.9-150400.2.5(aarch64|ppc64le|s390x|x86_64)0:3.1.20-150300.7.35.10.1(aarch64|ppc64le|s390x|x86_64)0:0.5.3-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.34-150000.3.18.1(aarch64|ppc64le|s390x|x86_64)0:5.2-150400.4.6(aarch64|ppc64le|s390x|x86_64)0:0.3.15-150400.1.10(aarch64|ppc64le|s390x|x86_64)0:2021.10-150400.4.11.1(aarch64|ppc64le|s390x|x86_64)0:20220809-150200.18.1(aarch64|ppc64le|s390x|x86_64)0:1.19.0.4-4.3.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0313-150000.5.25.1(aarch64|ppc64le|s390x|x86_64)0:4.0.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.69-150400.1.3(aarch64|ppc64le|s390x|x86_64)0:2.9-150000.4.36.1(aarch64|ppc64le|s390x|x86_64)0:4.16.1_06-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.14.55-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.38.2-150400.1.35.4(aarch64|ppc64le|s390x|x86_64)0:5.2.0-150400.1.5(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150400.5.3.1(aarch64|ppc64le|s390x|x86_64)0:1.24.4-150200.30.8.1(aarch64|ppc64le|s390x|x86_64)0:6.15-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.7.1-150100.3.8.1(aarch64|ppc64le|s390x|x86_64)0:0.8.6-150100.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.1.5-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.12-150000.79.1(aarch64|ppc64le|s390x|x86_64)0:1.51.0-150400.4.7.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.35.1(aarch64|ppc64le|s390x|x86_64)0:7.79.1-150400.5.15.1(aarch64|ppc64le|s390x|x86_64)0:4.8.30-150000.7.6.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-150400.18.5.1(aarch64|ppc64le|s390x|x86_64)0:20.10.17_ce-150000.169.1(aarch64|ppc64le|s390x|x86_64)0:055+suse.331.g05b9ccb7-150400.3.16.1(aarch64|ppc64le|s390x|x86_64)0:2.52.9-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.41.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.27.1(aarch64|ppc64le|s390x|x86_64)0:2.06-150400.11.17.1(aarch64|ppc64le|s390x|x86_64)0:2.4.8+git0.d1f8d41e0-150400.3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2+git20.g64239cc-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.2.2-150400.3.7.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150400.24.46.1(aarch64|ppc64le|s390x|x86_64)0:20220509-150400.4.13.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150400.15.11.1(aarch64|ppc64le|s390x|x86_64)0:0.9.0+62+suse.3e048d4-150400.4.7.1(aarch64|ppc64le|s390x|x86_64)0:1.19.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.54.0-150400.3.7.1(aarch64|ppc64le|s390x|x86_64)0:590-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.5-150000.3.24.1(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:2.37.2-150400.8.14.1(aarch64|ppc64le|s390x|x86_64)0:5.62-150400.4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.19.0-150000.3.20.1(aarch64|ppc64le|s390x|x86_64)0:1.4.5-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:2.19.0-150400.7.15.2(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.79.4-150400.3.26.1(aarch64|ppc64le|s390x|x86_64)0:2.10.4-150000.4.12.1(aarch64|ppc64le|s390x|x86_64)0:21.2.4-150400.68.9.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150400.6.5.1(aarch64|ppc64le|s390x|x86_64)0:1.3.11-150000.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.5-150000.4.6.1(aarch64|ppc64le|s390x|x86_64)0:0.52.20-5.35(aarch64|ppc64le|s390x|x86_64)0:6.7.0-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150400.7.25.1(aarch64|ppc64le|s390x|x86_64)0:0.40.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.3.15-150000.7.28.1(aarch64|ppc64le|s390x|x86_64)0:3.9.2-150200.4.19.2(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.40.1(aarch64|ppc64le|s390x|x86_64)0:3.4-150400.1.11(aarch64|ppc64le|s390x|x86_64)0:5.9.3-150300.15.8.1(aarch64|ppc64le|s390x|x86_64)0:3.39.3-150000.3.20.1(aarch64|ppc64le|s390x|x86_64)0:2.5.2-150400.4.11.1(aarch64|ppc64le|s390x|x86_64)0:249.15-150400.8.22.1(aarch64|ppc64le|s390x|x86_64)0:4.13-150000.4.8.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.25.1(aarch64|ppc64le|s390x|x86_64)0:1.2.6-150300.3.17.1(aarch64|ppc64le|s390x|x86_64)0:0.8.2-150300.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.0.0-150400.7.3.1(aarch64|ppc64le|s390x|x86_64)0:12.1.0-150300.21.2(aarch64|ppc64le|s390x|x86_64)0:2.9.14-150400.5.13.1(aarch64|ppc64le|s390x|x86_64)0:1.1.34-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.2.11-150000.3.39.1(aarch64|ppc64le|s390x|x86_64)0:17.31.2-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150400.1.7(aarch64|ppc64le|s390x|x86_64)0:4.34.1-150000.3.26.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-150100.10.27.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.15.4(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.61.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.11.1(aarch64|ppc64le|s390x|x86_64)0:20201225-150400.5.16.1(aarch64|ppc64le|s390x|x86_64)0:4.3.1-150400.4.11.1(aarch64|ppc64le|s390x|x86_64)0:3.4-150400.1.1(aarch64|ppc64le|s390x|x86_64)0:1.3.10-150400.19.9.1(aarch64|ppc64le|s390x|x86_64)0:2.4.7-150000.5.8.1(aarch64|ppc64le|s390x|x86_64)0:2018.1.18-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.18.2-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.10.0-150100.5.12.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150000.3.7.1(aarch64|ppc64le|s390x|x86_64)0:3004-150400.8.20.1(aarch64|ppc64le|s390x|x86_64)0:44.1.1-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:6.2.0-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:1.15.0_0_g2dd4b9b-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:8-150400.37.8.2(aarch64|ppc64le|s390x|x86_64)0:202202-150400.5.5.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150300.52.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150400.3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.1.4-150000.36.1(aarch64|ppc64le|s390x|x86_64)0:4.15.13+git.591.ab36624310c-150400.3.19.1(aarch64|ppc64le|s390x|x86_64)0:1.9.9-150400.4.12.1(aarch64|ppc64le|s390x|x86_64)0:3.1.21-150300.7.35.15.1(aarch64|ppc64le|s390x|x86_64)0:1.34-150000.3.31.1(aarch64|ppc64le|s390x|x86_64)0:20230214-150200.21.1(aarch64|ppc64le|s390x|x86_64)0:1.19.0.4-150000.4.4.1(aarch64|ppc64le|s390x|x86_64)0:9.0.1234-150000.5.34.1(aarch64|ppc64le|s390x|x86_64)0:0.6.70-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.16.3_02-150400.4.19.1(aarch64|ppc64le|s390x|x86_64)0:1.14.57-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:22.3.5-150500.75.25.5(aarch64|ppc64le|s390x|x86_64)0:1.38.6-150500.1.2(aarch64|ppc64le|s390x|x86_64)0:5.2.0-150500.1.4(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150500.11.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.3.1(aarch64|ppc64le|s390x|x86_64)0:1.27.89-150200.30.11.1(aarch64|ppc64le|s390x|x86_64)0:1.1.2-150500.1.20(aarch64|ppc64le|s390x|x86_64)0:1.1.1-150500.1.19(aarch64|ppc64le|s390x|x86_64)0:2.1.7-150500.9.3.1(aarch64|ppc64le|s390x|x86_64)0:1.6.21-150000.93.1(aarch64|ppc64le|s390x|x86_64)0:1.55.0-150500.4.4(aarch64|ppc64le|s390x|x86_64)0:2.4.3-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.46.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.26.1(aarch64|ppc64le|s390x|x86_64)0:2.1.28-150500.1.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-150400.18.8.1(aarch64|ppc64le|s390x|x86_64)0:3.4-150400.16.8.1(aarch64|ppc64le|s390x|x86_64)0:24.0.5_ce-150000.185.1(aarch64|ppc64le|s390x|x86_64)0:055+suse.369.gde6c81bf-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.9.3-150400.8.12.1(aarch64|ppc64le|s390x|x86_64)0:4.2.1-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.52.10-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.35.3-150300.10.27.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.8.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.52.2(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.35.1(aarch64|ppc64le|s390x|x86_64)0:2.06-150500.29.3.1(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.2.3(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.48.3-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.48.6-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.16.1(aarch64|ppc64le|s390x|x86_64)0:0.7.8.6-150500.44.1(aarch64|ppc64le|s390x|x86_64)0:0.2.0-150500.44.1(aarch64|ppc64le|s390x|x86_64)0:2.1.8-150500.44.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2+git42.ge1e25ed-150500.1.2(aarch64|ppc64le|s390x|x86_64)0:2.2.2-150500.6.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.19.1(aarch64|ppc64le|s390x|x86_64)0:20230724-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.13.14.1(aarch64|ppc64le|s390x|x86_64)0:0.9.4+74+suse.f97cc59-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.58.0-150500.6.3(aarch64|ppc64le|s390x|x86_64)0:1.6.5-150000.3.30.1(aarch64|ppc64le|s390x|x86_64)0:1.1.4-1.23(aarch64|ppc64le|s390x|x86_64)0:3.0.6-150400.4.13.1(aarch64|ppc64le|s390x|x86_64)0:2.37.4-150500.7.16(aarch64|ppc64le|s390x|x86_64)0:2.37.4-150500.7.2(aarch64|ppc64le|s390x|x86_64)0:5.65-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.0-150500.1.1(aarch64|ppc64le|s390x|x86_64)0:2.63-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.19.1-150000.3.23.1(aarch64|ppc64le|s390x|x86_64)0:20230214-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:2.25.0-150500.9.3.1(aarch64|ppc64le|s390x|x86_64)0:3.90-150400.3.32.1(aarch64|ppc64le|s390x|x86_64)0:2.10.4-150000.4.15.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150500.10.19(aarch64|ppc64le|s390x|x86_64)0:3.4.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.8.1-150500.2.25(aarch64|ppc64le|s390x|x86_64)0:2.14-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4.46-150200.14.17.1(aarch64|ppc64le|s390x|x86_64)0:2.6.2-150500.1.1(aarch64|ppc64le|s390x|x86_64)0:0.9.57-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:6.1-150000.5.15.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.15.1(aarch64|ppc64le|s390x|x86_64)0:1.10.0-150500.1.3(aarch64|ppc64le|s390x|x86_64)0:0.23.22-150500.6.1(aarch64|ppc64le|s390x|x86_64)0:10.39-150400.4.9.1(aarch64|ppc64le|s390x|x86_64)0:121-150500.1.6(aarch64|ppc64le|s390x|x86_64)0:3.3.15-150000.7.34.1(aarch64|ppc64le|s390x|x86_64)0:3.9.2-150200.4.21.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.48.1(aarch64|ppc64le|s390x|x86_64)0:16.2.11.58+g38d6afd3b78-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.4-150500.1.18(aarch64|ppc64le|s390x|x86_64)0:1.0.3-2.18(aarch64|ppc64le|s390x|x86_64)0:4.7.0+44-150500.2.1(aarch64|ppc64le|s390x|x86_64)0:0.7.24-150400.3.8.1(aarch64|ppc64le|s390x|x86_64)0:1.9.0-150000.4.16.1(aarch64|ppc64le|s390x|x86_64)0:2.5.2-150500.10.3.1(aarch64|ppc64le|s390x|x86_64)0:249.16-150400.8.33.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.28.1(aarch64|ppc64le|s390x|x86_64)0:0.8.2-150300.3.9.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0-150500.6.11.1(aarch64|ppc64le|s390x|x86_64)0:12.2.0-150300.33.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.5.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-150000.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.2.13-150500.2.3(aarch64|ppc64le|s390x|x86_64)0:1.5.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:17.31.20-150400.3.40.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150500.1.10(aarch64|ppc64le|s390x|x86_64)0:4.35-150000.3.29.1(aarch64|ppc64le|s390x|x86_64)0:2.1.1-150500.20.2(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.22.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.14.1(aarch64|ppc64le|s390x|x86_64)0:4.4.4-150500.1.4(aarch64|ppc64le|s390x|x86_64)0:3.4-150500.1.3(aarch64|ppc64le|s390x|x86_64)0:1.3.11-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.4.7-150000.5.10.3(aarch64|ppc64le|s390x|x86_64)0:0.38.0-150400.7.64(aarch64|ppc64le|s390x|x86_64)0:5.0.6-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.3.2-150400.16.6.1(aarch64|ppc64le|s390x|x86_64)0:4.9.1-150500.1.2(aarch64|ppc64le|s390x|x86_64)0:2.24.0-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.12.2(aarch64|ppc64le|s390x|x86_64)0:44.1.1-150400.9.3.3(aarch64|ppc64le|s390x|x86_64)0:4.5.3-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.6.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0+-150500.49.6.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0_0_gd239552-150500.49.6.1(aarch64|ppc64le|s390x|x86_64)0:8-150500.49.6.1(aarch64|ppc64le|s390x|x86_64)0:202208-150500.4.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150300.55.1(aarch64|ppc64le|s390x|x86_64)0:1.1.7-150000.46.1(aarch64|ppc64le|s390x|x86_64)0:4.17.9+git.387.ca59f91f61-150500.3.8.1(aarch64|ppc64le|s390x|x86_64)0:15.7-150300.4.16.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150300.11.5.1(aarch64|ppc64le|s390x|x86_64)0:1.2.0-150500.1.1(aarch64|ppc64le|s390x|x86_64)0:1.9.12p1-150500.5.1(aarch64|ppc64le|s390x|x86_64)0:3.1.21-150300.7.35.18.1(aarch64|ppc64le|s390x|x86_64)0:0.7.3-150500.2.1(aarch64|ppc64le|s390x|x86_64)0:20230808-150200.27.1(aarch64|ppc64le|s390x|x86_64)0:9.0.1632-150500.20.3.1(aarch64|ppc64le|s390x|x86_64)0:4.1.0-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.73-150500.3.10.1(aarch64|ppc64le|s390x|x86_64)0:2.10-150500.1.3(aarch64|ppc64le|s390x|x86_64)0:4.17.2_02-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.14.63-150400.3.29.1(aarch64|s390x|x86_64)0:3.39.3-150000.3.17.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.9.1(aarch64|s390x|x86_64)0:1.4.5-150400.4.3.1(aarch64|s390x|x86_64)0:6.15-150400.3.9.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.30.1(aarch64|s390x|x86_64)0:1.3.5-150000.4.3.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.16.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.10.1(aarch64|s390x|x86_64)0:0.9.0+62+suse.3e048d4-150400.4.7.1(x86_64)0:4.16.2_06-150400.4.11.1(aarch64|s390x|x86_64)0:4.13-150000.4.8.1(aarch64|s390x|x86_64)0:7.79.1-150400.5.9.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.8.2(x86_64)0:6.2.0-150400.37.8.2(aarch64)0:6.2.0-150400.37.8.2(noarch)0:1.0.0+-150400.37.8.2(s390x)0:6.2.0-150400.37.8.2(noarch)0:1.15.0_0_g2dd4b9b-150400.37.8.2(noarch)0:8-150400.37.8.2(aarch64|s390x|x86_64)0:1.12.2-150400.18.5.1(aarch64|s390x|x86_64)0:3.4.7-150400.4.6.1(noarch)0:3.4.7-150400.4.6.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.28.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.28.1.150400.24.9.5(aarch64|s390x|x86_64)0:2.4.4-150400.3.12.1(aarch64|s390x|x86_64)0:3.9.2-150200.4.19.2(noarch)0:3.4.2-150000.3.7.1(aarch64|s390x|x86_64)0:3.5.1-150400.3.9.1(x86_64)0:0.54.0-150400.3.5.1(x86_64)0:1.51.0-150400.4.5.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.24.1(noarch)0:1.6.5-150000.3.24.1(aarch64|s390x|x86_64)0:249.12-150400.8.13.1(aarch64|s390x|x86_64)0:1.9.9-150400.4.6.1(x86_64)0:4.16.2_08-150400.4.16.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.33.2(aarch64|s390x|x86_64)0:5.14.21-150400.24.33.2.150400.24.11.4(aarch64|s390x|x86_64)0:1.19.0.4-150000.4.4.1(aarch64|s390x|x86_64)0:2.06-150400.11.17.1(noarch)0:2.06-150400.11.17.1(s390x)0:2.06-150400.11.17.1(x86_64)0:0.54.0-150400.3.7.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.3.1(x86_64)0:1.51.0-150400.4.7.1(aarch64|s390x|x86_64)0:5.9.3-150300.15.3.1(aarch64|s390x|x86_64)0:0.40.0-150400.3.3.1(aarch64|s390x|x86_64)0:3.5.1-150400.3.12.1(aarch64|s390x|x86_64)0:4.8.30-150000.7.6.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.19.1(noarch)0:3.1.21-150300.7.35.15.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.37.2(noarch)0:9.0.0814-150000.5.28.1(aarch64|s390x|x86_64)0:9.0.0814-150000.5.28.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.22.1(aarch64|s390x|x86_64)0:0.8.2-150300.3.6.1(aarch64|s390x|x86_64)0:1.6.12-150000.79.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.8.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.11.1(aarch64|s390x|x86_64)0:7.79.1-150400.5.12.1(aarch64|s390x|x86_64)0:3.39.3-150000.3.20.1(aarch64|s390x|x86_64)0:249.12-150400.8.16.1(noarch)0:9.0.1040-150000.5.31.1(aarch64|s390x|x86_64)0:9.0.1040-150000.5.31.1(aarch64|s390x|x86_64)0:2.1.5-150400.3.3.1(aarch64|s390x|x86_64)0:1.9.9-150400.4.12.1(aarch64|s390x|x86_64)0:3.79.3-150400.3.23.1(noarch)0:2018.1.18-150000.3.3.1(x86_64)0:5.14.21-150400.15.8.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.41.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.41.1.150400.24.15.1(aarch64|s390x|x86_64)0:2.4.8+git0.d1f8d41e0-150400.3.6.1(aarch64|x86_64)0:16.2.11.58+g38d6afd3b78-150400.3.6.1(aarch64|s390x|x86_64)0:7.79.1-150400.5.18.1(noarch)0:44.1.1-150400.3.3.1(aarch64|s390x|x86_64)0:4.15.13+git.591.ab36624310c-150400.3.19.1(x86_64)0:5.14.21-150400.15.18.1(noarch)0:1.10.0-150100.5.12.1(aarch64|s390x|x86_64)0:1.6.16-150000.82.2(aarch64|s390x|x86_64)0:1.9.9-150400.4.26.1(aarch64|s390x|x86_64)0:0.9.57-150000.3.3.1(aarch64|s390x|x86_64)0:1.5.0-150400.3.3.1(aarch64|s390x|x86_64)0:2.4.4-150400.4.11.1(aarch64|s390x|x86_64)0:4.15.13+git.636.53d93c5b9d6-150400.3.23.1(x86_64)0:4.16.3_02-150400.4.19.1(aarch64|x86_64)0:15.7-150300.4.11.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.55.3(aarch64|s390x|x86_64)0:5.14.21-150400.24.55.3.150400.24.22.7(aarch64|s390x|x86_64)0:2.06-150400.11.25.1(noarch)0:2.06-150400.11.25.1(s390x)0:2.06-150400.11.25.1(aarch64|s390x|x86_64)0:2.31-150300.46.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.31.2(aarch64|s390x|x86_64)0:9.0.30~1+git.10bee2d5-150400.3.4.1(aarch64|s390x|x86_64)0:2.1.5-150400.3.6.1(aarch64|s390x|x86_64)0:4.4.4-150400.4.16.1(noarch)0:4.4.4-150400.4.16.1(aarch64|s390x|x86_64)0:1.6.19-150000.87.1(aarch64|s390x|x86_64)0:3.4.0-150400.3.6.1(aarch64|s390x|x86_64)0:1.19.0-150400.3.3.1(aarch64|s390x|x86_64)0:99~1.19.0-150400.3.3.1(aarch64|s390x|x86_64)0:4.3.1-150400.4.11.1(noarch)0:4.3.1-150400.4.11.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.60.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.60.1.150400.24.24.3(aarch64|s390x|x86_64)0:1.1.1l-150400.7.34.1(aarch64|x86_64)0:3.4-150400.16.8.1(x86_64)0:1.51.0-150400.4.13.1(x86_64)0:0.54.0-150400.3.13.1(x86_64)0:5.14.21-150400.15.23.1(aarch64|s390x|x86_64)0:0.8-150400.7.3.1(aarch64|s390x|x86_64)0:1.1.5-150000.41.1(aarch64|s390x|x86_64)0:249.14-150400.8.19.1(aarch64|s390x|x86_64)0:0.8.2-150300.3.9.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.16.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.8.1(noarch)0:4.8.1-150400.10.6.1(aarch64|s390x|x86_64)0:4.8.1-150400.10.6.1(aarch64|x86_64)0:15.7-150300.4.16.1(noarch)0:9.0.1443-150000.5.40.1(aarch64|s390x|x86_64)0:9.0.1443-150000.5.40.1(noarch)0:9.0.1234-150000.5.34.1(aarch64|s390x|x86_64)0:9.0.1234-150000.5.34.1(aarch64|s390x|x86_64)0:6.1-150000.5.15.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.63.1(aarch64|x86_64)0:5.14.21-150400.24.63.1.150400.24.27.1(aarch64|s390x|x86_64)0:2.1.5-150400.3.8.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.23.1(x86_64)0:5.14.21-150400.15.28.2(noarch)0:202202-150400.5.10.1(x86_64)0:20230512-150200.24.1(aarch64|s390x|x86_64)0:1.6.19-150000.90.3(aarch64|s390x|x86_64)0:1.1.5-150000.43.1(aarch64|s390x|x86_64)0:1.19.1-150000.3.23.1(noarch)0:16.57.21-150400.3.2.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.13.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.10.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.28.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.37.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.43.1(aarch64|s390x|x86_64)0:8.0.0-150400.7.6.1(aarch64|x86_64)0:8.0.0-150400.7.6.1(aarch64|s390x|x86_64)0:2.4.46-150200.14.14.1(noarch)0:2.4.46-150200.14.14.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.3.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.48.1(noarch)0:0.9.3-150000.3.3.4(noarch)0:3.10-150000.3.3.4(aarch64|s390x|x86_64)0:3006.0-150400.8.34.2(aarch64|s390x|x86_64)0:3.17.2-150300.3.2.3(aarch64|s390x|x86_64)0:17.1.2-150000.3.5.2(x86_64)0:12.2.0-150300.29.1(aarch64|s390x|x86_64)0:5.62-150400.4.13.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.30.1(noarch)0:1.6.5-150000.3.30.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.46.1(noarch)0:9.0.1572-150000.5.46.1(aarch64|s390x|x86_64)0:9.0.1572-150000.5.46.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.42.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.66.1(aarch64|x86_64)0:5.14.21-150400.24.66.1.150400.24.29.1(aarch64|s390x|x86_64)0:2.63-150400.3.3.1(x86_64)0:5.14.21-150400.15.37.2(x86_64)0:5.14.21-150400.15.40.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.69.1(aarch64|x86_64)0:5.14.21-150400.24.69.1.150400.24.31.1(noarch)0:2.24.0-150300.3.3.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.12.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.15.1(aarch64|s390x|x86_64)0:1.12.2-150400.18.8.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.14.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.26.1(aarch64|s390x|x86_64)0:4.15.13+git.663.9c654e06cdb-150400.3.28.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.22.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.48.1(aarch64|s390x|x86_64)0:2.1.7-150400.3.11.1(aarch64|s390x|x86_64)0:8.6.12-150300.14.6.1(x86_64)0:1.51.0-150400.4.16.1(aarch64|s390x|x86_64)0:2.52.10-150400.3.6.1(noarch)0:20220509-150400.4.19.1(x86_64)0:0.54.0-150400.3.19.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.22.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.6.1(aarch64|s390x|x86_64)0:3006.0-150400.8.37.2(aarch64|s390x|x86_64)0:5.14.21-150400.24.74.1(aarch64|x86_64)0:5.14.21-150400.24.74.1.150400.24.33.3(aarch64|s390x|x86_64)0:1.20.1-150400.3.3.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.20.1(x86_64)0:6.2.0-150400.37.20.1(aarch64)0:6.2.0-150400.37.20.1(noarch)0:1.0.0+-150400.37.20.1(s390x)0:6.2.0-150400.37.20.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.20.1(noarch)0:8-150400.37.20.1(aarch64|s390x|x86_64)0:5.62-150400.4.16.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.34.1(aarch64|s390x|x86_64)0:2.1.0-150000.4.6.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.81.1(aarch64|x86_64)0:5.14.21-150400.24.81.1.150400.24.35.3(x86_64)0:5.14.21-150400.15.46.1(aarch64|s390x|x86_64)0:10.39-150400.4.9.1(noarch)0:20220509-150400.4.22.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.6.1(x86_64)0:20230808-150200.27.1(x86_64)0:4.16.5_02-150400.4.31.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.53.1(x86_64)0:1.2.37-150400.14.3.4(aarch64|s390x|x86_64)0:4.0.9-150000.45.25.1(aarch64|s390x|x86_64)0:4.2.1-150000.3.3.1(noarch)0:2.62-150200.30.1(aarch64|s390x|x86_64)0:2.10.4-150000.4.15.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.16.1(aarch64|s390x|x86_64)0:3.3.15-150000.7.34.1(aarch64|s390x|x86_64)0:590-150400.3.3.1(x86_64)0:12.2.0-150300.33.1(aarch64|s390x|x86_64)0:24.0.5_ce-150000.185.1(aarch64|s390x|x86_64)0:1.9.0-150000.4.16.1(aarch64|s390x|x86_64)0:73.2-150000.1.3.1(noarch)0:73.2-150000.1.3.1(aarch64|s390x|x86_64)0:12.3.0+git1204-150000.1.16.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.22.1(noarch)0:2.60-150200.27.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.51.2(aarch64|s390x|x86_64)0:0.7.1-150100.3.14.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.17.1(aarch64|s390x|x86_64)0:1.6.21-150000.95.1(noarch)0:3.1.26-150300.7.35.21.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.29.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.51.1(x86_64)0:4.16.5_04-150400.4.34.1(x86_64)0:12.3.0-150300.37.1(aarch64|s390x|x86_64)0:3006.0-150400.8.44.1(aarch64|s390x|x86_64)0:1.1.8-150000.49.1(aarch64|s390x|x86_64)0:4.1-150300.24.33.1(aarch64|s390x|x86_64)0:0.5.2-150400.3.6.1(noarch)0:9.0.1894-150000.5.54.1(aarch64|s390x|x86_64)0:9.0.1894-150000.5.54.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.33.1(noarch)0:1.6.5-150000.3.33.1(x86_64)0:5.14.21-150400.15.53.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.88.1(aarch64|x86_64)0:5.14.21-150400.24.88.1.150400.24.40.1(aarch64|s390x|x86_64)0:1.40.0-150200.9.1(noarch)0:4.8.1-150400.10.12.1(aarch64|s390x|x86_64)0:4.8.1-150400.10.12.1(aarch64|s390x|x86_64)0:2.1.7-150400.3.14.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.32.1(x86_64)0:4.16.5_06-150400.4.37.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.23.1(x86_64)0:6.2.0-150400.37.23.1(aarch64)0:6.2.0-150400.37.23.1(noarch)0:1.0.0+-150400.37.23.1(s390x)0:6.2.0-150400.37.23.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.23.1(noarch)0:8-150400.37.23.1(aarch64|s390x|x86_64)0:4.15.13+git.691.3d3cea0641-150400.3.31.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.92.1(aarch64|x86_64)0:5.14.21-150400.24.92.1.150400.24.42.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.6.1(x86_64)0:5.14.21-150400.15.56.1(noarch)0:1.25.10-150300.4.6.1(aarch64|s390x|x86_64)0:2.4.8+git0.d1f8d41e0-150400.3.10.1(aarch64|s390x|x86_64)0:2.31-150300.63.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.16.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.20.1(aarch64|s390x|x86_64)0:15.4.18-150400.3.14.1(aarch64|s390x|x86_64)0:2.06-150400.11.38.1(noarch)0:2.06-150400.11.38.1(s390x)0:2.06-150400.11.38.1(aarch64|s390x|x86_64)0:13.2.1+git7813-150000.1.3.3(aarch64|s390x|x86_64)0:3.0.8-150400.4.37.1(aarch64|s390x|x86_64)0:1.11.0-150000.4.19.1(aarch64|s390x|x86_64)0:1.40.0-150200.12.1(aarch64|s390x|x86_64)0:1.2.11-150000.3.48.1(aarch64|s390x|x86_64)0:1.1.16-150400.3.7.1(x86_64)0:12.3.0-150300.43.1(aarch64|s390x|x86_64)0:7.79.1-150400.5.15.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.46.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.46.1.150400.24.17.3(aarch64|s390x|x86_64)0:3.79.4-150400.3.26.1(x86_64)0:5.14.21-150400.15.59.1(x86_64)0:0.54.0-150400.3.23.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.32.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.97.1(aarch64|x86_64)0:5.14.21-150400.24.97.1.150400.24.44.2(aarch64|s390x|x86_64)0:3006.0-150400.8.49.2(aarch64|s390x|x86_64)0:3.17.2-150300.3.4.1(x86_64)0:1.51.0-150400.4.20.2(aarch64|x86_64)0:535.129.03-150400.9.12.1(aarch64|x86_64)0:535.129.03_k5.14.21_150400.24.92-150400.9.27.1(x86_64)0:20231113-150200.32.1(noarch)0:1.25.10-150300.4.9.1(x86_64)0:4.16.5_08-150400.4.40.1(x86_64)0:20231114-150200.35.1(aarch64|s390x|x86_64)0:0.8-150400.7.10.1(noarch)0:44.1.1-150400.9.6.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.60.2(aarch64|s390x|x86_64)0:2.9.14-150400.5.25.1(aarch64|s390x|x86_64)0:1.0.0+git20210816.baa09b5-150400.3.3.1(noarch)0:9.0.2103-150000.5.57.1(aarch64|s390x|x86_64)0:9.0.2103-150000.5.57.1(aarch64|s390x|x86_64)0:4.6.1-150300.3.3.1(aarch64|s390x|x86_64)0:3.44.0-150000.3.23.1(aarch64|s390x|x86_64)0:2.0.21-150000.3.3.1(aarch64|s390x|x86_64)0:1.34-150000.3.31.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.19.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.42.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.36.1(noarch)0:20220509-150400.4.25.1(noarch)0:12.0-150000.8.37.1(x86_64)0:1.51.0-150400.4.23.1(x86_64)0:0.54.0-150400.3.26.1(aarch64|s390x|x86_64)0:1.7.8-150000.103.1(aarch64|s390x|x86_64)0:1.1.10-150000.55.1(x86_64)0:5.14.21-150400.15.62.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.100.2(aarch64|x86_64)0:5.14.21-150400.24.100.2.150400.24.46.2(aarch64|s390x|x86_64)0:3.3.2-150400.23.1(aarch64|s390x|x86_64)0:1.19.0-150000.3.20.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.35.1(x86_64)0:5.14.21-150400.15.11.1(aarch64|s390x|x86_64)0:6.1-150000.5.20.1(aarch64|s390x|x86_64)0:0.8-150400.7.13.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.27.1(aarch64|s390x|x86_64)0:24.0.7_ce-150000.190.4(aarch64|s390x|x86_64)0:2.4.7-150000.5.13.1(aarch64|s390x|x86_64)0:2.1-150000.3.5.1(aarch64|s390x|x86_64)0:3.1.0-150400.3.3.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.40.1(aarch64|s390x|x86_64)0:1.1.34-150400.3.3.1(aarch64|s390x|x86_64)0:1.3.5-150000.4.6.1(x86_64)0:20230214-150200.21.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.27.1(noarch)0:1.6.5-150000.3.27.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.11.1(x86_64)0:6.2.0-150400.37.11.1(aarch64)0:6.2.0-150400.37.11.1(noarch)0:1.0.0+-150400.37.11.1(s390x)0:6.2.0-150400.37.11.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.11.1(noarch)0:8-150400.37.11.1(x86_64)0:4.16.3_04-150400.4.22.1(aarch64|s390x|x86_64)0:3.3.2-150400.16.6.1(aarch64|s390x|x86_64)0:5.9.3-150300.15.8.1(noarch)0:9.0.1386-150000.5.37.1(aarch64|s390x|x86_64)0:9.0.1386-150000.5.37.1(noarch)0:0.18.2-150300.3.3.1(aarch64|s390x|x86_64)0:20.10.23_ce-150000.175.1(x86_64)0:4.16.3_06-150400.4.25.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.45.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.14.2(x86_64)0:6.2.0-150400.37.14.2(aarch64)0:6.2.0-150400.37.14.2(noarch)0:1.0.0+-150400.37.14.2(s390x)0:6.2.0-150400.37.14.2(noarch)0:1.15.0_0_g2dd4b9b-150400.37.14.2(noarch)0:8-150400.37.14.2(aarch64|s390x|x86_64)0:0.116-150200.3.12.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.9.1(aarch64|s390x|x86_64)0:0.8-150400.7.16.1(aarch64|s390x|x86_64)0:4.4.4-150400.4.22.1(noarch)0:4.4.4-150400.4.22.1(aarch64|s390x|x86_64)0:8.0.0-150400.7.11.2(aarch64|x86_64)0:8.0.0-150400.7.11.2(x86_64)0:4.16.5_14-150400.4.52.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.17.1(aarch64|s390x|x86_64)0:6.1-150000.5.24.1(aarch64|s390x|x86_64)0:1.19.1-150000.3.26.1(x86_64)0:20240312-150200.38.1(aarch64|s390x|x86_64)0:0.7.1-150100.3.18.1(aarch64|s390x|x86_64)0:0.8.6-150100.3.22.3(aarch64|s390x|x86_64)0:8.0.1-150400.5.44.1(aarch64|s390x|x86_64)0:1.40.0-150200.17.1(aarch64|s390x|x86_64)0:2.37.2-150400.8.29.1(aarch64|s390x|x86_64)0:3.7.3-150400.1.3.1(aarch64|s390x|x86_64)0:590-150400.3.6.2(x86_64)0:4.16.6_02-150400.4.55.1(x86_64)0:5.14.21-150400.15.65.1(x86_64)0:5.14.21-150400.15.76.1(noarch)0:5.14.21-150400.15.76.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.116.1(aarch64|x86_64)0:5.14.21-150400.24.116.1.150400.24.54.5(aarch64|s390x|x86_64)0:1.3.0-150000.6.66.1(aarch64|x86_64)0:15.8-150300.4.20.2(aarch64|s390x|x86_64)0:2.31-150300.74.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.29.1(x86_64)0:6.2.0-150400.37.29.1(aarch64)0:6.2.0-150400.37.29.1(noarch)0:1.0.0+-150400.37.29.1(s390x)0:6.2.0-150400.37.29.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.29.1(noarch)0:8-150400.37.29.1(aarch64|s390x|x86_64)0:0.9.8-150400.3.3.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.9.1(noarch)0:2.6-150000.3.3.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.103.1(aarch64|x86_64)0:5.14.21-150400.24.103.1.150400.24.48.1(aarch64|s390x|x86_64)0:2.5.2-150400.4.27.1(aarch64|s390x|x86_64)0:590-150400.3.9.1(aarch64|s390x|x86_64)0:3.1.0-150400.3.6.1(aarch64|s390x|x86_64)0:5.2-150400.6.3.1(aarch64|s390x|x86_64)0:25.1-150400.9.6.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.119.1(aarch64|x86_64)0:5.14.21-150400.24.119.1.150400.24.56.1(x86_64)0:5.14.21-150400.15.79.1(noarch)0:5.14.21-150400.15.79.1(aarch64|s390x|x86_64)0:1.16.0-150400.11.3.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.17.1(x86_64)0:20240514-150200.41.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.11.1(noarch)0:2.10.1-150000.3.13.1(noarch)0:2.25.1-150300.3.9.1(aarch64|s390x|x86_64)0:2.31-150300.83.1(aarch64|s390x|x86_64)0:1.20.1-150400.3.8.2(aarch64|s390x|x86_64)0:3.0.8-150400.4.54.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.66.2(aarch64|s390x|x86_64)0:2.2.7-150000.3.59.1(aarch64|x86_64)0:550.90.07-150400.9.33.1(aarch64|x86_64)0:550.90.07_k5.14.21_150400.24.119-150400.9.62.1(x86_64)0:5.14.21-150400.15.82.1(noarch)0:5.14.21-150400.15.82.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.44.1(aarch64|s390x|x86_64)0:5.62-150400.4.19.1(aarch64|s390x|x86_64)0:2.42.12-150400.5.9.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.57.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.69.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.27.1(aarch64|s390x|x86_64)0:1.7.17-150000.111.3(aarch64|s390x|x86_64)0:3.5.1-150400.3.15.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.122.2(aarch64|x86_64)0:5.14.21-150400.24.122.2.150400.24.58.2(aarch64|s390x|x86_64)0:4.9.5-150400.4.30.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.32.1(aarch64|s390x|x86_64)0:1.6-150000.3.3.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.12.1(aarch64|s390x|x86_64)0:2.13-150400.3.3.1(x86_64)0:5.14.21-150400.15.85.1(noarch)0:5.14.21-150400.15.85.1(aarch64|s390x|x86_64)0:6.7.0-150000.3.6.1(aarch64|s390x|x86_64)0:251.3-150400.8.3.1(noarch)0:251.3-150400.8.3.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.65.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.65.2(aarch64|s390x|x86_64)0:5.14.21-150400.24.125.1(aarch64|x86_64)0:5.14.21-150400.24.125.1.150400.24.60.1(aarch64|s390x|x86_64)0:3.7.3-150400.8.1(noarch)0:1.15.0-150000.3.5.1(noarch)0:4.8.1-150400.10.18.1(aarch64|s390x|x86_64)0:4.8.1-150400.10.18.1(aarch64|s390x|x86_64)0:2.24.33-150400.4.3.1(noarch)0:3.24.34-150400.3.9.1(aarch64|s390x|x86_64)0:3.24.34-150400.3.9.1(noarch)0:1.25.10-150300.4.12.1(aarch64|s390x|x86_64)0:0.4.28-150000.3.6.1(x86_64)0:4.16.5_12-150400.4.46.1(aarch64|s390x|x86_64)0:3.101.2-150400.3.48.1(noarch)0:4.8.1-150400.10.21.1(aarch64|s390x|x86_64)0:4.8.1-150400.10.21.1(noarch)0:2.68-150200.33.1(x86_64)0:5.14.21-150400.15.88.1(noarch)0:5.14.21-150400.15.88.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.72.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.128.1(aarch64|x86_64)0:5.14.21-150400.24.128.1.150400.24.62.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.60.1(aarch64|s390x|x86_64)0:1.1.11-150000.58.1(noarch)0:20220509-150400.4.28.1(aarch64|s390x|x86_64)0:2.2.2-150400.3.10.1(aarch64|s390x|x86_64)0:2.13-150400.3.6.1(noarch)0:44.1.1-150400.9.9.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.47.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.14.1(x86_64)0:20240813-150200.44.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.63.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.47.1(aarch64|s390x|x86_64)0:25.0.6_ce-150000.207.1(aarch64|s390x|x86_64)0:249.17-150400.8.43.1(aarch64|s390x|x86_64)0:1.10.1-150400.3.3.2(aarch64|s390x|x86_64)0:8.0.1-150400.5.50.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.22.1(aarch64|s390x|x86_64)0:1.7.21-150000.117.1(aarch64|s390x|x86_64)0:1.1.14-150000.70.1(x86_64)0:5.14.21-150400.15.91.3(noarch)0:5.14.21-150400.15.91.3(noarch)0:1.15.0-150000.3.10.2(x86_64)0:20240910-150200.47.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.34.1(x86_64)0:6.2.0-150400.37.34.1(aarch64)0:6.2.0-150400.37.34.1(noarch)0:1.0.0+-150400.37.34.1(s390x)0:6.2.0-150400.37.34.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.34.1(noarch)0:8-150400.37.34.1(x86_64)0:5.14.21-150400.15.94.1(noarch)0:5.14.21-150400.15.94.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.133.2(aarch64|x86_64)0:5.14.21-150400.24.133.2.150400.24.64.5(x86_64)0:4.16.6_04-150400.4.62.1(aarch64|s390x|x86_64)0:0.22.0-150400.3.12.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.72.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.66.1(aarch64|s390x|x86_64)0:21.2.4-150400.68.15.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.136.1(aarch64|x86_64)0:5.14.21-150400.24.136.1.150400.24.66.1(x86_64)0:5.14.21-150400.15.97.1(noarch)0:5.14.21-150400.15.97.1(aarch64|s390x|x86_64)0:25.1-150400.9.10.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.69.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.75.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.75.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.56.1(aarch64|s390x|x86_64)0:2.4.4-150400.3.25.1(x86_64)0:20241112-150200.50.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.17.1(x86_64)0:5.14.21-150400.15.100.1(noarch)0:5.14.21-150400.15.100.1(x86_64)0:4.16.6_06-150400.4.65.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.141.1(aarch64|x86_64)0:5.14.21-150400.24.141.1.150400.24.68.2(aarch64|s390x|x86_64)0:3.6.15-150300.10.78.1(aarch64|s390x|x86_64)0:1.8.0.0-150400.14.6.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.37.3(x86_64)0:6.2.0-150400.37.37.3(aarch64)0:6.2.0-150400.37.37.3(noarch)0:1.0.0+-150400.37.37.3(s390x)0:6.2.0-150400.37.37.3(noarch)0:1.15.0_0_g2dd4b9b-150400.37.37.3(noarch)0:8-150400.37.37.3(x86_64)0:5.14.21-150400.15.103.1(noarch)0:5.14.21-150400.15.103.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.144.1(aarch64|x86_64)0:5.14.21-150400.24.144.1.150400.24.70.1(noarch)0:16.57.21-150400.3.4.2(aarch64|s390x|x86_64)0:2.74.2-150400.3.3.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.59.1(aarch64|s390x|x86_64)0:26.1.5_ce-150000.212.1(aarch64|s390x|x86_64)0:0.8-150400.7.20.1(noarch)0:12.0-150000.8.40.1(aarch64|s390x|x86_64)0:13.2.1+git7813-150000.1.6.1(aarch64|s390x|x86_64)0:1.1.12-150000.61.2(x86_64)0:5.14.21-150400.15.68.1(aarch64|s390x|x86_64)0:3006.0-150400.8.54.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.108.1(aarch64|x86_64)0:5.14.21-150400.24.108.1.150400.24.50.2(aarch64|s390x|x86_64)0:3.0.8-150400.4.49.1(aarch64|s390x|x86_64)0:1.11.0-150000.4.25.1(aarch64|s390x|x86_64)0:20230802.1-150400.10.4.1(aarch64|s390x|x86_64)0:25.1-150400.9.3.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.54.1(aarch64|s390x|x86_64)0:24.0.7_ce-150000.193.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.38.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.30.1(aarch64|s390x|x86_64)0:3.90.2-150400.3.39.1(aarch64|s390x|x86_64)0:1.11.0-150000.4.22.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.28.1(aarch64|s390x|x86_64)0:1.34-150000.3.34.1(aarch64|x86_64)0:550.54.14-150400.9.21.1(aarch64|x86_64)0:550.54.14_k5.14.21_150400.24.108-150400.9.50.1(aarch64|s390x|x86_64)0:2.9-150000.4.39.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.63.1(aarch64|s390x|x86_64)0:2.31-150300.68.1(noarch)0:9.1.0111-150000.5.60.1(aarch64|s390x|x86_64)0:9.1.0111-150000.5.60.1(aarch64|s390x|x86_64)0:1.9.9-150400.4.36.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.111.2(aarch64|x86_64)0:5.14.21-150400.24.111.2.150400.24.52.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.57.1(x86_64)0:4.16.5_14-150400.4.49.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.41.1(x86_64)0:5.14.21-150400.15.71.1(noarch)0:5.14.21-150400.15.71.1(noarch)0:2.10.1-150000.3.21.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.158.1(aarch64|x86_64)0:5.14.21-150400.24.158.1.150400.24.78.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.44.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.84.1(aarch64|s390x|x86_64)0:27.5.1_ce-150000.218.1(aarch64|s390x|x86_64)0:1.1.34-150400.3.6.1(x86_64)0:5.14.21-150400.15.115.1(noarch)0:5.14.21-150400.15.115.1(aarch64|s390x|x86_64)0:3.0.4-150400.5.12.2(aarch64|s390x|x86_64)0:5.14.21-150400.24.161.1(aarch64|x86_64)0:5.14.21-150400.24.161.1.150400.24.80.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.28.1(aarch64|s390x|x86_64)0:1.3.0-150000.6.76.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.22.1(aarch64|s390x|x86_64)0:1.7.27-150000.123.1(aarch64|s390x|x86_64)0:60.9.0-150200.6.3.1(aarch64|s390x|x86_64)0:6.15-150400.3.12.1(aarch64|s390x|x86_64)0:1.12.0-150400.3.8.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.41.1(aarch64|s390x|x86_64)0:3.49.1-150000.3.27.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.6.1(aarch64|s390x|x86_64)0:3.0.4-150400.5.18.1(x86_64)0:5.14.21-150400.15.118.1(noarch)0:5.14.21-150400.15.118.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.49.1(noarch)0:6.4-150400.4.8.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.20.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.164.1(aarch64|x86_64)0:5.14.21-150400.24.164.1.150400.24.82.1(s390x)0:2.31.0-150400.7.31.1(noarch)0:2.31.0-150400.7.31.1(aarch64|s390x|x86_64)0:3.2.3-150400.3.17.1(x86_64)0:20250512-150200.56.1(x86_64)0:12.5.2-150300.58.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.10.1(aarch64|s390x|x86_64)0:20211215-150400.3.19.1(aarch64|s390x|x86_64)0:2.31-150300.95.1(noarch)0:44.1.1-150400.9.12.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.9.1(aarch64|s390x|x86_64)0:12.0.2-150000.3.37.1(x86_64)0:5.14.21-150400.15.121.1(noarch)0:5.14.21-150400.15.121.1(noarch)0:2.25.1-150300.3.15.1(aarch64|s390x|x86_64)0:1.2.0-150400.4.5.1(aarch64|s390x|x86_64)0:1.3.0-150000.6.83.1(aarch64|s390x|x86_64)0:4.6.2-150000.5.8.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.20.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.147.1(aarch64|x86_64)0:5.14.21-150400.24.147.1.150400.24.72.1(aarch64|s390x|x86_64)0:0.6.10-150100.3.11.1(aarch64|s390x|x86_64)0:2.26-150400.3.5.1(aarch64|s390x|x86_64)0:2.14.0-150400.4.9.1(aarch64|s390x|x86_64)0:65.1-150200.4.15.1(noarch)0:65.1-150200.4.15.1(aarch64|s390x|x86_64)0:1.1-150200.3.14.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.47.2(aarch64|s390x|x86_64)0:1.9.9-150400.4.39.1(aarch64|s390x|x86_64)0:1.2.6-150000.73.2(noarch)0:9.1.1406-150000.5.75.1(aarch64|s390x|x86_64)0:9.1.1406-150000.5.75.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.167.1(aarch64|x86_64)0:5.14.21-150400.24.167.1.150400.24.84.1(aarch64|s390x|x86_64)0:0.9.8-150400.3.9.1(aarch64|s390x|x86_64)0:28.2.2_ce-150000.227.1(aarch64|s390x|x86_64)0:25.1-150400.9.16.1(x86_64)0:5.14.21-150400.15.106.1(noarch)0:5.14.21-150400.15.106.1(x86_64)0:5.14.21-150400.15.124.1(noarch)0:5.14.21-150400.15.124.1(x86_64)0:4.16.7_02-150400.4.72.1(aarch64|s390x|x86_64)0:3.7.3-150400.14.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.44.1(aarch64|s390x|x86_64)0:8.32-150400.9.9.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.23.1(aarch64|s390x|x86_64)0:1.6-150000.3.6.1(aarch64|s390x|x86_64)0:20211215-150400.3.22.1(aarch64|s390x|x86_64)0:1.9.4-150400.6.11.1(aarch64|s390x|x86_64)0:1.20.1-150400.3.14.1(aarch64|s390x|x86_64)0:3006.0-150400.8.80.1(aarch64|s390x|x86_64)0:0.116-150200.3.15.1(noarch)0:1.66.0-150200.12.7.1(aarch64|s390x|x86_64)0:1.66.0-150200.12.7.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.170.2(aarch64|x86_64)0:5.14.21-150400.24.170.2.150400.24.86.2(aarch64|x86_64)0:565.57.01-150400.89.1(aarch64|x86_64)0:565.57.01_k5.14.21_150400.24.170-150400.89.1(aarch64|x86_64)0:550.144.03_k5.14.21_150400.24.170-150400.89.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.47.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.35.1(aarch64|s390x|x86_64)0:3.50.2-150000.3.33.1(aarch64|s390x|x86_64)0:249.17-150400.8.49.2(aarch64|s390x|x86_64)0:1.16.0-150400.11.6.1(aarch64|s390x|x86_64)0:3.5.1-150400.3.21.1(aarch64|s390x|x86_64)0:2.06-150400.11.63.1(noarch)0:2.06-150400.11.63.1(s390x)0:2.06-150400.11.63.1(aarch64|s390x|x86_64)0:1.19.0.4-150000.4.7.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.97.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.97.2(aarch64|s390x|x86_64)0:4.9.5-150400.4.50.1(aarch64|s390x|x86_64)0:0.2.7+141-150400.3.7.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.50.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.173.1(aarch64|x86_64)0:5.14.21-150400.24.173.1.150400.24.88.1(x86_64)0:5.14.21-150400.15.127.1(noarch)0:5.14.21-150400.15.127.1(noarch)0:2.10.1-150000.3.18.1(aarch64|s390x|x86_64)0:28.3.3_ce-150000.230.1(aarch64|s390x|x86_64)0:1.6-150000.3.9.1(aarch64|s390x|x86_64)0:0.2.8+12-150400.3.10.1(aarch64|s390x|x86_64)0:2.42.12-150400.5.14.1(aarch64|s390x|x86_64)0:1.3.0-150000.6.86.1(noarch)0:1.25.10-150300.4.18.1(aarch64|s390x|x86_64)0:2.14.0-150400.4.12.1(aarch64|s390x|x86_64)0:2.9.2-150400.3.11.1(noarch)0:0.18.2-150300.3.6.1(x86_64)0:20250812-150200.59.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.12.1(noarch)0:3.0.0-150000.3.28.1(noarch)0:5.0.0-150000.3.38.1(noarch)0:5.0.0-150000.4.18.1(noarch)0:9.1.1629-150000.5.78.1(aarch64|s390x|x86_64)0:9.1.1629-150000.5.78.1(aarch64|s390x|x86_64)0:2.0+git20170221.479bb4a-150000.5.13.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.72.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.69.1(aarch64|s390x|x86_64)0:1.0.7-150200.3.5.1(aarch64|s390x|x86_64)0:5.62-150400.4.22.1(aarch64|s390x|x86_64)0:1.16.0-150400.11.9.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.176.1(aarch64|x86_64)0:5.14.21-150400.24.176.1.150400.24.90.1(aarch64|s390x|x86_64)0:0.8-150400.7.23.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.55.1(x86_64)0:5.14.21-150400.15.130.1(noarch)0:5.14.21-150400.15.130.1(aarch64|s390x|x86_64)0:3.2.3-150400.3.20.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.35.1(aarch64|s390x|x86_64)0:2.14.0-150400.4.3.1(aarch64|x86_64)0:580.82.07-150400.98.1(aarch64|x86_64)0:580.82.07_k5.14.21_150400.24.173-150400.98.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.15.1(x86_64)0:13.0.0-150300.64.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.84.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.75.1(aarch64|s390x|x86_64)0:0.4.28-150000.3.9.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.78.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.53.1(aarch64|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.25.1(aarch64|s390x|x86_64)0:4.15.13+git.736.b791be993ba-150400.3.40.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.31.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.179.1(aarch64|x86_64)0:5.14.21-150400.24.179.1.150400.24.92.1(aarch64|s390x|x86_64)0:8.0.1-150400.5.62.1(x86_64)0:5.14.21-150400.15.133.1(noarch)0:5.14.21-150400.15.133.1(aarch64|s390x|x86_64)0:3.9.2-150200.4.27.1(aarch64|s390x|x86_64)0:1.19.2-150400.3.18.1(aarch64|x86_64)0:5.9.0.git21.a73f509-150400.3.3.1(noarch)0:5.9.0.git21.a73f509-150400.3.3.1(aarch64|s390x|x86_64)0:0.9.8-150400.3.12.1(aarch64|s390x|x86_64)0:4.1-150400.21.8.1(noarch)0:4.1-150400.21.8.1(aarch64|s390x|x86_64)0:3.112.2-150400.3.60.1(x86_64)0:4.16.7_04-150400.4.75.1(aarch64|s390x|x86_64)0:1.1.34-150400.3.13.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.72.1(aarch64|s390x|x86_64)0:1.4.5-150400.4.9.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.60.1(aarch64|s390x|x86_64)0:1.2.7-150000.80.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.13.1(aarch64|s390x|x86_64)0:1.3.3-150000.85.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.59.2(aarch64|s390x|x86_64)0:0.185-150400.5.8.3(aarch64|s390x|x86_64)0:5.14.21-150400.24.184.1(aarch64|x86_64)0:5.14.21-150400.24.184.1.150400.24.94.2(aarch64|s390x|x86_64)0:8.4p1-150300.3.57.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.50.1(x86_64)0:5.14.21-150400.15.136.1(noarch)0:5.14.21-150400.15.136.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.62.1(aarch64|s390x|x86_64)0:2.5.2-150400.4.40.1(aarch64|s390x|x86_64)0:2.06-150400.11.66.1(noarch)0:2.06-150400.11.66.1(s390x)0:2.06-150400.11.66.1(aarch64|s390x|x86_64)0:3.7.3-150400.19.1(aarch64|s390x|x86_64)0:1.7.29-150000.128.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.77.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.72.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.80.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.40.1(x86_64)0:6.2.0-150400.37.40.1(aarch64)0:6.2.0-150400.37.40.1(noarch)0:1.0.0+-150400.37.40.1(s390x)0:6.2.0-150400.37.40.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.40.1(noarch)0:8-150400.37.40.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.26.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.100.1(aarch64|s390x|x86_64)0:2.52.12-150400.3.9.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.83.1(aarch64|s390x|x86_64)0:1.6.34-150000.3.12.1(aarch64|s390x|x86_64)0:3006.0-150400.8.91.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.29.1(noarch)0:202202-150400.5.15.1(aarch64|s390x|x86_64)0:4.13-150000.4.11.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.81.1(x86_64)0:5.14.21-150400.15.109.1(noarch)0:5.14.21-150400.15.109.1(aarch64|s390x|x86_64)0:2.31-150300.92.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.150.1(aarch64|x86_64)0:5.14.21-150400.24.150.1.150400.24.74.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.38.1(aarch64|s390x|x86_64)0:2.06-150400.11.55.2(noarch)0:2.06-150400.11.55.2(s390x)0:2.06-150400.11.55.2(x86_64)0:20250211-150200.53.1(aarch64|s390x|x86_64)0:8.4p1-150300.3.42.1(aarch64|s390x|x86_64)0:1.20.1-150400.3.11.1(noarch)0:202202-150400.5.18.1(aarch64|s390x|x86_64)0:2.90-150400.16.3.1(aarch64|s390x|x86_64)0:0.6.10-150100.3.6.1(noarch)0:9.1.1101-150000.5.69.1(aarch64|s390x|x86_64)0:9.1.1101-150000.5.69.1(aarch64|s390x|x86_64)0:3.7.3-150400.11.1(aarch64|s390x|x86_64)0:3.3.17-150000.7.42.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.38.1(aarch64|s390x|x86_64)0:1.6.5-150000.3.36.1(noarch)0:1.6.5-150000.3.36.1(aarch64)0:2021.10-150400.4.14.1(aarch64|s390x|x86_64)0:27.5.1_ce-150000.215.3(aarch64|s390x|x86_64)0:4.9.5-150400.4.41.1(aarch64|s390x|x86_64)0:0.44.0-150400.13.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.153.1(aarch64|x86_64)0:5.14.21-150400.24.153.1.150400.24.76.1(x86_64)0:5.14.21-150400.15.112.1(noarch)0:5.14.21-150400.15.112.1(aarch64|s390x|x86_64)0:3.5.1-150400.3.18.1(aarch64|s390x|x86_64)0:2.10.4-150000.4.18.1(aarch64|s390x|x86_64)0:3006.0-150400.8.94.2(aarch64|s390x|x86_64)0:249.17-150400.8.55.1(aarch64|s390x|x86_64)0:3.51.3-150000.3.39.1(noarch)0:1.25.10-150300.4.24.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.109.1(noarch)0:9.2.0110-150000.5.86.1(aarch64|s390x|x86_64)0:9.2.0110-150000.5.86.1(aarch64|s390x|x86_64)0:1.7.29-150000.130.1(x86_64)0:5.14.21-150400.15.145.1(noarch)0:5.14.21-150400.15.145.1(noarch)0:0.4.2-150000.3.16.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.37.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.19.1(aarch64|s390x|x86_64)0:1.34-150000.3.37.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.34.1(aarch64|s390x|x86_64)0:2.14.0-150400.4.15.1(aarch64|s390x|x86_64)0:3.0.8-150400.4.81.1(aarch64|s390x|x86_64)0:1.40.0-150200.22.1(aarch64|s390x|x86_64)0:4.9.5-150400.4.65.2(aarch64|s390x|x86_64)0:1.1.1l-150400.7.90.1(noarch)0:202202-150400.5.21.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.16.1(noarch)0:20220509-150400.4.31.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.13.1(aarch64|s390x|x86_64)0:1.0.18-150000.4.11.1(aarch64|s390x|x86_64)0:4.13-150000.4.14.1(aarch64|s390x|x86_64)0:5.7.3-150100.10.15.1(aarch64|s390x|x86_64)0:5.9.4-150300.15.21.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.19.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.103.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.187.3(aarch64|x86_64)0:5.14.21-150400.24.187.3.150400.24.96.3(aarch64|s390x|x86_64)0:3.0.8-150400.4.78.1(x86_64)0:5.14.21-150400.15.139.2(noarch)0:5.14.21-150400.15.139.1(aarch64|s390x|x86_64)0:1.1.1l-150400.7.87.1(aarch64|s390x|x86_64)0:1.0.18-150000.4.14.1(aarch64|s390x|x86_64)0:8.0.0-150400.7.14.1(aarch64|x86_64)0:8.0.0-150400.7.14.1(x86_64)0:4.16.7_06-150400.4.78.1(aarch64|s390x|x86_64)0:3.2.3-150400.3.26.1(x86_64)0:5.14.21-150400.15.142.1(noarch)0:5.14.21-150400.15.142.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.46.1(x86_64)0:6.2.0-150400.37.46.1(aarch64)0:6.2.0-150400.37.46.1(noarch)0:1.0.0+-150400.37.46.1(s390x)0:6.2.0-150400.37.46.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.46.1(noarch)0:8-150400.37.46.1(noarch)0:0.4.2-150000.3.13.1(aarch64|s390x|x86_64)0:3.51.2-150000.3.36.1(aarch64|s390x|x86_64)0:6.2.0-150400.37.49.1(x86_64)0:6.2.0-150400.37.49.1(aarch64)0:6.2.0-150400.37.49.1(noarch)0:1.0.0+-150400.37.49.1(s390x)0:6.2.0-150400.37.49.1(noarch)0:1.15.0_0_g2dd4b9b-150400.37.49.1(noarch)0:8-150400.37.49.1(aarch64|s390x|x86_64)0:60.9.0-150200.6.8.1(noarch)0:1.25.10-150300.4.21.1(aarch64|s390x|x86_64)0:0.2.8+116-150400.3.13.1(aarch64|s390x|x86_64)0:2.70.5-150400.3.34.1(aarch64|x86_64)0:580.126.09-150400.107.1(aarch64|x86_64)0:580.126.09_k5.14.21_150400.24.187-150400.107.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.26.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.77.1(aarch64|s390x|x86_64)0:2.37.2-150400.8.38.1(aarch64|s390x|x86_64)0:25.1-150400.9.19.1(aarch64|s390x|x86_64)0:1.10.1-150400.3.9.1(aarch64|s390x|x86_64)0:20230802.3-150400.10.7.1(aarch64|s390x|x86_64)0:0.8-150400.7.26.1(aarch64|s390x|x86_64)0:1.6.34-150000.3.19.1(aarch64|s390x|x86_64)0:2.9.14-150400.5.55.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.194.1(aarch64|x86_64)0:5.14.21-150400.24.194.1.150400.24.98.3(aarch64|s390x|x86_64)0:3.9.2-150200.4.30.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.106.1(aarch64|s390x|x86_64)0:28.5.1_ce-150000.241.2(aarch64|s390x|x86_64)0:0.29.0-150000.241.2(x86_64)0:20260210-150200.62.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.19.1(aarch64|x86_64)0:16.1-150300.4.31.3(aarch64|s390x|x86_64)0:1.1.34-150400.3.16.1(aarch64|s390x|x86_64)0:3.112.3-150400.3.63.1(aarch64|s390x|x86_64)0:2.7.1-150400.3.34.1(aarch64|s390x|x86_64)0:2.74.2-150400.3.31.1(aarch64|s390x|x86_64)0:4.5.3-150000.3.16.1(aarch64|s390x|x86_64)0:2.31-150300.98.1(aarch64|s390x|x86_64)0:8.14.1-150400.5.80.1(aarch64|s390x|x86_64)0:1.6-150000.3.12.1(aarch64|s390x|x86_64)0:1.3.4-150000.90.1(aarch64|s390x|x86_64)0:28.5.1_ce-150000.243.1(aarch64|s390x|x86_64)0:0.29.0-150000.243.1(aarch64|s390x|x86_64)0:2.37.2-150400.8.41.1(aarch64|s390x|x86_64)0:5.14.21-150400.24.197.1(aarch64|x86_64)0:5.14.21-150400.24.197.1.150400.24.100.1(s390x)0:2.4.0-150400.4.8.1(noarch)0:16.57.26-150400.3.2.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.2.1(s390x|x86_64)0:3.0.8-150400.4.34.1(noarch)0:5.0.6-150000.3.3.1(noarch)0:4.8.1-150400.3.3.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.3.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.38.1(aarch64|x86_64)0:3.3.2-150400.16.6.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.44.1(noarch)0:4.5-150400.3.3.1(aarch64|s390x|x86_64)0:4.14.3-150400.59.16.1(aarch64|s390x|x86_64)0:251.3-150400.6.7.1(noarch)0:251.3-150400.6.7.1(noarch)0:4.8.1-150400.3.9.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.9.1(noarch)0:4.8.1-150400.3.12.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.12.1(noarch)0:16.57.26-150400.3.4.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.41.3(noarch)0:4.8.1-150400.3.6.1(aarch64|s390x|x86_64)0:4.8.1-150400.3.6.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.11.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.50.1(aarch64|s390x|x86_64)0:0.2.7+141-150400.3.5.1(aarch64|s390x|x86_64)0:0.2.8+12-150400.3.8.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.5.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.53.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.47.1(aarch64|s390x|x86_64)0:2.15.0-150400.4.14.1(aarch64|s390x|x86_64)0:0.2.8+116-150400.3.11.1(s390x)0:3.17.0-150400.4.11.1(aarch64|s390x|x86_64)0:3.7.3-150400.4.56.1(aarch64|s390x|x86_64)0:7.1.0-150500.49.6.1(x86_64)0:7.1.0-150500.49.6.1(aarch64)0:7.1.0-150500.49.6.1(noarch)0:1.0.0+-150500.49.6.1(s390x)0:7.1.0-150500.49.6.1(noarch)0:1.16.0_0_gd239552-150500.49.6.1(noarch)0:8-150500.49.6.1(aarch64|s390x|x86_64)0:2.10.3-150500.5.8.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.28.1(aarch64|x86_64)0:5.14.21-150500.55.28.1.150500.6.11.2(x86_64)0:5.14.21-150500.13.18.1(aarch64|s390x|x86_64)0:2.1.7-150500.9.6.1(x86_64)0:5.14.21-150500.13.21.1(aarch64|s390x|x86_64)0:4.17.9+git.421.abde31ca5c2-150500.3.11.1(x86_64)0:4.17.2_06-150500.3.12.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.31.1(aarch64|x86_64)0:5.14.21-150500.55.31.1.150500.6.13.1(aarch64|s390x|x86_64)0:1.1.1-150500.3.2.1(aarch64|s390x|x86_64)0:1.1.2-150500.3.2.1(aarch64|s390x|x86_64)0:15.5.3-150500.3.6.1(aarch64|s390x|x86_64)0:2.06-150500.29.8.1(noarch)0:2.06-150500.29.8.1(s390x)0:2.06-150500.29.8.1(aarch64|s390x|x86_64)0:1.2.13-150500.4.3.1(x86_64)0:5.14.21-150500.13.24.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.36.1(aarch64|x86_64)0:5.14.21-150500.55.36.1.150500.6.15.3(aarch64|s390x|x86_64)0:3006.0-150500.4.24.2(aarch64|x86_64)0:535.129.03-150500.11.9.1(aarch64|x86_64)0:535.129.03_k5.14.21_150500.55.31-150500.3.13.1(x86_64)0:4.17.2_08-150500.3.15.1(aarch64|s390x|x86_64)0:2.10.3-150500.5.11.1(aarch64|s390x|x86_64)0:1.1.1l-150500.17.22.1(aarch64|s390x|x86_64)0:1.0.0+git20210816.baa09b5-150500.3.3.1(noarch)0:9.0.2103-150500.20.6.1(aarch64|s390x|x86_64)0:9.0.2103-150500.20.6.1(x86_64)0:1.1.0-150500.8.6.1(x86_64)0:1.58.0-150500.6.6.1(noarch)0:20230724-150500.3.9.1(aarch64|s390x|x86_64)0:7.1.0-150500.49.9.2(x86_64)0:7.1.0-150500.49.9.2(aarch64)0:7.1.0-150500.49.9.2(noarch)0:1.0.0+-150500.49.9.2(s390x)0:7.1.0-150500.49.9.2(noarch)0:1.16.0_0_gd239552-150500.49.9.2(noarch)0:8-150500.49.9.2(aarch64|s390x|x86_64)0:5.14.21-150500.55.39.1(aarch64|x86_64)0:5.14.21-150500.55.39.1.150500.6.17.1(x86_64)0:5.14.21-150500.13.27.2(x86_64)0:4.17.3_02-150500.3.18.1(noarch)0:4.8.1-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.16.1(aarch64|s390x|x86_64)0:9.0.0-150500.6.20.1(aarch64|x86_64)0:9.0.0-150500.6.20.1(x86_64)0:4.17.3_08-150500.3.27.1(aarch64|s390x|x86_64)0:7.1.0-150500.49.12.1(x86_64)0:7.1.0-150500.49.12.1(aarch64)0:7.1.0-150500.49.12.1(noarch)0:1.0.0+-150500.49.12.1(s390x)0:7.1.0-150500.49.12.1(noarch)0:1.16.0_0_gd239552-150500.49.12.1(noarch)0:8-150500.49.12.1(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:6.1-150000.5.24.1(aarch64|ppc64le|s390x|x86_64)0:1.19.1-150000.3.26.1(aarch64|s390x|x86_64)0:4.8.3-150500.3.9.1(noarch)0:4.8.3-150500.3.9.1(x86_64)0:5.14.21-150500.13.30.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.44.1(x86_64)0:1.58.0-150500.6.12.1(x86_64)0:1.1.1-150500.8.12.1(aarch64|ppc64le|s390x|x86_64)0:1.40.0-150200.17.1(aarch64|s390x|x86_64)0:2.37.4-150500.9.6.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.44.1(noarch)0:9.1.0111-150500.20.9.1(aarch64|s390x|x86_64)0:9.1.0111-150500.20.9.1(x86_64)0:4.17.4_02-150500.3.30.1(x86_64)0:1.1.1-150500.8.15.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.66.1(aarch64|ppc64le|s390x|x86_64)0:121-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.9.1(noarch)0:5~git8.c06c55b-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.15.1(noarch)0:7.1.0-150500.49.15.1(x86_64)0:7.1.0-150500.49.15.1(aarch64)0:7.1.0-150500.49.15.1(noarch)0:1.0.0+-150500.49.15.1(ppc64le)0:7.1.0-150500.49.15.1(s390x)0:7.1.0-150500.49.15.1(noarch)0:1.16.0_0_gd239552-150500.49.15.1(noarch)0:8-150500.49.15.1(s390x)0:3.23.0-150500.3.3.13(x86_64)0:5.14.21-150500.13.47.1(noarch)0:5.14.21-150500.13.47.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.59.1(aarch64|x86_64)0:5.14.21-150500.55.59.1.150500.6.25.7(aarch64|s390x|x86_64)0:1.14.2-150300.11.8.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150400.59.16.1(aarch64|s390x|x86_64)0:2.5.2-150500.10.17.1(aarch64|ppc64le|s390x|x86_64)0:590-150400.3.9.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.44.1(aarch64|x86_64)0:5.14.21-150500.55.44.1.150500.6.19.2(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:5.2-150400.6.3.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.62.2(aarch64|x86_64)0:5.14.21-150500.55.62.2.150500.6.27.2(x86_64)0:5.14.21-150500.13.52.1(noarch)0:5.14.21-150500.13.52.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150400.11.3.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.17.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.65.1(aarch64|x86_64)0:5.14.21-150500.55.65.1.150500.6.29.1(aarch64|ppc64le|s390x|x86_64)0:2.35.3-150300.10.39.1(aarch64|s390x|x86_64)0:1.1.1l-150500.17.28.2(x86_64)0:5.14.21-150500.13.55.1(noarch)0:5.14.21-150500.13.55.1(aarch64|s390x|x86_64)0:5.65-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.11.1(x86_64)0:12-150100.11.15.2(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.8.2(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.83.1(aarch64|ppc64le|s390x|x86_64)0:1.14.4-150300.11.11.1(x86_64)0:1.58.0-150500.6.15.1(aarch64|x86_64)0:550.90.07-150500.11.29.1(aarch64|x86_64)0:550.90.07_k5.14.21_150500.55.65-150500.3.47.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.13.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.59.1(x86_64)0:5.14.21-150500.13.58.1(noarch)0:5.14.21-150500.13.58.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.44.1(aarch64|s390x|x86_64)0:4.9.5-150500.3.12.1(noarch)0:4.9.5-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.31.1(aarch64|ppc64le|s390x|x86_64)0:2.42.12-150400.5.9.1(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.15.1(aarch64|ppc64le|s390x|x86_64)0:1.20.3-150000.3.20.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.68.1(aarch64|x86_64)0:5.14.21-150500.55.68.1.150500.6.31.1(x86_64)0:1.1.1-150500.8.18.1(aarch64|ppc64le|s390x|x86_64)0:1.6-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.15.1(noarch)0:4.9.5-150500.3.15.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.17.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:298-150500.3.6.1(noarch)0:298-150500.3.6.1(ppc64le)0:2.4.22+git0.f8e3218e2-150400.3.19.1(ppc64le)0:2.1-150000.3.5.1(ppc64le)0:2.4.7-150000.5.13.1(x86_64)0:5.14.21-150500.13.61.1(noarch)0:5.14.21-150500.13.61.1(aarch64|ppc64le|s390x|x86_64)0:6.7.0-150000.3.6.1(ppc64le)0:1.1.2-150500.3.2.1(ppc64le)0:1.1.1-150500.3.2.1(ppc64le)0:0.5.2-150400.3.6.1(ppc64le)0:3.44.0-150000.3.23.1(ppc64le)0:1.2.13-150500.4.3.1(ppc64le)0:1.1.16-150400.3.7.1(ppc64le)0:1.6.5-150000.3.33.1(ppc64le)0:4.6.1-150300.3.3.1(ppc64le)0:1.0.0+git20210816.baa09b5-150500.3.3.1(ppc64le)0:2.0.21-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.65.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.65.2(x86_64)0:4.17.4_04-150500.3.33.1(aarch64|ppc64le|s390x|x86_64)0:2.35.3-150300.10.42.1(noarch)0:4.8.1-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150500.3.6.1(x86_64)0:4.17.3_04-150500.3.21.1(aarch64|ppc64le|s390x|x86_64)0:2.24.33-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.24.34-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.4.28-150000.3.6.1(x86_64)0:1.59.0-150500.6.18.1(x86_64)0:1.2.2-150500.8.21.1(aarch64|ppc64le|s390x|x86_64)0:3.101.2-150400.3.48.1(noarch)0:4.8.1-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:9.16.50-150500.8.21.1(noarch)0:9.16.50-150500.8.21.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.34.1(x86_64)0:5.14.21-150500.13.64.1(noarch)0:5.14.21-150500.13.64.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.73.1(aarch64|x86_64)0:5.14.21-150500.55.73.1.150500.6.33.8(aarch64|ppc64le|s390x|x86_64)0:2.13-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.16.1(x86_64)0:4.17.5_02-150500.3.36.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.18.1(noarch)0:7.1.0-150500.49.18.1(x86_64)0:7.1.0-150500.49.18.1(aarch64)0:7.1.0-150500.49.18.1(noarch)0:1.0.0+-150500.49.18.1(ppc64le)0:7.1.0-150500.49.18.1(s390x)0:7.1.0-150500.49.18.1(noarch)0:1.16.0_0_gd239552-150500.49.18.1(noarch)0:8-150500.49.18.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.47.1(noarch)0:20230724-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.14.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.47.1(aarch64|ppc64le|s390x|x86_64)0:25.0.6_ce-150000.207.1(aarch64|ppc64le|s390x|x86_64)0:249.17-150400.8.43.1(x86_64)0:5.14.21-150500.13.67.3(noarch)0:5.14.21-150500.13.67.3(aarch64|ppc64le|s390x|x86_64)0:1.10.1-150400.3.3.2(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.50.1(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.22.1(aarch64|ppc64le|s390x|x86_64)0:1.7.21-150000.117.1(aarch64|ppc64le|s390x|x86_64)0:1.1.14-150000.70.1(x86_64)0:5.14.21-150500.13.70.2(noarch)0:5.14.21-150500.13.70.2(x86_64)0:4.17.5_04-150500.3.39.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.72.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.80.2(aarch64|x86_64)0:5.14.21-150500.55.80.2.150500.6.35.6(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.18.1(noarch)0:4.9.5-150500.3.18.1(aarch64|ppc64le|s390x|x86_64)0:22.3.5-150500.77.5.1(aarch64|ppc64le|x86_64)0:22.3.5-150500.77.5.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.83.1(aarch64|x86_64)0:5.14.21-150500.55.83.1.150500.6.37.1(x86_64)0:5.14.21-150500.13.73.1(noarch)0:5.14.21-150500.13.73.1(aarch64|ppc64le|s390x|x86_64)0:2.2.2-150500.8.5.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.19.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.25.1(noarch)0:4.9.5-150500.3.25.1(aarch64|ppc64le|s390x|x86_64)0:25.1-150500.12.5.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.28.1(noarch)0:4.9.5-150500.3.28.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.37.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.75.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.56.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.24.1(noarch)0:7.1.0-150500.49.24.1(x86_64)0:7.1.0-150500.49.24.1(aarch64)0:7.1.0-150500.49.24.1(noarch)0:1.0.0+-150500.49.24.1(ppc64le)0:7.1.0-150500.49.24.1(s390x)0:7.1.0-150500.49.24.1(noarch)0:1.16.0_0_gd239552-150500.49.24.1(noarch)0:8-150500.49.24.1(x86_64)0:4.17.5_06-150500.3.42.1(x86_64)0:5.14.21-150500.13.76.1(noarch)0:5.14.21-150500.13.76.1(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.25.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.17.1(noarch)0:202208-150500.6.3.1(aarch64)0:1.44.2-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.44.2-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.20.3-150000.3.26.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.78.1(aarch64|ppc64le|s390x|x86_64)0:3.16.3-150000.1.38.1(noarch)0:3.16.3-150000.1.38.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.0-150400.14.6.1(x86_64)0:5.14.21-150500.13.79.1(noarch)0:5.14.21-150500.13.79.1(noarch)0:9.1.0836-150500.20.15.1(aarch64|ppc64le|s390x|x86_64)0:9.1.0836-150500.20.15.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.59.1(aarch64|ppc64le|s390x|x86_64)0:26.1.5_ce-150000.212.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.88.1(aarch64|x86_64)0:5.14.21-150500.55.88.1.150500.6.39.4(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.20.1(x86_64)0:1.1.1-150500.8.9.1(x86_64)0:1.58.0-150500.6.9.1(x86_64)0:5.14.21-150500.13.35.1(aarch64|s390x|x86_64)0:3006.0-150500.4.29.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.49.1(aarch64|x86_64)0:5.14.21-150500.55.49.1.150500.6.21.2(aarch64|s390x|x86_64)0:1.1.1l-150500.17.25.1(aarch64|s390x|x86_64)0:2.10.3-150500.5.14.1(aarch64|ppc64le|s390x|x86_64)0:1.34-150000.3.34.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150500.3.16.1(aarch64|ppc64le|s390x|x86_64)0:23.03.0-150500.3.16.1(aarch64|ppc64le|s390x|x86_64)0:2.10-150500.3.3.1(aarch64|x86_64)0:550.54.14-150500.11.18.1(aarch64|x86_64)0:550.54.14_k5.14.21_150500.55.49-150500.3.36.1(x86_64)0:4.17.3_06-150500.3.24.1(aarch64|s390x|x86_64)0:5.14.21-150500.55.52.1(aarch64|x86_64)0:5.14.21-150500.55.52.1.150500.6.23.1(aarch64|ppc64le|s390x|x86_64)0:1.9.12p1-150500.7.10.1(x86_64)0:5.14.21-150500.13.38.1(noarch)0:5.14.21-150500.13.38.1(aarch64|s390x|x86_64)0:1.20.1-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:20250116.00-150000.1.57.1(aarch64|ppc64le|s390x|x86_64)0:20250115.01-150000.1.47.1(aarch64|ppc64le|s390x|x86_64)0:3.17.2-150000.1.44.1(noarch)0:3.17.2-150000.1.44.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.40.1(noarch)0:4.9.5-150500.3.40.1(aarch64|ppc64le|s390x|x86_64)0:1.14.4-150300.11.22.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.84.1(aarch64|ppc64le|s390x|x86_64)0:27.5.1_ce-150000.218.1(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150500.11.12.2(aarch64|ppc64le|s390x|x86_64)0:1.1.34-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:20250327.01-150000.1.60.1(x86_64)0:5.14.21-150500.13.91.1(noarch)0:5.14.21-150500.13.91.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-150400.3.28.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.100.1(aarch64|x86_64)0:5.14.21-150500.55.100.1.150500.6.47.1(noarch)0:5.14.21-150500.55.100.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.76.1(aarch64|ppc64le|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.22.1(aarch64|ppc64le|s390x|x86_64)0:1.7.27-150000.123.1(aarch64|ppc64le|s390x|x86_64)0:6.15-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150400.3.8.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.26.1(aarch64|ppc64le|s390x|x86_64)0:2.35.3-150300.10.48.1(aarch64|ppc64le|s390x|x86_64)0:3.49.1-150000.3.27.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150500.11.18.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.49.1(aarch64|ppc64le|s390x|x86_64)0:3.17.3-150000.1.47.1(noarch)0:3.17.3-150000.1.47.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.20.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.103.1(aarch64|x86_64)0:5.14.21-150500.55.103.1.150500.6.49.1(noarch)0:5.14.21-150500.55.103.1(x86_64)0:5.14.21-150500.13.94.1(noarch)0:5.14.21-150500.13.94.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:4.5.3-150000.3.10.1(aarch64|ppc64le|s390x|x86_64)0:20221126-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.95.1(x86_64)0:4.17.5_08-150500.3.45.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:12.0.2-150000.3.37.1(aarch64|ppc64le|s390x|x86_64)0:4.3.6.P1-150000.6.22.1(aarch64)0:4.3.6.P1-150000.6.22.1(x86_64)0:5.14.21-150500.13.97.1(noarch)0:5.14.21-150500.13.97.1(aarch64|ppc64le|s390x|x86_64)0:1.2.0-150400.4.5.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.91.1(aarch64|x86_64)0:5.14.21-150500.55.91.1.150500.6.41.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.83.1(aarch64|ppc64le|s390x|x86_64)0:4.6.2-150000.5.8.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.20.1(aarch64|ppc64le|s390x|x86_64)0:0.6.10-150100.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.26-150400.3.5.1(aarch64|x86_64)0:565.57.01-150500.3.70.2(aarch64|x86_64)0:565.57.01_k5.14.21_150500.53-150500.3.70.2(aarch64|x86_64)0:550.144.03_k5.14.21_150500.53-150500.3.70.2(aarch64|ppc64le|s390x|x86_64)0:1.1-150200.3.14.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.43.2(noarch)0:4.9.5-150500.3.43.2(aarch64|ppc64le|s390x|x86_64)0:2.17.0-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.4.3-150200.8.14.1(aarch64|ppc64le|s390x|x86_64)0:3.18.3-150000.1.50.1(noarch)0:3.18.3-150000.1.50.1(x86_64)0:1.2.2-150500.8.24.1(aarch64|ppc64le|s390x|x86_64)0:20250416.02-150000.1.50.1(x86_64)0:1.59.0-150500.6.21.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.110.1(aarch64|x86_64)0:5.14.21-150500.55.110.1.150500.6.51.3(noarch)0:5.14.21-150500.55.110.1(aarch64|ppc64le|s390x|x86_64)0:1.9.12p1-150500.7.13.1(aarch64|ppc64le|s390x|x86_64)0:1.2.6-150000.73.2(noarch)0:9.1.1406-150500.20.27.1(aarch64|ppc64le|s390x|x86_64)0:9.1.1406-150500.20.27.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.113.1(aarch64|x86_64)0:5.14.21-150500.55.113.1.150500.6.53.1(noarch)0:5.14.21-150500.55.113.1(aarch64|ppc64le|s390x|x86_64)0:0.9.8-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:28.2.2_ce-150000.227.1(x86_64)0:5.14.21-150500.13.82.1(noarch)0:5.14.21-150500.13.82.1(aarch64|ppc64le|s390x|x86_64)0:25.1-150500.12.11.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.29.1(x86_64)0:5.14.21-150500.13.100.2(noarch)0:5.14.21-150500.13.100.1(x86_64)0:4.17.5_10-150500.3.50.1(aarch64|ppc64le|s390x|x86_64)0:8.32-150400.9.9.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.23.1(aarch64|ppc64le|s390x|x86_64)0:1.6-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:20221126-150500.3.14.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.55.1(aarch64|ppc64le|s390x|x86_64)0:121-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.66.0-150200.12.7.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.116.1(aarch64|x86_64)0:5.14.21-150500.55.116.1.150500.6.55.1(noarch)0:5.14.21-150500.55.116.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.50.1(aarch64|ppc64le|s390x|x86_64)0:3.50.2-150000.3.33.1(aarch64|ppc64le|s390x|x86_64)0:249.17-150400.8.49.2(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150400.11.6.1(aarch64|ppc64le|s390x|x86_64)0:2.06-150500.29.53.1(noarch)0:2.06-150500.29.53.1(s390x)0:2.06-150500.29.53.1(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.21.1(aarch64|ppc64le|s390x|x86_64)0:1.19.0.4-150000.4.7.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.32.1(aarch64|ppc64le|s390x|x86_64)0:1.9.4-150500.12.3.3(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.97.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.97.2(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.14.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.46.1(noarch)0:4.9.5-150500.3.46.1(aarch64|ppc64le|s390x|x86_64)0:0.2.7+141-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.50.1(x86_64)0:5.14.21-150500.13.103.2(noarch)0:5.14.21-150500.13.103.2(aarch64|ppc64le|s390x|x86_64)0:28.3.3_ce-150000.230.1(aarch64|ppc64le|s390x|x86_64)0:1.6-150000.3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.17.0-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:0.2.8+12-150500.3.8.1(aarch64|ppc64le|s390x|x86_64)0:2.42.12-150400.5.14.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.86.1(aarch64|ppc64le|s390x|x86_64)0:2.9.2-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:20250115.01-150000.1.41.1(aarch64|ppc64le|s390x|x86_64)0:2.43.7-150300.10.51.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.12.1(aarch64|x86_64)0:580.65.06-150500.3.73.7(aarch64|x86_64)0:580.65.06_k5.14.21_150500.55.116-150500.3.73.7(aarch64|x86_64)0:570.172.08_k5.14.21_150500.55.116-150500.3.73.7(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.4.2-150200.8.3.1(aarch64|ppc64le|s390x|x86_64)0:2.0+git20170221.479bb4a-150000.5.13.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.72.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-150400.5.69.1(aarch64|ppc64le|s390x|x86_64)0:1.0.7-150200.3.5.1(aarch64|ppc64le|s390x|x86_64)0:5.65-150500.3.14.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.17.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150400.11.9.1(x86_64)0:5.14.21-150500.13.106.1(noarch)0:5.14.21-150500.13.106.1(noarch)0:9.1.1629-150500.20.33.1(aarch64|ppc64le|s390x|x86_64)0:9.1.1629-150500.20.33.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.23.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.121.2(aarch64|x86_64)0:5.14.21-150500.55.121.2.150500.6.57.2(noarch)0:5.14.21-150500.55.121.2(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.55.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150400.3.20.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.43.1(aarch64|ppc64le|s390x|x86_64)0:0.4.28-150000.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.40.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.20.1(aarch64|ppc64le|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.25.1(aarch64|ppc64le|s390x|x86_64)0:9.16.50-150500.8.24.1(noarch)0:9.16.50-150500.8.24.1(aarch64|ppc64le|s390x|x86_64)0:4.17.12+git.510.0efaadf376b-150500.3.34.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.124.1(aarch64|x86_64)0:5.14.21-150500.55.124.1.150500.6.59.1(noarch)0:5.14.21-150500.55.124.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-150400.3.31.1(aarch64|ppc64le|s390x|x86_64)0:1.20.3-150000.3.29.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.62.1(aarch64|ppc64le|s390x|x86_64)0:3.9.2-150200.4.27.1(x86_64)0:5.14.21-150500.13.109.1(noarch)0:5.14.21-150500.13.109.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.49.1(noarch)0:4.9.5-150500.3.49.1(aarch64|x86_64)0:5.9.0.git21.a73f509-150500.3.3.1(noarch)0:5.9.0.git21.a73f509-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.9.8-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:4.1-150400.21.8.1(x86_64)0:4.17.5_12-150500.3.53.1(aarch64|ppc64le|s390x|x86_64)0:3.112.2-150400.3.60.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.31.1(noarch)0:4.9.5-150500.3.31.1(aarch64|ppc64le|s390x|x86_64)0:1.1.34-150400.3.13.1(aarch64|ppc64le|s390x|x86_64)0:1.4.5-150400.4.9.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.60.1(aarch64|ppc64le|s390x|x86_64)0:1.2.7-150000.80.1(aarch64|ppc64le|s390x|x86_64)0:2.2.27-150300.3.13.1(noarch)0:202208-150500.6.6.1(aarch64|ppc64le|s390x|x86_64)0:1.3.3-150000.85.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.56.2(noarch)0:4.9.5-150500.3.56.2(aarch64|ppc64le|s390x|x86_64)0:0.185-150400.5.8.3(aarch64|ppc64le|s390x|x86_64)0:9.16.50-150500.8.32.1(noarch)0:9.16.50-150500.8.32.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.57.1(x86_64)0:5.14.21-150500.13.112.1(noarch)0:5.14.21-150500.13.112.1(aarch64|ppc64le|s390x|x86_64)0:2.06-150500.29.59.1(noarch)0:2.06-150500.29.59.1(s390x)0:2.06-150500.29.59.1(aarch64|ppc64le|s390x|x86_64)0:2.5.2-150500.10.39.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.59.1(noarch)0:4.9.5-150500.3.59.1(aarch64|ppc64le|s390x|x86_64)0:3.19.1-150000.1.57.1(noarch)0:3.19.1-150000.1.57.1(aarch64|ppc64le|s390x|x86_64)0:1.14.4-150300.11.16.1(aarch64|ppc64le|s390x|x86_64)0:1.7.29-150000.128.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.77.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-150400.5.72.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.80.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.127.1(aarch64|x86_64)0:5.14.21-150500.55.127.1.150500.6.61.1(noarch)0:5.14.21-150500.55.127.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.26.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.100.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.22.1(aarch64|ppc64le|s390x|x86_64)0:2.52.12-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.83.1(aarch64|ppc64le|s390x|x86_64)0:1.6.34-150000.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.19.1-150000.1.59.1(noarch)0:3.19.1-150000.1.59.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.65.1(x86_64)0:4.17.6_02-150500.3.56.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.29.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.130.3(aarch64|x86_64)0:5.14.21-150500.55.130.3.150500.6.63.3(noarch)0:5.14.21-150500.55.130.3(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.53.1(aarch64|x86_64)0:22.11.10-150500.5.10.1(aarch64|x86_64)0:22.11.10_k5.14.21_150500.55.127-150500.5.10.1(aarch64)0:22.11.10-150500.5.10.1(aarch64)0:22.11.10_k5.14.21_150500.55.127-150500.5.10.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.34.2(noarch)0:4.9.5-150500.3.34.2(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.30.1(noarch)0:7.1.0-150500.49.30.1(x86_64)0:7.1.0-150500.49.30.1(aarch64)0:7.1.0-150500.49.30.1(noarch)0:1.0.0+-150500.49.30.1(ppc64le)0:7.1.0-150500.49.30.1(s390x)0:7.1.0-150500.49.30.1(noarch)0:1.16.0_0_gd239552-150500.49.30.1(noarch)0:8-150500.49.30.1(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:4.13-150000.4.11.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.81.1(x86_64)0:5.14.21-150500.13.85.1(noarch)0:5.14.21-150500.13.85.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.92.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.94.1(aarch64|x86_64)0:5.14.21-150500.55.94.1.150500.6.43.1(noarch)0:5.14.21-150500.55.94.1(aarch64|ppc64le|s390x|x86_64)0:2.06-150500.29.43.2(noarch)0:2.06-150500.29.43.2(s390x)0:2.06-150500.29.43.2(aarch64|ppc64le|s390x|x86_64)0:3.17.1-150000.1.41.1(noarch)0:3.17.1-150000.1.41.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.42.1(noarch)0:202208-150500.6.9.1(aarch64|ppc64le|s390x|x86_64)0:20250115.01-150000.1.44.1(aarch64|ppc64le|s390x|x86_64)0:2.90-150400.16.3.1(aarch64|ppc64le|s390x|x86_64)0:0.6.10-150100.3.6.1(noarch)0:9.1.1101-150500.20.21.1(aarch64|ppc64le|s390x|x86_64)0:9.1.1101-150500.20.21.1(aarch64|ppc64le|s390x|x86_64)0:3.3.17-150000.7.42.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150500.3.22.1(aarch64|ppc64le|s390x|x86_64)0:23.03.0-150500.3.22.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.23.1(aarch64|ppc64le|s390x|x86_64)0:1.6.5-150000.3.36.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.47.1(aarch64|ppc64le|s390x|x86_64)0:1.14.4-150300.11.19.1(aarch64|ppc64le|s390x|x86_64)0:27.5.1_ce-150000.215.3(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.37.1(noarch)0:4.9.5-150500.3.37.1(aarch64|ppc64le|s390x|x86_64)0:0.44.0-150400.13.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.97.1(aarch64|x86_64)0:5.14.21-150500.55.97.1.150500.6.45.1(noarch)0:5.14.21-150500.55.97.1(x86_64)0:5.14.21-150500.13.88.1(noarch)0:5.14.21-150500.13.88.1(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.18.1(aarch64|ppc64le|s390x|x86_64)0:2.10.4-150000.4.18.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.141.1(aarch64|x86_64)0:5.14.21-150500.55.141.1.150500.6.69.2(noarch)0:5.14.21-150500.55.141.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.68.2(aarch64|ppc64le|s390x|x86_64)0:249.17-150400.8.55.1(aarch64|ppc64le|s390x|x86_64)0:3.51.3-150000.3.39.1(x86_64)0:5.14.21-150500.13.124.1(noarch)0:5.14.21-150500.13.124.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.109.1(x86_64)0:4.17.6_06-150500.3.62.2(aarch64|ppc64le|s390x|x86_64)0:1.7.29-150000.130.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-150400.3.37.1(aarch64|ppc64le|s390x|x86_64)0:2.37.4-150500.9.20.1(s390x)0:2.37.4-150500.9.20.1(aarch64|ppc64le|s390x|x86_64)0:4.5.3-150000.3.19.1(aarch64|ppc64le|s390x|x86_64)0:1.34-150000.3.37.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.34.1(aarch64|ppc64le|s390x|x86_64)0:2.17.0-150500.3.15.1(aarch64|ppc64le|s390x|x86_64)0:9.16.50-150500.8.35.1(noarch)0:9.16.50-150500.8.35.1(aarch64|ppc64le|s390x|x86_64)0:1.40.0-150200.22.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.51.1(noarch)0:202208-150500.6.12.1(aarch64|ppc64le|s390x|x86_64)0:2.2.27-150300.3.16.1(aarch64|ppc64le|s390x|x86_64)0:4.5.3-150000.3.13.1(aarch64|ppc64le|s390x|x86_64)0:1.0.18-150000.4.11.1(aarch64|ppc64le|s390x|x86_64)0:4.13-150000.4.14.1(aarch64|ppc64le|s390x|x86_64)0:5.9.4-150300.15.21.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.19.1(x86_64)0:5.14.21-150500.13.118.1(noarch)0:5.14.21-150500.13.118.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.103.1(aarch64|ppc64le|s390x|x86_64)0:3.1.7-150500.3.25.1(aarch64|ppc64le|s390x|x86_64)0:23.03.3-150500.3.25.1(x86_64)0:4.17.6_04-150500.3.59.1(noarch)0:20230724-150500.3.15.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.133.1(aarch64|x86_64)0:5.14.21-150500.55.133.1.150500.6.65.1(noarch)0:5.14.21-150500.55.133.1(aarch64|ppc64le|s390x|x86_64)0:3.19.1-150000.1.62.1(noarch)0:3.19.1-150000.1.62.1(x86_64)0:5.14.21-150500.13.115.2(noarch)0:5.14.21-150500.13.115.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.46.1(aarch64|ppc64le|s390x|x86_64)0:1.0.18-150000.4.14.1(aarch64|ppc64le|s390x|x86_64)0:20240116.3-150500.13.10.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.36.2(noarch)0:7.1.0-150500.49.36.2(x86_64)0:7.1.0-150500.49.36.2(aarch64)0:7.1.0-150500.49.36.2(noarch)0:1.0.0+-150500.49.36.2(ppc64le)0:7.1.0-150500.49.36.2(s390x)0:7.1.0-150500.49.36.2(noarch)0:1.16.0_0_gd239552-150500.49.36.2(noarch)0:8-150500.49.36.2(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.35.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150400.3.26.1(aarch64|ppc64le|s390x|x86_64)0:3.51.2-150000.3.36.1(aarch64|x86_64)0:580.126.09-150500.3.85.1(aarch64|x86_64)0:580.126.09_k5.14.21_150500.55.133-150500.3.85.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.34.1(aarch64|ppc64le|s390x|x86_64)0:0.2.8+116-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.136.1(aarch64|x86_64)0:5.14.21-150500.55.136.1.150500.6.67.1(noarch)0:5.14.21-150500.55.136.1(aarch64|ppc64le|s390x|x86_64)0:3.19.1-150000.1.64.1(noarch)0:3.19.1-150000.1.64.1(x86_64)0:5.14.21-150500.13.121.1(noarch)0:5.14.21-150500.13.121.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.26.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-150400.5.77.1(aarch64|ppc64le|s390x|x86_64)0:25.1-150500.12.14.1(s390x)0:3.23.0-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.38.1(aarch64|ppc64le|s390x|x86_64)0:1.10.1-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.26.1(aarch64|ppc64le|s390x|x86_64)0:1.6.34-150000.3.19.1(aarch64|ppc64le|s390x|x86_64)0:4.0.2-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.9.2-150200.4.30.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.106.1(aarch64|ppc64le|s390x|x86_64)0:28.5.1_ce-150000.241.2(aarch64|ppc64le|s390x|x86_64)0:0.29.0-150000.241.2(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.62.2(noarch)0:4.9.5-150500.3.62.2(aarch64|ppc64le|s390x|x86_64)0:2.2.27-150300.3.19.1(aarch64|ppc64le|s390x|x86_64)0:1.2.13-150500.4.6.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0-150500.6.26.1(aarch64|x86_64)0:9.0.0-150500.6.26.1(aarch64|ppc64le|s390x|x86_64)0:1.1.34-150400.3.16.1(aarch64|ppc64le|s390x|x86_64)0:3.112.3-150400.3.63.1(aarch64|ppc64le|s390x|x86_64)0:2.7.1-150400.3.34.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.31.1(aarch64|ppc64le|s390x|x86_64)0:4.5.3-150000.3.16.1(aarch64|ppc64le|s390x|x86_64)0:2.37.4-150500.9.23.1(s390x)0:2.37.4-150500.9.23.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.56.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.39.2(noarch)0:7.1.0-150500.49.39.2(x86_64)0:7.1.0-150500.49.39.2(aarch64)0:7.1.0-150500.49.39.2(noarch)0:1.0.0+-150500.49.39.2(ppc64le)0:7.1.0-150500.49.39.2(s390x)0:7.1.0-150500.49.39.2(noarch)0:1.16.0_0_gd239552-150500.49.39.2(noarch)0:8-150500.49.39.2(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.98.1(noarch)0:9.2.0110-150500.20.43.1(aarch64|ppc64le|s390x|x86_64)0:9.2.0110-150500.20.43.1(aarch64|ppc64le|s390x|x86_64)0:8.14.1-150400.5.80.1(aarch64|ppc64le|s390x|x86_64)0:1.6-150000.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.19.1-150000.1.66.1(noarch)0:3.19.1-150000.1.66.1(aarch64|ppc64le|s390x|x86_64)0:1.3.4-150000.90.1(aarch64|ppc64le|s390x|x86_64)0:28.5.1_ce-150000.243.1(aarch64|ppc64le|s390x|x86_64)0:0.29.0-150000.243.1(aarch64|x86_64)0:7.66.0-4.14.1(aarch64|x86_64)0:4.25.1-3.17.1(x86_64)0:4.13.2_08-3.25.3(aarch64|x86_64)0:2.9-4.29.1(aarch64|x86_64)0:5.3.18-24.61.1(aarch64|x86_64)0:5.3.18-24.61.1.9.26.4(aarch64|x86_64)0:4.2.1-11.16.3(aarch64)0:4.2.1-11.16.3(noarch)0:1.0.0+-11.16.3(noarch)0:1.12.1+-11.16.3(noarch)0:8-11.16.3(x86_64)0:4.2.1-11.16.3(aarch64|x86_64)0:1.8.22-4.18.1(aarch64|x86_64)0:2.5.9-4.17.1(aarch64|x86_64)0:3.4.1-4.15.1(aarch64|x86_64)0:20181225-23.6.1(aarch64|x86_64)0:0.7.8.6-22.14.1(aarch64|x86_64)0:2.1.4-22.14.1(aarch64|x86_64)0:2.9.7-3.31.1(aarch64|x86_64)0:3.6.13-3.81.1(aarch64|x86_64)0:3.6.13-3.81.2(x86_64)0:15.4-3.20.1(aarch64|x86_64)0:5.3.18-24.64.1(aarch64|x86_64)0:5.3.18-24.64.1.9.28.1(aarch64|x86_64)0:1.5.1-4.3.1(x86_64)0:5.3.18-8.7.1(aarch64|x86_64)0:2.04-9.45.2(noarch)0:2.04-9.45.2(aarch64|x86_64)0:1.8.0-3.8.1(aarch64|x86_64)0:2.9.7-3.34.1(aarch64|x86_64)0:1.0.5-3.3.1(aarch64|x86_64)0:1.3.14-5.3.1(aarch64|x86_64)0:7.66.0-4.17.1(aarch64|x86_64)0:1.6.5-3.18.1(noarch)0:1.6.5-3.18.1(aarch64|x86_64)0:1.16.3-3.3.1(aarch64|x86_64)0:1.16.3-4.3.1(aarch64|x86_64)0:15.2.12.83+g528da226523-3.25.1(aarch64|x86_64)0:0.116-3.3.1(noarch)0:1.8.1-5.6.1(aarch64|x86_64)0:5.3.18-24.67.3(aarch64|x86_64)0:5.3.18-24.67.3.9.30.2(aarch64|x86_64)0:4.2.1-11.19.2(aarch64)0:4.2.1-11.19.2(noarch)0:1.0.0+-11.19.2(noarch)0:1.12.1+-11.19.2(noarch)0:8-11.19.2(x86_64)0:4.2.1-11.19.2(aarch64|x86_64)0:1.6.5-3.21.1(noarch)0:1.6.5-3.21.1(x86_64)0:5.3.18-8.10.1(aarch64|x86_64)0:2.9.7-3.37.1(aarch64|x86_64)0:0.14.2-3.6.1(x86_64)0:20210525-7.1(aarch64|x86_64)0:1.4.4-5.32.1(aarch64|x86_64)0:20.10.6_ce-6.49.3(aarch64|x86_64)0:1.0.0~rc93-1.14.2(aarch64|x86_64)0:8.1.2-5.18.1(noarch)0:1.5.0-3.5.1(aarch64|x86_64)0:3002.2-37.1(aarch64|x86_64)0:3.4.1-4.18.1(noarch)0:201911-7.21.1(aarch64|x86_64)0:1.8.2-8.39.1(aarch64|x86_64)0:5.3.6-3.6.1(x86_64)0:5.3.18-8.13.1(aarch64|x86_64)0:4.2.1-11.22.1(aarch64)0:4.2.1-11.22.1(noarch)0:1.0.0+-11.22.1(noarch)0:1.12.1+-11.22.1(noarch)0:8-11.22.1(x86_64)0:4.2.1-11.22.1(aarch64|x86_64)0:1.12.2-8.6.1(aarch64|x86_64)0:3.36.0-3.12.1(aarch64|x86_64)0:5.3.18-24.70.1(aarch64|x86_64)0:5.3.18-24.70.1.9.32.1(x86_64)0:4.12.14-10.49.1(aarch64|x86_64)0:1.4.4-5.36.1(aarch64|x86_64)0:5.3.18-24.75.3(aarch64|x86_64)0:5.3.18-24.75.3.9.34.3(aarch64|x86_64)0:7.66.0-4.22.1(aarch64|x86_64)0:6.0.0-13.16.2(aarch64|x86_64)0:4.2.1-11.25.2(aarch64)0:4.2.1-11.25.2(noarch)0:1.0.0+-11.25.2(noarch)0:1.12.1+-11.25.2(noarch)0:8-11.25.2(x86_64)0:4.2.1-11.25.2(x86_64)0:5.3.18-45.3(x86_64)0:5.3.18-48.1(aarch64|x86_64)0:5.3.18-24.78.1(aarch64|x86_64)0:5.3.18-24.78.1.9.36.1(aarch64|x86_64)0:2.12-3.9.1(aarch64|x86_64)0:4.2.1-11.28.1(aarch64)0:4.2.1-11.28.1(noarch)0:1.0.0+-11.28.1(noarch)0:1.12.1+-11.28.1(noarch)0:8-11.28.1(x86_64)0:4.2.1-11.28.1(aarch64|x86_64)0:1.16.3-3.21.1(x86_64)0:0.6-3.11.1(aarch64|x86_64)0:1.12.2-8.11.2(noarch)0:0.24.0-3.2.1(aarch64|x86_64)0:1.13.2-3.2.5(aarch64|x86_64)0:2.8-10.1(noarch)0:17.5.0-8.3.1(noarch)0:0.4.2-3.2.1(noarch)0:2.17-3.2.1(noarch)0:1.25.10-9.14.1(aarch64|x86_64)0:1.1.1d-11.27.1(x86_64)0:4.13.3_02-3.34.1(aarch64|x86_64)0:1.0.6-150.4.1(aarch64|x86_64)0:1.1.1d-11.30.1(aarch64|x86_64)0:3.68-3.56.1(aarch64|x86_64)0:4.32-3.20.1(aarch64|x86_64)0:0.6.13-3.3.1(x86_64)0:4.13.3_04-3.37.1(x86_64)0:5.3.18-51.2(aarch64|x86_64)0:1.3.14-5.6.1(aarch64|x86_64)0:5.3.18-24.83.2(aarch64|x86_64)0:5.3.18-24.83.2.9.38.3(aarch64|x86_64)0:7.66.0-4.27.1(x86_64)0:5.3.18-54.1(aarch64|x86_64)0:2.26-13.59.1(aarch64|x86_64)0:4.14.1-22.4.1(aarch64|x86_64)0:4.14.1-22.4.2(aarch64|x86_64)0:5.3.18-24.86.2(aarch64|x86_64)0:5.3.18-24.86.2.9.40.2(aarch64|x86_64)0:25-6.10.1(aarch64|x86_64)0:0.931-3.5.1(aarch64|x86_64)0:1.16.3-3.24.1(aarch64|x86_64)0:6.1-5.9.1(aarch64|x86_64)0:1.4.11-56.1(aarch64|x86_64)0:20.10.9_ce-156.1(aarch64|x86_64)0:1.0.2-23.1(aarch64|x86_64)0:2.33.2-4.16.1(aarch64|x86_64)0:8.45-20.10.1(aarch64|x86_64)0:2.86-7.14.1(aarch64|x86_64)0:3002.2-49.2(aarch64|x86_64)0:6.0.0-13.21.1(aarch64|x86_64)0:4.2.1-11.31.3(aarch64)0:4.2.1-11.31.3(noarch)0:1.0.0+-11.31.3(noarch)0:1.12.1+-11.31.3(noarch)0:8-11.31.3(x86_64)0:4.2.1-11.31.3(x86_64)0:5.3.18-57.1(aarch64|x86_64)0:5.3.18-24.93.1(aarch64|x86_64)0:5.3.18-24.93.1.9.42.5(aarch64|x86_64)0:2.26-13.62.1(aarch64|x86_64)0:2.5.9-4.20.1(x86_64)0:4.13.4_02-3.40.1(aarch64|x86_64)0:84.87+git20180409.04c9dae-3.52.1(aarch64|x86_64)0:5.3.18-24.96.1(aarch64|x86_64)0:5.3.18-24.96.1.9.44.1(aarch64|x86_64)0:3.68.1-3.61.1(aarch64|x86_64)0:2.62.4-3.3.1(noarch)0:2.8.0-3.3.1(aarch64|x86_64)0:6.1.2-4.9.1(x86_64)0:5.3.18-62.2(aarch64|x86_64)0:3.6.15-3.91.3(aarch64|x86_64)0:3.6.15-3.91.4(aarch64|x86_64)0:0.23.2-4.13.1(aarch64|x86_64)0:1.0.3-27.1(aarch64|x86_64)0:20181225-23.9.1(noarch)0:20200107-3.23.1(aarch64|x86_64)0:5.3.18-24.52.1(aarch64|x86_64)0:5.3.18-24.52.1.9.24.1(aarch64|x86_64)0:1.1.1d-11.17.1(aarch64|x86_64)0:2.62.6-3.6.1(aarch64|x86_64)0:1.40.0-3.5.1(aarch64|x86_64)0:2.5.8-4.14.1(aarch64|x86_64)0:3.6.7-14.10.2(aarch64|x86_64)0:3.6.13-3.78.1(aarch64|x86_64)0:1.4.4-1.6.1(aarch64|x86_64)0:1.1.1d-11.20.1(aarch64|x86_64)0:1.30-3.6.1(aarch64|x86_64)0:5.3.1-6.10.1(noarch)0:2019.1-6.4.1(noarch)0:2.24.0-6.10.2(aarch64|x86_64)0:3.9.2-4.12.1(aarch64|x86_64)0:3002.2-150200.58.1(aarch64|x86_64)0:1.2.11-150000.3.30.1(aarch64|x86_64)0:0.6.1-4.5.1(aarch64|x86_64)0:0.6.0-4.6.1(aarch64|x86_64)0:3.68.3-150000.3.67.1(aarch64|x86_64)0:0.7.22-150200.12.1(aarch64|x86_64)0:17.30.0-150200.36.1(aarch64|x86_64)0:1.14.52-150200.30.2(noarch)0:1.14.52-150200.30.2(aarch64|x86_64)0:5.2.3-150000.4.7.1(aarch64|x86_64)0:5.3.18-150200.24.112.1(aarch64|x86_64)0:5.3.18-150200.24.112.1.150200.9.52.2(x86_64)0:5.3.18-150200.79.2(x86_64)0:4.13.4_08-150200.3.50.1(aarch64|x86_64)0:2.86-150100.7.20.1(aarch64|x86_64)0:3002.2-150200.64.1(aarch64|x86_64)0:20181225-23.12.1(aarch64|x86_64)0:2.62.6-150200.3.9.1(aarch64|x86_64)0:2.5.9-150000.4.23.1(aarch64|x86_64)0:1.34-150000.3.12.1(aarch64|x86_64)0:1.10-150200.10.1(aarch64|x86_64)0:1.43.8-150000.4.33.1(aarch64|x86_64)0:1.5.11-150000.68.1(aarch64|x86_64)0:20.10.14_ce-150000.163.1(aarch64|x86_64)0:2.2.5-3.9.1(x86_64)0:5.3.18-65.2(aarch64|x86_64)0:0.13-3.3.1(aarch64|x86_64)0:0.116-3.6.1(aarch64|x86_64)0:5.3.18-24.99.1(aarch64|x86_64)0:5.3.18-24.99.1.9.46.1(aarch64|x86_64)0:4.2.1-11.34.2(aarch64)0:4.2.1-11.34.2(noarch)0:1.0.0+-11.34.2(noarch)0:1.12.1+-11.34.2(noarch)0:8-11.34.2(x86_64)0:4.2.1-11.34.2(x86_64)0:5.3.18-68.1(aarch64|x86_64)0:1.4.12-60.1(aarch64|x86_64)0:20.10.12_ce-159.1(aarch64|x86_64)0:5.3.18-24.102.1(aarch64|x86_64)0:5.3.18-24.102.1.9.48.1(aarch64|x86_64)0:6.0.0-13.24.1(x86_64)0:4.13.4_04-3.43.2(aarch64|x86_64)0:0.6.0-4.9.1(aarch64|x86_64)0:2.2.5-3.12.1(aarch64|x86_64)0:0.116-3.9.1(x86_64)0:5.3.18-73.1(x86_64)0:20220207-10.1(x86_64)0:0.6-3.14.1(aarch64|x86_64)0:2.1.26-5.10.1(aarch64|x86_64)0:2.2.5-3.15.1(aarch64|x86_64)0:2.9-4.33.1(aarch64|x86_64)0:3.6.7-14.16.1(aarch64|x86_64)0:1.4.12-63.1(noarch)0:20200107-3.26.1(noarch)0:8.0.1568-5.17.1(aarch64|x86_64)0:8.0.1568-5.17.1(aarch64|x86_64)0:5.3.18-24.107.1(aarch64|x86_64)0:5.3.18-24.107.1.9.50.2(x86_64)0:5.3.18-76.1(aarch64|x86_64)0:8.1p1-5.21.1(aarch64|x86_64)0:2.26-13.65.1(aarch64|x86_64)0:2.2.5-3.19.1(aarch64|x86_64)0:1.10.1-3.9.1(aarch64|x86_64)0:1.1.1d-11.43.1(aarch64|x86_64)0:1.2.11-3.26.10(aarch64|x86_64)0:0.4.7-3.15.1(aarch64|s390x|x86_64)0:1.0.6-150.4.1(aarch64|s390x|x86_64)0:1.1.1d-11.30.1(aarch64|s390x|x86_64)0:0.8.2-3.3.1(aarch64|s390x|x86_64)0:3.68-3.56.1(aarch64|s390x|x86_64)0:4.32-3.20.1(x86_64)0:4.14.2_06-3.12.1(aarch64|s390x|x86_64)0:1.3.14-5.6.1(aarch64|s390x|x86_64)0:5.3.18-59.24.1(aarch64|s390x|x86_64)0:5.3.18-59.24.1.18.12.1(aarch64|s390x|x86_64)0:2.31-9.3.2(aarch64|s390x|x86_64)0:7.66.0-4.27.1(aarch64|s390x|x86_64)0:5.3.18-59.27.1(aarch64|s390x|x86_64)0:5.3.18-59.27.1.18.15.1(aarch64|s390x|x86_64)0:4.14.3-40.1(s390x|x86_64)0:1.16.3-3.24.1(aarch64|s390x|x86_64)0:2.36.2-4.5.1(aarch64|s390x|x86_64)0:6.1-5.9.1(aarch64|s390x|x86_64)0:1.4.11-56.1(aarch64|s390x|x86_64)0:20.10.9_ce-156.1(aarch64|s390x|x86_64)0:1.0.2-23.1(aarch64|s390x|x86_64)0:8.45-20.10.1(aarch64|s390x|x86_64)0:2.86-7.14.1(aarch64|s390x|x86_64)0:3002.2-50.1.15.1(aarch64|s390x|x86_64)0:5.2.0-106.4(aarch64)0:5.2.0-106.4(noarch)0:1.0.0+-106.4(s390x)0:5.2.0-106.4(noarch)0:1.14.0_0_g155821a-106.4(noarch)0:8-106.4(x86_64)0:5.2.0-106.4(aarch64|s390x|x86_64)0:7.1.0-6.8.1(aarch64|x86_64)0:7.1.0-6.8.1(x86_64)0:5.3.18-60.1(aarch64|s390x|x86_64)0:2.2.2-3.3.1(aarch64|s390x|x86_64)0:5.3.18-59.34.1(aarch64|s390x|x86_64)0:5.3.18-59.34.1.18.21.1(aarch64|s390x|x86_64)0:84.87+git20180409.04c9dae-3.52.1(aarch64|s390x|x86_64)0:3.68.1-3.61.1(aarch64|s390x|x86_64)0:5.3.18-59.37.2(aarch64|s390x|x86_64)0:5.3.18-59.37.2.18.23.3(aarch64|s390x|x86_64)0:2.62.4-3.3.1(aarch64|s390x|x86_64)0:6.1.2-4.9.1(aarch64|s390x|x86_64)0:8.4p1-3.6.1(x86_64)0:4.14.3_04-3.15.1(aarch64|s390x|x86_64)0:3.6.15-3.91.3(aarch64|s390x|x86_64)0:3.6.15-3.91.4(aarch64|s390x|x86_64)0:8.4p1-3.9.1(aarch64|s390x|x86_64)0:0.23.2-4.13.1(aarch64|s390x|x86_64)0:1.0.3-27.1(aarch64|s390x|x86_64)0:20181225-23.9.1(x86_64)0:5.3.18-150300.82.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.60.4(aarch64|s390x|x86_64)0:5.3.18-150300.59.60.4.150300.18.37.5(aarch64|s390x|x86_64)0:3.9.2-4.12.1(aarch64|s390x|x86_64)0:3002.2-150300.53.10.1(aarch64|s390x|x86_64)0:1.2.11-150000.3.30.1(noarch)0:20210208-150300.4.7.1(aarch64|s390x|x86_64)0:0.6.1-4.5.1(aarch64|s390x|x86_64)0:3.68.3-150000.3.67.1(aarch64|s390x|x86_64)0:0.19.0-150100.3.16.1(aarch64|s390x|x86_64)0:0.7.22-150200.12.1(aarch64|s390x|x86_64)0:17.30.0-150200.36.1(aarch64|s390x|x86_64)0:1.14.52-150200.30.2(aarch64|s390x|x86_64)0:5.2.3-150000.4.7.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.63.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.63.1.150300.18.39.1(aarch64|s390x|x86_64)0:0.5.3-150300.3.3.1(aarch64|s390x|x86_64)0:2.86-150100.7.20.1(aarch64|s390x|x86_64)0:5.3.18-59.40.1(aarch64|s390x|x86_64)0:5.3.18-59.40.1.18.25.1(aarch64|s390x|x86_64)0:3002.2-150300.53.16.1(x86_64)0:5.3.18-150300.85.1(aarch64|s390x|x86_64)0:20181225-23.12.1(noarch)0:0.9.3-150300.3.6.1(aarch64|s390x|x86_64)0:2.3.7-150300.3.5.1(aarch64|s390x|x86_64)0:4.3.1-150300.2.7.1(aarch64|s390x|x86_64)0:0.16-24.1(x86_64)0:4.14.4_04-150300.3.24.1(aarch64|s390x|x86_64)0:1.34-150000.3.12.1(aarch64|s390x|x86_64)0:7.1.0-150300.6.29.1(aarch64|x86_64)0:7.1.0-150300.6.29.1(aarch64|s390x|x86_64)0:2.4.2-150300.3.15.1(aarch64|s390x|x86_64)0:1.10-150200.10.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.30.1(x86_64)0:5.3.18-150300.88.2(aarch64|s390x|x86_64)0:2.4.46-150200.14.8.1(noarch)0:2.4.46-150200.14.8.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.68.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.68.1.150300.18.41.3(aarch64|s390x|x86_64)0:1.43.8-150000.4.33.1(aarch64|s390x|x86_64)0:1.5.11-150000.68.1(aarch64|s390x|x86_64)0:20.10.14_ce-150000.163.1(x86_64)0:20220510-150200.14.1(aarch64|s390x|x86_64)0:4.3.1-150300.6.2(aarch64|s390x|x86_64)0:2.9.7-150000.3.46.1(aarch64|s390x|x86_64)0:5.2.0-150300.109.2(aarch64)0:5.2.0-150300.109.2(noarch)0:1.0.0+-150300.109.2(s390x)0:5.2.0-150300.109.2(noarch)0:1.14.0_0_g155821a-150300.109.2(noarch)0:8-150300.109.2(x86_64)0:5.2.0-150300.109.2(aarch64|s390x|x86_64)0:2.2.5-3.9.1(aarch64|s390x|x86_64)0:0.13-3.3.1(noarch)0:20210208-150300.4.10.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.33.1(aarch64|s390x|x86_64)0:10.31-150000.3.7.1(aarch64|s390x|x86_64)0:0.116-3.6.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.43.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.43.1.150300.18.27.1(x86_64)0:4.14.5_02-150300.3.29.1(aarch64|s390x|x86_64)0:2.04-150300.3.5.1(noarch)0:2.04-150300.3.5.1(s390x)0:2.04-150300.3.5.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.71.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.71.2.150300.18.43.2(aarch64|s390x|x86_64)0:7.1.0-6.11.1(aarch64|x86_64)0:7.1.0-6.11.1(noarch)0:8.2.5038-150000.5.21.1(aarch64|s390x|x86_64)0:8.2.5038-150000.5.21.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.76.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.76.1.150300.18.45.2(x86_64)0:5.3.18-150300.93.1(aarch64|s390x|x86_64)0:3004-150300.53.24.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.48.1(aarch64|s390x|x86_64)0:5.2.0-150300.115.2(aarch64)0:5.2.0-150300.115.2(noarch)0:1.0.0+-150300.115.2(s390x)0:5.2.0-150300.115.2(noarch)0:1.14.0_0_g155821a-150300.115.2(noarch)0:8-150300.115.2(x86_64)0:5.2.0-150300.115.2(aarch64|s390x|x86_64)0:2.0.30-150300.8.3.1(noarch)0:20210626-150300.8.3.1(aarch64|s390x|x86_64)0:2.5.3-150300.10.5.1(aarch64|s390x|x86_64)0:3.4.4-150300.9.3.2(noarch)0:3.4.4-150300.9.3.2(s390x)0:2.15.1-150300.8.24.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.36.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.51.1(aarch64|s390x|x86_64)0:1.6.6-150000.73.2(aarch64|s390x|x86_64)0:20.10.17_ce-150000.166.1(aarch64|s390x|x86_64)0:1.1.3-150000.30.1(aarch64|s390x|x86_64)0:2.14.0-150300.4.7.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.106.1(aarch64|s390x|x86_64)0:8.45-150000.20.13.1(aarch64|s390x|x86_64)0:0.23.2-150000.4.16.1(x86_64)0:5.3.18-150300.96.1(aarch64|s390x|x86_64)0:3.79-150000.3.74.1(aarch64|s390x|x86_64)0:4.34-150000.3.23.1(aarch64|s390x|x86_64)0:2.2.27-150300.3.5.1(aarch64|s390x|x86_64)0:3.13.0-150000.4.7.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.87.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.87.1.150300.18.50.2(aarch64|s390x|x86_64)0:0.35.2-150000.3.14.1(aarch64|s390x|x86_64)0:2.4.3-150300.3.20.1(x86_64)0:4.14.5_04-150300.3.32.1(aarch64|s390x|x86_64)0:1.22-150300.7.3.1(aarch64|s390x|x86_64)0:0.177-150300.11.3.1(aarch64|x86_64)0:0.4.0-150200.4.6.1(aarch64|s390x|x86_64)0:10.31-150000.3.12.1(aarch64|s390x|x86_64)0:6.1-150000.5.12.1(noarch)0:2.13.6-150300.3.11.2(aarch64|s390x|x86_64)0:2.13.6-150300.3.11.2(aarch64|s390x|x86_64)0:1.19.2-150300.8.3.2(aarch64|s390x|x86_64)0:2.13.6-150300.3.11.1(aarch64|s390x|x86_64)0:2.4.1-150300.3.10.1(aarch64|s390x|x86_64)0:1.16.1-150300.23.17.3(aarch64|s390x|x86_64)0:2.3.3-150300.3.3.2(aarch64|s390x|x86_64)0:1.4.4-150300.3.3.2(aarch64|s390x|x86_64)0:0.11.0-150300.3.3.2(noarch)0:1.10.0-150000.5.9.2(aarch64|s390x|x86_64)0:3.4.7-150300.9.9.2(noarch)0:3.4.7-150300.9.9.2(noarch)0:15-150100.8.17.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.90.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.90.1.150300.18.52.1(x86_64)0:5.3.18-150300.71.1(aarch64|s390x|x86_64)0:3.6.7-150200.14.19.2(x86_64)0:5.3.18-150300.99.1(x86_64)0:12.1.0-150300.19.1(aarch64|s390x|x86_64)0:4.3.1-150300.11.1(aarch64|s390x|x86_64)0:1.2.11-150000.3.33.1(aarch64|s390x|x86_64)0:3.1.3-150000.4.13.1(x86_64)0:20220809-150200.18.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.39.1(aarch64|s390x|x86_64)0:65.1-150200.4.5.1(noarch)0:65.1-150200.4.5.1(aarch64|s390x|x86_64)0:2.1.0-150000.4.3.1(noarch)0:9.0.0313-150000.5.25.1(aarch64|s390x|x86_64)0:9.0.0313-150000.5.25.1(aarch64|s390x|x86_64)0:2.10.4-150000.4.12.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.93.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.93.1.150300.18.54.1(aarch64|s390x|x86_64)0:5.26.1-150300.17.11.1(aarch64|s390x|x86_64)0:2.31-150300.9.12.1(aarch64|s390x|x86_64)0:1.2.6-150300.3.14.1(aarch64|s390x|x86_64)0:6.7.0-150000.3.3.1(x86_64)0:4.14.3_06-150300.3.18.2(aarch64|s390x|x86_64)0:1.4.12-60.1(aarch64|s390x|x86_64)0:20.10.12_ce-159.1(aarch64|s390x|x86_64)0:20181225-150200.23.15.1(aarch64|s390x|x86_64)0:8.1.2-150000.32.5.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.109.1(aarch64|s390x|x86_64)0:2.2.5-150000.3.22.1(aarch64|s390x|x86_64)0:5.2.0-150300.118.3(aarch64)0:5.2.0-150300.118.3(noarch)0:1.0.0+-150300.118.3(s390x)0:5.2.0-150300.118.3(noarch)0:1.14.0_0_g155821a-150300.118.3(noarch)0:8-150300.118.3(x86_64)0:5.2.0-150300.118.3(x86_64)0:4.14.5_06-150300.3.35.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.49.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.49.1.150300.18.31.1(aarch64|s390x|x86_64)0:0.8.5+126+suse.8ce8da5-150300.2.14.1(aarch64|s390x|x86_64)0:7.1.0-150300.6.23.1(aarch64|x86_64)0:7.1.0-150300.6.23.1(aarch64|s390x|x86_64)0:1.42-150300.9.3.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.42.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.98.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.98.1.150300.18.56.3(aarch64|s390x|x86_64)0:1.12.2-150100.8.14.1(x86_64)0:5.3.18-150300.106.1(aarch64|s390x|x86_64)0:3.4.7-150300.9.12.1(noarch)0:3.4.7-150300.9.12.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.51.1(aarch64|s390x|x86_64)0:2.2.5-150000.3.25.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.116.1(x86_64)0:5.3.18-150300.109.1(x86_64)0:4.14.5_08-150300.3.40.1(aarch64|s390x|x86_64)0:2.9.2-150200.13.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.101.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.101.1.150300.18.58.1(aarch64|s390x|x86_64)0:246.16-150300.7.54.1(aarch64|s390x|x86_64)0:1.9.5p2-150300.3.13.1(aarch64|s390x|x86_64)0:0.34.0-150000.7.5.1(aarch64|s390x|x86_64)0:1.19.2-150300.7.7.1(aarch64|s390x|x86_64)0:0.19.0-150100.3.19.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.119.1(aarch64|s390x|x86_64)0:246.16-7.33.1(aarch64|x86_64)0:8.0.1-150300.7.5.1(aarch64|x86_64)0:16.2.9.536+g41a9f9a5573-150300.6.3.1(aarch64|s390x|x86_64)0:2.1.5-150300.8.6.1(x86_64)0:5.3.18-150300.112.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.106.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.106.1.150300.18.60.2(aarch64|s390x|x86_64)0:246.16-150300.7.57.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.45.1(aarch64|s390x|x86_64)0:2.2.5-3.12.1(aarch64|s390x|x86_64)0:0.116-3.9.1(aarch64|s390x|x86_64)0:246.16-150300.7.39.1(x86_64)0:5.3.18-150300.76.1(aarch64|s390x|x86_64)0:2.2.5-3.15.1(aarch64|s390x|x86_64)0:2.9-4.33.1(aarch64|s390x|x86_64)0:3.6.7-14.16.1(aarch64|s390x|x86_64)0:1.4.12-63.1(aarch64|s390x|x86_64)0:2.36.2-150300.4.14.3(aarch64|s390x|x86_64)0:0.4.4+git20220104.962774f-150300.3.6.2(noarch)0:4.8.1-150300.4.3.8(aarch64|s390x|x86_64)0:4.8.1-150300.4.3.8(aarch64|s390x|x86_64)0:2.36.2-150300.4.14.2(aarch64|s390x|x86_64)0:8.0.1568-5.17.1(aarch64|s390x|x86_64)0:2.1.27-150300.4.6.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.54.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.54.1.150300.18.35.3(x86_64)0:5.3.18-150300.79.1(aarch64|s390x|x86_64)0:2.2.5-3.19.1(aarch64|s390x|x86_64)0:1.10.1-3.9.1(aarch64|s390x|x86_64)0:4.1-150300.16.3.1(noarch)0:4.1-150300.16.3.1(aarch64|s390x|x86_64)0:2.31-150300.20.7(aarch64|s390x|x86_64)0:4.4.15-150300.4.2.41(aarch64|s390x|x86_64)0:1.1.1d-11.43.1(aarch64|s390x|x86_64)0:1.2.11-3.26.10(aarch64|s390x|x86_64)0:5.3-3.2.10(aarch64|s390x|x86_64)0:5.2.0-150300.112.4(aarch64)0:5.2.0-150300.112.4(noarch)0:1.0.0+-150300.112.4(s390x)0:5.2.0-150300.112.4(noarch)0:1.14.0_0_g155821a-150300.112.4(noarch)0:8-150300.112.4(x86_64)0:5.2.0-150300.112.4(x86_64)0:4.14.4_02-150300.3.21.1(aarch64|s390x|x86_64)0:0.4.7-3.15.1(aarch64|s390x|x86_64)0:1.9.5p2-150300.3.19.1(aarch64|s390x|x86_64)0:3.79.3-150000.3.90.1(x86_64)0:5.3.18-150300.115.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.109.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.109.1.150300.18.62.1(aarch64|x86_64)0:16.2.11.58+g38d6afd3b78-150300.5.7.1(aarch64|s390x|x86_64)0:2.4.4-150300.3.23.1(aarch64|s390x|x86_64)0:1.9.5p2-150300.3.24.1(x86_64)0:4.14.5_10-150300.3.45.1(aarch64|s390x|x86_64)0:2.04-150300.3.8.1(noarch)0:2.04-150300.3.8.1(s390x)0:2.04-150300.3.8.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.52.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.10.1(aarch64|s390x|x86_64)0:3.3.2-150200.19.1(aarch64|s390x|x86_64)0:2.1.5-150300.8.9.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.62.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.118.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.118.1.150300.18.68.1(aarch64|s390x|x86_64)0:4.4.4-150300.9.20.1(noarch)0:4.4.4-150300.9.20.1(x86_64)0:5.3.18-150300.124.1(aarch64|s390x|x86_64)0:2.86-150100.7.23.1(noarch)0:202008-150300.10.20.1(s390x)0:2.15.1-150300.8.32.1(aarch64|s390x|x86_64)0:1.19.2-150300.10.1(aarch64|s390x|x86_64)0:1.16.1-150300.23.37.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.57.1(noarch)0:4.8.1-150300.4.6.1(aarch64|s390x|x86_64)0:4.8.1-150300.4.6.1(aarch64|s390x|x86_64)0:1.4.4-150000.1.9.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.15.1(noarch)0:16.56.6-150300.3.2.1(x86_64)0:5.3.18-150300.127.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.121.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.121.2.150300.18.70.2(aarch64|x86_64)0:3.2-150100.9.16.1(aarch64|s390x|x86_64)0:2.1.5-150300.8.11.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.57.1(noarch)0:40.5.0-150100.6.6.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.65.1(x86_64)0:5.3.18-150300.130.1(aarch64|s390x|x86_64)0:0.19.0-150100.3.22.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.132.1(s390x|x86_64)0:3.17.2-150300.3.2.3(aarch64|s390x|x86_64)0:3006.0-150300.53.50.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.124.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.124.1.150300.18.72.1(x86_64)0:5.3.18-150300.135.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.127.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.127.1.150300.18.74.1(aarch64|s390x|x86_64)0:1.12.2-150100.8.17.1(aarch64|s390x|x86_64)0:2.26-150000.4.9.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.57.1(aarch64|s390x|x86_64)0:3006.0-150300.53.53.2(aarch64|s390x|x86_64)0:1.1.1d-150200.11.72.1(noarch)0:20210208-150300.4.13.1(aarch64|s390x|x86_64)0:10.31-150000.3.15.1(aarch64|s390x|x86_64)0:4.3.1-150300.9.15.1(noarch)0:4.3.1-150300.9.15.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.75.1(noarch)0:20210208-150300.4.16.1(aarch64|s390x|x86_64)0:1.19.2-150300.13.1(aarch64|s390x|x86_64)0:3.2.3-150000.4.23.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.130.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.130.1.150300.18.76.1(x86_64)0:5.3.18-150300.138.3(aarch64|s390x|x86_64)0:5.2.0-150300.127.3(aarch64)0:5.2.0-150300.127.3(noarch)0:1.0.0+-150300.127.3(s390x)0:5.2.0-150300.127.3(noarch)0:1.14.0_0_g155821a-150300.127.3(noarch)0:8-150300.127.3(x86_64)0:5.2.0-150300.127.3(x86_64)0:4.14.6_02-150300.3.51.1(noarch)0:202008-150300.10.17.1(aarch64|s390x|x86_64)0:0.5.2-150300.3.11.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.133.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.133.1.150300.18.78.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.60.1(x86_64)0:5.3.18-150300.141.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.135.1(aarch64|s390x|x86_64)0:3006.0-150300.53.60.1(x86_64)0:4.14.6_04-150300.3.54.1(noarch)0:4.8.1-150300.4.12.1(aarch64|s390x|x86_64)0:4.8.1-150300.4.12.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.60.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.112.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.112.1.150300.18.64.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.138.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.138.1.150300.18.80.2(aarch64|s390x|x86_64)0:2.1.5-150300.8.14.1(aarch64|s390x|x86_64)0:0.19.0-150100.3.25.1(x86_64)0:5.3.18-150300.144.1(aarch64|s390x|x86_64)0:15.3.17-150300.3.22.1(x86_64)0:4.14.6_06-150300.3.57.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.141.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.141.2.150300.18.82.2(x86_64)0:5.3.18-150300.149.1(aarch64|s390x|x86_64)0:3006.0-150300.53.65.2(aarch64|s390x|x86_64)0:3.79.4-150000.3.93.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.63.1(x86_64)0:4.14.6_08-150300.3.60.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.82.1(noarch)0:20210208-150300.4.19.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.63.1(x86_64)0:5.3.18-150300.152.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.144.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.144.1.150300.18.84.1(aarch64|s390x|x86_64)0:3.3.2-150200.22.1(aarch64|s390x|x86_64)0:3.6.7-150200.14.28.1(x86_64)0:5.3.18-150300.118.1(aarch64|s390x|x86_64)0:3.3.2-150200.16.1(aarch64|s390x|x86_64)0:3.6.7-150200.14.25.2(aarch64|s390x|x86_64)0:1.1.32-150000.3.14.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.124.1(x86_64)0:5.3.18-150300.121.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.115.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.115.2.150300.18.66.1(aarch64|s390x|x86_64)0:5.2.0-150300.121.2(aarch64)0:5.2.0-150300.121.2(noarch)0:1.0.0+-150300.121.2(s390x)0:5.2.0-150300.121.2(noarch)0:1.14.0_0_g155821a-150300.121.2(noarch)0:8-150300.121.2(x86_64)0:5.2.0-150300.121.2(x86_64)0:4.14.5_12-150300.3.48.1(aarch64|s390x|x86_64)0:0.4.7-150100.3.18.1(aarch64|s390x|x86_64)0:1.19.2-150300.16.1(aarch64|s390x|x86_64)0:4.4.4-150300.9.26.2(noarch)0:4.4.4-150300.9.26.2(aarch64|s390x|x86_64)0:7.1.0-150300.6.41.1(aarch64|x86_64)0:7.1.0-150300.6.41.1(x86_64)0:5.3.18-150300.155.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.69.1(x86_64)0:4.14.6_12-150300.3.69.1(aarch64|s390x|x86_64)0:2.36.2-150300.4.41.1(aarch64|s390x|x86_64)0:530-150000.3.6.2(aarch64|s390x|x86_64)0:17.32.2-150200.92.3(aarch64|s390x|x86_64)0:1.14.69-150200.73.7(noarch)0:1.14.69-150200.73.7(x86_64)0:5.3.18-150300.166.1(noarch)0:5.3.18-150300.166.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.158.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.158.1.150300.18.92.5(aarch64|s390x|x86_64)0:5.3.18-150300.59.147.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.147.2.150300.18.86.2(aarch64|s390x|x86_64)0:530-150000.3.9.1(x86_64)0:4.14.6_14-150300.3.72.1(aarch64|s390x|x86_64)0:1.16.1-150300.23.43.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.88.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.161.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.161.1.150300.18.94.1(x86_64)0:5.3.18-150300.169.1(noarch)0:5.3.18-150300.169.1(aarch64|s390x|x86_64)0:0.19.0-150100.3.28.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.147.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.72.1(x86_64)0:5.3.18-150300.172.1(noarch)0:5.3.18-150300.172.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.91.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.31.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.164.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.164.1.150300.18.96.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.18.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.150.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.70.1(aarch64|s390x|x86_64)0:1.19.2-150300.19.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.167.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.167.1.150300.18.98.1(x86_64)0:5.3.18-150300.175.1(noarch)0:5.3.18-150300.175.1(aarch64|s390x|x86_64)0:195.12-150300.10.6.1(noarch)0:195.12-150300.10.6.1(x86_64)0:4.14.6_16-150300.3.75.1(aarch64|s390x|x86_64)0:3.101.1-150000.3.117.1(x86_64)0:4.14.6_10-150300.3.63.1(noarch)0:4.8.1-150300.4.15.1(aarch64|s390x|x86_64)0:4.8.1-150300.4.15.1(noarch)0:4.8.1-150300.4.18.1(aarch64|s390x|x86_64)0:4.8.1-150300.4.18.1(x86_64)0:5.3.18-150300.178.1(noarch)0:5.3.18-150300.178.1(noarch)0:40.5.0-150100.6.9.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.94.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.75.1(noarch)0:20210208-150300.4.22.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.170.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.170.1.150300.18.100.1(aarch64|s390x|x86_64)0:5.2.0-150300.130.1(aarch64)0:5.2.0-150300.130.1(noarch)0:1.0.0+-150300.130.1(s390x)0:5.2.0-150300.130.1(noarch)0:1.14.0_0_g155821a-150300.130.1(noarch)0:8-150300.130.1(x86_64)0:5.2.0-150300.130.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.21.1(x86_64)0:4.14.6_18-150300.3.78.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.34.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.78.1(x86_64)0:5.3.18-150300.181.2(noarch)0:5.3.18-150300.181.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.174.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.174.1.150300.18.103.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.155.2(x86_64)0:5.3.18-150300.184.1(noarch)0:5.3.18-150300.184.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.158.1(x86_64)0:4.14.6_20-150300.3.81.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.161.1(aarch64|s390x|x86_64)0:2.2.5-150000.3.30.1(aarch64|s390x|x86_64)0:1.9.1-150300.3.3.1(aarch64|s390x|x86_64)0:0.19.0-150100.3.31.1(x86_64)0:5.3.18-150300.187.1(noarch)0:5.3.18-150300.187.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.179.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.179.1.150300.18.105.2(aarch64|s390x|x86_64)0:3.6.15-150000.3.164.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.97.1(aarch64|s390x|x86_64)0:2.2.5-150000.3.33.1(x86_64)0:4.14.6_22-150300.3.84.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.24.1(x86_64)0:5.3.18-150300.191.1(noarch)0:5.3.18-150300.191.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.182.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.182.1.150300.18.107.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.167.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.81.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.185.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.185.1.150300.18.109.1(x86_64)0:5.3.18-150300.194.1(noarch)0:5.3.18-150300.194.1(noarch)0:202008-150300.10.23.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.66.1(x86_64)0:5.3.18-150300.158.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.138.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.150.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.150.1.150300.18.88.1(aarch64|s390x|x86_64)0:3006.0-150300.53.70.1(aarch64|s390x|x86_64)0:0.9.8-150200.13.3.1(aarch64|s390x|x86_64)0:3.90.2-150000.3.108.1(aarch64|s390x|x86_64)0:2.12-150000.3.12.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.85.1(aarch64|s390x|x86_64)0:1.9.5p2-150300.3.33.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.141.1(x86_64)0:5.3.18-150300.161.1(noarch)0:5.3.18-150300.161.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.153.2(aarch64|s390x|x86_64)0:5.3.18-150300.59.153.2.150300.18.90.2(aarch64|s390x|x86_64)0:3.6.7-150200.14.31.1(x86_64)0:4.14.6_12-150300.3.66.1(aarch64|s390x|x86_64)0:1.1.32-150000.3.17.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.46.1(noarch)0:2.13.6-150300.3.18.2(aarch64|s390x|x86_64)0:2.13.6-150300.3.18.2(aarch64|s390x|x86_64)0:2.7.1-150000.3.36.1(x86_64)0:5.3.18-150300.205.1(noarch)0:5.3.18-150300.205.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.201.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.201.1.150300.18.120.1(aarch64|s390x|x86_64)0:2.90-150100.7.28.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.79.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.27.1(noarch)0:2.13.6-150300.3.24.1(aarch64|s390x|x86_64)0:2.13.6-150300.3.24.1(aarch64|s390x|x86_64)0:3.2.3-150000.4.33.1(x86_64)0:5.3.18-150300.208.1(noarch)0:5.3.18-150300.208.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.204.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.204.1.150300.18.122.1(noarch)0:40.5.0-150100.6.12.1(aarch64|s390x|x86_64)0:1.0.7-3.3.1(aarch64|s390x|x86_64)0:1.10.1-150000.3.15.1(aarch64|s390x|x86_64)0:s20161105-150000.8.11.1(x86_64)0:4.14.6_24-150300.3.87.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.176.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.30.1(aarch64|s390x|x86_64)0:2.04-150300.3.11.1(noarch)0:2.04-150300.3.11.1(s390x)0:2.04-150300.3.11.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.207.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.207.1.150300.18.124.1(x86_64)0:5.3.18-150300.211.1(noarch)0:5.3.18-150300.211.1(aarch64|s390x|x86_64)0:246.16-150300.7.60.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.188.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.188.1.150300.18.111.1(aarch64|s390x|x86_64)0:2.14.0-150300.4.13.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.179.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.49.2(aarch64|s390x|x86_64)0:1.9.5p2-150300.3.36.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.82.1(aarch64|s390x|x86_64)0:0.9.8-150200.13.9.1(x86_64)0:5.3.18-150300.197.1(noarch)0:5.3.18-150300.197.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.211.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.211.1.150300.18.126.1(x86_64)0:4.14.6_26-150300.3.91.1(x86_64)0:5.3.18-150300.214.1(noarch)0:5.3.18-150300.214.1(aarch64|s390x|x86_64)0:8.32-150300.3.11.1(noarch)0:8.32-150300.3.11.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.182.1(aarch64|s390x|x86_64)0:3006.0-150300.53.94.1(aarch64|s390x|x86_64)0:3.6.7-150200.14.37.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.85.1(aarch64|s390x|x86_64)0:2.04-150300.3.14.2(noarch)0:2.04-150300.3.14.2(s390x)0:2.04-150300.3.14.2(aarch64|s390x|x86_64)0:1.8.2-150100.8.45.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.185.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.185.2(aarch64|s390x|x86_64)0:s20161105-150000.8.14.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.52.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.215.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.215.1.150300.18.128.1(x86_64)0:5.3.18-150300.217.1(noarch)0:5.3.18-150300.217.1(aarch64|s390x|x86_64)0:2.14.0-150300.4.16.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.73.1(aarch64|s390x|x86_64)0:1.19.2-150300.25.1(aarch64|s390x|x86_64)0:8.14.1-150200.4.91.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.218.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.218.1.150300.18.130.1(x86_64)0:5.3.18-150300.220.1(noarch)0:5.3.18-150300.220.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.103.1(aarch64|s390x|x86_64)0:2.14.0-150300.4.10.1(aarch64|s390x|x86_64)0:1.1.32-150000.3.20.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.55.1(aarch64|s390x|x86_64)0:2.7.1-150000.3.39.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.100.1(aarch64|s390x|x86_64)0:1.1.32-150000.3.25.1(x86_64)0:5.3.18-150300.223.1(noarch)0:5.3.18-150300.223.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.221.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.221.1.150300.18.132.1(aarch64|s390x|x86_64)0:7.66.0-150200.4.84.1(aarch64|s390x|x86_64)0:1.1.32-150000.3.28.1(aarch64|s390x|x86_64)0:3.112.2-150000.3.132.1(aarch64|s390x|x86_64)0:0.9.8-150200.13.12.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.63.2(aarch64|s390x|x86_64)0:3.6.15-150000.3.170.1(aarch64|s390x|x86_64)0:5.2.0-150300.135.1(aarch64)0:5.2.0-150300.135.1(noarch)0:1.0.0+-150300.135.1(s390x)0:5.2.0-150300.135.1(noarch)0:1.14.0_0_g155821a-150300.135.1(noarch)0:8-150300.135.1(x86_64)0:5.2.0-150300.135.1(aarch64|s390x|x86_64)0:3.6.7-150200.14.34.1(noarch)0:202008-150300.10.26.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.195.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.195.1.150300.18.116.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.43.1(aarch64|s390x|x86_64)0:1.19.2-150300.22.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.198.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.198.1.150300.18.118.1(x86_64)0:5.3.18-150300.202.1(noarch)0:5.3.18-150300.202.1(aarch64|s390x|x86_64)0:3.6.15-150000.3.173.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.76.1(aarch64|s390x|x86_64)0:3.2.3-150000.4.36.1(aarch64|s390x|x86_64)0:6.9-150100.5.15.1(aarch64|s390x|x86_64)0:1.0.5-150200.3.6.1(aarch64|s390x|x86_64)0:2.2.7-150000.3.32.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.8.1(aarch64|s390x|x86_64)0:2.04-150300.22.20.2(noarch)0:2.04-150300.22.20.2(s390x)0:2.04-150300.22.20.2(aarch64|s390x|x86_64)0:2.14.0-150300.6.7.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.27.1(aarch64|s390x|x86_64)0:4.15.8+git.500.d5910280cc7-150300.3.37.1(aarch64|s390x|x86_64)0:4.0.9-150000.45.11.1(aarch64|s390x|x86_64)0:2.6.4-150200.3.3.1(aarch64|s390x|x86_64)0:6.9-150100.5.18.1(aarch64|s390x|x86_64)0:0.14.3-150300.3.3.1(aarch64|s390x|x86_64)0:2.40.0-150200.3.6.1(aarch64|s390x|x86_64)0:2.40.0-150200.3.9.1(aarch64|s390x|x86_64)0:1.16.3-150200.4.6.2(aarch64|s390x|x86_64)0:4.15.8+git.527.8d0c05d313e-150300.3.40.2(aarch64|s390x|x86_64)0:1.4.4-150200.4.6.1(aarch64|s390x|x86_64)0:2.04-150300.22.25.1(noarch)0:2.04-150300.22.25.1(s390x)0:2.04-150300.22.25.1(aarch64|s390x|x86_64)0:4.15.12+git.535.7750e5c95ef-150300.3.43.1(aarch64|s390x|x86_64)0:2.9.7-3.40.1(aarch64|s390x|x86_64)0:3.6.15-150300.10.21.1(aarch64|s390x|x86_64)0:4.15.13+git.540.fab3b2a46c6-150300.3.46.1(aarch64|s390x|x86_64)0:4.15.13+git.591.ab36624310c-150300.3.49.1(aarch64|s390x|x86_64)0:4.15.13+git.636.53d93c5b9d6-150300.3.52.1(aarch64|s390x|x86_64)0:2.04-150300.22.32.1(noarch)0:2.04-150300.22.32.1(s390x)0:2.04-150300.22.32.1(aarch64|x86_64)0:5.3.18-150300.59.118.1.150300.18.68.1(aarch64|s390x|x86_64)0:2.6.4-150200.3.6.1(aarch64|s390x|x86_64)0:1.18.0-150200.3.3.1(aarch64|s390x|x86_64)0:99~1.18.0-150200.3.3.1(aarch64|s390x|x86_64)0:0.7-150100.3.24.1(aarch64|x86_64)0:5.3.18-150300.59.121.2.150300.18.70.2(noarch)0:16.56.14-150300.3.2.1(aarch64|x86_64)0:5.3.18-150300.59.124.1.150300.18.72.1(aarch64|x86_64)0:5.3.18-150300.59.127.1.150300.18.74.1(aarch64|s390x|x86_64)0:4.15.13+git.663.9c654e06cdb-150300.3.57.5(aarch64|s390x|x86_64)0:2.46.7-150200.3.9.1(aarch64|s390x|x86_64)0:1.16.3-150200.4.9.2(aarch64|x86_64)0:5.3.18-150300.59.130.1.150300.18.76.1(aarch64|x86_64)0:5.3.18-150300.59.133.1.150300.18.78.1(aarch64|x86_64)0:5.3.18-150300.59.138.1.150300.18.80.2(aarch64|s390x|x86_64)0:4.15.13+git.691.3d3cea0641-150300.3.63.1(aarch64|s390x|x86_64)0:2.04-150300.22.43.1(noarch)0:2.04-150300.22.43.1(s390x)0:2.04-150300.22.43.1(aarch64|x86_64)0:5.3.18-150300.59.141.2.150300.18.82.2(aarch64|s390x|x86_64)0:1.0.0+git20210816.baa09b5-150300.3.3.1(aarch64|x86_64)0:5.3.18-150300.59.144.1.150300.18.84.1(aarch64|s390x|x86_64)0:0.7-150100.3.29.1(aarch64|s390x|x86_64)0:0.7-150100.3.32.1(aarch64|x86_64)0:5.3.18-150300.59.158.1.150300.18.92.5(aarch64|x86_64)0:5.3.18-150300.59.147.2.150300.18.86.2(aarch64|s390x|x86_64)0:0.7-150100.3.35.1(aarch64|x86_64)0:5.3.18-150300.59.161.1.150300.18.94.1(aarch64|s390x|x86_64)0:2.40.0-150200.3.12.1(aarch64|s390x|x86_64)0:1.16.3-150200.4.14.2(aarch64|x86_64)0:5.3.18-150300.59.164.1.150300.18.96.1(aarch64|x86_64)0:5.3.18-150300.59.167.1.150300.18.98.1(aarch64|s390x|x86_64)0:251.3-150300.6.3.1(noarch)0:251.3-150300.6.3.1(noarch)0:3.24.20-150200.3.9.1(aarch64|s390x|x86_64)0:3.24.20-150200.3.9.1(aarch64|x86_64)0:5.3.18-150300.59.170.1.150300.18.100.1(aarch64|x86_64)0:5.3.18-150300.59.174.1.150300.18.103.1(aarch64|x86_64)0:5.3.18-150300.59.179.1.150300.18.105.2(aarch64|x86_64)0:5.3.18-150300.59.182.1.150300.18.107.1(aarch64|s390x|x86_64)0:0.7-150100.3.40.1(aarch64|x86_64)0:5.3.18-150300.59.185.1.150300.18.109.1(aarch64|s390x|x86_64)0:1.7.3.2-150000.6.3.1(noarch)0:16.56.14-150300.3.4.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.3.1(aarch64|x86_64)0:5.3.18-150300.59.150.1.150300.18.88.1(aarch64|x86_64)0:5.3.18-150300.59.153.2.150300.18.90.2(aarch64|x86_64)0:5.3.18-150300.59.201.1.150300.18.120.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.6.1(aarch64|x86_64)0:5.3.18-150300.59.204.1.150300.18.122.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.9.1(aarch64|x86_64)0:5.3.18-150300.59.207.1.150300.18.124.1(aarch64|x86_64)0:5.3.18-150300.59.188.1.150300.18.111.1(aarch64|s390x|x86_64)0:1.16.3-150200.4.19.1(aarch64|s390x|x86_64)0:1.16.3-150200.3.6.1(aarch64|s390x|x86_64)0:2.14.0-150300.6.13.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.12.1(aarch64|x86_64)0:5.3.18-150300.59.211.1.150300.18.126.1(aarch64|s390x|x86_64)0:2.04-150300.22.58.1(noarch)0:2.04-150300.22.58.1(s390x)0:2.04-150300.22.58.1(aarch64|s390x|x86_64)0:1.16.0-150200.5.5.1(aarch64|s390x|x86_64)0:20.2.4-150300.59.9.1(aarch64|s390x|x86_64)0:1.16.0-150200.5.8.1(aarch64|x86_64)0:5.3.18-150300.59.215.1.150300.18.128.1(aarch64|s390x|x86_64)0:2.14.0-150300.6.16.1(aarch64|s390x|x86_64)0:2.14.0-150300.6.10.1(aarch64|s390x|x86_64)0:0.7-150100.3.43.1(aarch64|x86_64)0:5.3.18-150300.59.218.1.150300.18.130.1(aarch64|s390x|x86_64)0:2.40.0-150200.3.15.2(aarch64|s390x|x86_64)0:1.16.0-150200.5.11.1(aarch64|x86_64)0:5.3.18-150300.59.221.1.150300.18.132.1(aarch64|s390x|x86_64)0:4.15.13+git.736.b791be993ba-150300.3.96.1(aarch64|x86_64)0:5.9.0.git21.a73f509-150300.3.5.1(noarch)0:5.9.0.git21.a73f509-150300.3.5.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.88.1(x86_64)0:5.3.18-150300.226.1(noarch)0:5.3.18-150300.226.1(aarch64|s390x|x86_64)0:2.04-150300.22.61.1(noarch)0:2.04-150300.22.61.1(s390x)0:2.04-150300.22.61.1(aarch64|s390x|x86_64)0:4.9.5-150300.9.66.1(aarch64|s390x|x86_64)0:8.14.1-150200.4.94.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.33.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.226.2(aarch64|x86_64)0:5.3.18-150300.59.226.2.150300.18.134.2(aarch64|s390x|x86_64)0:1.16.1-150300.23.56.1(aarch64|s390x|x86_64)0:3.6.7-150200.14.40.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.36.1(aarch64|s390x|x86_64)0:3006.0-150300.53.101.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.229.3(aarch64|x86_64)0:5.3.18-150300.59.229.3.150300.18.136.3(aarch64|s390x|x86_64)0:4.9.5-150300.9.69.1(aarch64|s390x|x86_64)0:2.04-150300.22.52.3(noarch)0:2.04-150300.22.52.3(s390x)0:2.04-150300.22.52.3(aarch64|x86_64)0:5.3.18-150300.59.195.1.150300.18.116.1(aarch64)0:2021.01-150300.7.24.1(aarch64|x86_64)0:5.3.18-150300.59.198.1.150300.18.118.1(aarch64|s390x|x86_64)0:3006.0-150300.53.104.1(aarch64|s390x|x86_64)0:2.7.1-150000.3.45.1(aarch64|s390x|x86_64)0:2.36.2-150300.4.50.1(aarch64|s390x|x86_64)0:0.7-150100.3.49.1(aarch64|s390x|x86_64)0:2.14.0-150300.6.19.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.109.1(aarch64|s390x|x86_64)0:251.3-150300.6.9.1(noarch)0:251.3-150300.6.9.1(noarch)0:249.1-150300.5.6.1(noarch)0:0.0.3~git14.ff11a9a-150300.1.9.1(noarch)0:33-150300.6.9.1(aarch64|s390x|x86_64)0:0.7-150100.3.46.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.19.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.39.1(x86_64)0:4.14.6_28-150300.3.94.1(x86_64)0:5.3.18-150300.229.2(noarch)0:5.3.18-150300.229.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.91.1(aarch64|s390x|x86_64)0:1.1.1d-150200.11.106.1(x86_64)0:5.3.18-150300.232.1(noarch)0:5.3.18-150300.232.1(aarch64|s390x|x86_64)0:2.62.6-150200.3.42.1(aarch64|s390x|x86_64)0:5.2.0-150300.142.1(aarch64)0:5.2.0-150300.142.1(noarch)0:1.0.0+-150300.142.1(s390x)0:5.2.0-150300.142.1(noarch)0:1.14.0_0_g155821a-150300.142.1(noarch)0:8-150300.142.1(x86_64)0:5.2.0-150300.142.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.232.1(aarch64|x86_64)0:5.3.18-150300.59.232.1.150300.18.138.1(noarch)0:33-150300.6.6.1(aarch64|s390x|x86_64)0:2.7.1-150000.3.42.1(noarch)0:249.1-150300.5.3.1(aarch64|s390x|x86_64)0:251.3-150300.6.6.1(noarch)0:251.3-150300.6.6.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.24.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.27.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.235.1(aarch64|x86_64)0:5.3.18-150300.59.235.1.150300.18.140.1(x86_64)0:5.3.18-150300.235.1(noarch)0:5.3.18-150300.235.1(aarch64|s390x|x86_64)0:8.14.1-150200.4.97.1(aarch64|s390x|x86_64)0:1.9.1-150300.3.6.1(aarch64|s390x|x86_64)0:0.9.8-150200.13.15.1(aarch64|s390x|x86_64)0:2.9.7-150000.3.94.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.30.1(aarch64|s390x|x86_64)0:3.2.3-150000.4.39.1(aarch64|s390x|x86_64)0:5.2.0-150300.138.1(aarch64)0:5.2.0-150300.138.1(noarch)0:1.0.0+-150300.138.1(s390x)0:5.2.0-150300.138.1(noarch)0:1.14.0_0_g155821a-150300.138.1(noarch)0:8-150300.138.1(x86_64)0:5.2.0-150300.138.1(aarch64|s390x|x86_64)0:3.112.3-150000.3.135.1(aarch64|s390x|x86_64)0:8.14.1-150200.4.100.1(aarch64|s390x|x86_64)0:7.1.0-150300.6.44.1(aarch64|x86_64)0:7.1.0-150300.6.44.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.33.1(aarch64|s390x|x86_64)0:2.68.4-150200.4.36.1(aarch64|s390x|x86_64)0:2.36.2-150300.4.53.1(aarch64|s390x|x86_64)0:8.14.1-150200.4.103.1(aarch64|s390x|x86_64)0:5.3.18-150300.59.238.1(aarch64|x86_64)0:5.3.18-150300.59.238.1.150300.18.142.1(aarch64|s390x|x86_64)0:0.9.8-150200.13.18.1(x86_64)0:5.3.18-150300.238.1(noarch)0:5.3.18-150300.238.1(aarch64|s390x|x86_64)0:2.36.2-150300.4.58.1(aarch64|s390x|x86_64)0:246.16-150300.7.65.1